You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CompTIA CySA+ (CS0-002) Practice Test 10 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CompTIA CySA+ (CS0-002)
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company’s sensitive financial management application by default. Which of the following is the
BEST course of action?
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
Several users have reported that when attempting to save documents in team folders, the following message is received:
The File Cannot Be Copied or Moved “” Service Unavailable.
Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which of the following is the MOST likely scenario causing these issues?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service. Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?
Which of the following is MOST effective for correlation analysis by log for threat management?
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Choose two.)
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
Which of the following policies BEST explains the purpose of a data ownership policy?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of “password” grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Choose two.)
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Choose three.)
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
Given the following output from a Linux machine:
file2cable “”i eth0 -f file.pcap
Which of the following BEST describes what a security analyst is trying to accomplish?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?
Correct
Incorrect
Unattempted
Question 15 of 65
15. Question
As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following types of testing is being performed?
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.
Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier to implement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve management’s objective?
Correct
Take a CVSS score of 8 High
Divide this by a difficulty score of 2. So its easy to do.
You get a priority of 4
Take a CVSS score of 10 – Critical
Divide this by a difficulty of 8. So its harder to do.
You get a priority of 1.25
So the lower CVSS score actually get higher priority than the high score.
Score range Severity rating
0.0 None
0.1-3.9 Low
4.0-6.9 Medium
7.0-8.9 High
9.0-10.0 Critical
So C is the answer..
Incorrect
Take a CVSS score of 8 High
Divide this by a difficulty score of 2. So its easy to do.
You get a priority of 4
Take a CVSS score of 10 – Critical
Divide this by a difficulty of 8. So its harder to do.
You get a priority of 1.25
So the lower CVSS score actually get higher priority than the high score.
Score range Severity rating
0.0 None
0.1-3.9 Low
4.0-6.9 Medium
7.0-8.9 High
9.0-10.0 Critical
So C is the answer..
Unattempted
Take a CVSS score of 8 High
Divide this by a difficulty score of 2. So its easy to do.
You get a priority of 4
Take a CVSS score of 10 – Critical
Divide this by a difficulty of 8. So its harder to do.
You get a priority of 1.25
So the lower CVSS score actually get higher priority than the high score.
Score range Severity rating
0.0 None
0.1-3.9 Low
4.0-6.9 Medium
7.0-8.9 High
9.0-10.0 Critical
So C is the answer..
Question 17 of 65
17. Question
A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:
Based on the above information, which of the following should the system administrator do? (Choose two.)
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
Which of the following are essential components within the rules of engagement for a penetration test? (Choose two.)
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
Nmap scan results on a set of IP addresses returned one or more lines beginning with “cpe:/o:” followed by a company name, product name, and version. Which of the following would this string help an administrator to identify?
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated “Critical”.
The administrator observed the following about the three servers:
? The servers are not accessible by the Internet
? AV programs indicate the servers have had malware as recently as two weeks ago
? The SIEM shows unusual traffic in the last 20 days
? Integrity validation of system files indicates unauthorized modifications
Which of the following assessments is valid and what is the most appropriate NEXT step? (Choose two.)
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
When reviewing network traffic, a security analyst detects suspicious activity:
Based on the log above, which of the following vulnerability attacks is occurring?
Correct
Incorrect
Unattempted
Question 24 of 65
24. Question
An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali’s latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?
Correct
Incorrect
Unattempted
Question 25 of 65
25. Question
Following a data compromise, a cybersecurity analyst noticed the following executed query:
SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack?
(Choose two.)
A security analyst is conducting traffic analysis and observes an HTTP POST to the company’s main web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
While reviewing proxy logs, the security analyst noticed a suspicious traffic pattern. Several internal hosts were observed communicating with an external IP address over port 80 constantly. An incident was declared, and an investigation was launched. After interviewing the affected users, the analyst determined the activity started right after deploying a new graphic design suite. Based on this information, which of the following actions would be the appropriate NEXT step in the investigation?
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potential impacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is this considered to be?
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
Given the following access log:
Which of the following accurately describes what this log displays?
Correct
Incorrect
Unattempted
Question 34 of 65
34. Question
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:
Which of the following mitigation techniques is MOST effective against the above attack?
Correct
Incorrect
Unattempted
Question 35 of 65
35. Question
An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians.
Which of the following items in a forensic tool kit would likely be used FIRST? (Choose two.)
Correct
Incorrect
Unattempted
Question 36 of 65
36. Question
A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.
Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
A threat intelligence analyst who works for a financial services firm received this report: “There has been an effective waterhole campaign residing at http://www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called “LockMaster” by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector.”
The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Choose two.)
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss?
(Choose three.)
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the information processed by the system with respect to CIA. Which of the following should provide the CIA classification for the information?
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
A malicious user is reviewing the following output:
root:~#ping 192.168.1.137
64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms
64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms
root: ~#
Based on the above output, which of the following is the device between the malicious user and the target?
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
A software development company in the manufacturing sector has just completed the alpha version of its flagship application. The application has been under development for the past three years. The SOC has seen intrusion attempts made by indicators associated with a particular APT. The company has a hot site location for COOP. Which of the following threats would most likely incur the BIGGEST economic impact for the company?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
A cybersecurity analyst is reviewing the following outputs:
Which of the following can the analyst infer from the above output?
Correct
Incorrect
Unattempted
Question 49 of 65
49. Question
A new policy requires the security team to perform web application and OS vulnerability scans. All of the company’s web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company’s web application, while at the same time reducing false positives?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
HOTSPOT –
Malware is suspected on a server in the environment. The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
Instructions:
Servers 1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which hosts this malware.
If any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Hot Area:
Correct
Correct Answer:
Incorrect
Correct Answer:
Unattempted
Correct Answer:
Question 52 of 65
52. Question
An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on the system:
? lsass.exe
? csrss.exe
? wordpad.exe
? notepad.exe
Which of the following tools should the analyst utilize to determine the rogue process?
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancement to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?
A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?
A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?
An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
A technician receives the following security alert from the firewall’s automated system:
After reviewing the alert, which of the following is the BEST analysis?
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
During a review of security controls, an analyst was able to connect to an external, unsecured FTP server from a workstation. The analyst was troubleshooting and reviewed the ACLs of the segment firewall the workstation is connected to:
Based on the ACLs above, which of the following explains why the analyst was able to connect to the FTP server?
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.
The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that support them. Which of the following meets the criteria?
Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturing department?
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor’s laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:
Correct
Incorrect
Unattempted
Question 64 of 65
64. Question
Which of the following is a feature of virtualization that can potentially create a single point of failure?
Correct
Incorrect
Unattempted
Question 65 of 65
65. Question
An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.
Portions of the scan results are shown below:
Which of the following lines indicates information disclosure about the host that needs to be remediated?
Correct
Incorrect
Unattempted
X
Use Page numbers below to navigate to other practice tests