You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CompTIA CySA+ (CS0-002) Practice Test 11 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CompTIA CySA+ (CS0-002)
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to
SYN floods from a small number of IP addresses.
Which of the following would be the BEST action to take to support incident response?
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company’s datacenter:
The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.
Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.
Which of the following actions should the analyst take?
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
A cybersecurity analyst is conducting packet analysis on the following:
Which of the following is occurring in the given packet capture?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to company policy and technical controls.
Which of the following would be the MOST secure control implement?
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
HOTSPOT –
A security analyst performs various types of vulnerability scans.
Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Hot Area:
Correct
Correct Answer:
1. non-credentialed scan – File Print Server: False positive is first bullet point.
2. credentialed scan “” Linux Web Server: No False positives.
3. Compliance scan – Directory Server
Incorrect
Correct Answer:
1. non-credentialed scan – File Print Server: False positive is first bullet point.
2. credentialed scan “” Linux Web Server: No False positives.
3. Compliance scan – Directory Server
Unattempted
Correct Answer:
1. non-credentialed scan – File Print Server: False positive is first bullet point.
2. credentialed scan “” Linux Web Server: No False positives.
3. Compliance scan – Directory Server
Question 12 of 65
12. Question
A Chief Information Security Officer (CISO) wants to standardize the company’s security program so it can be objectively assessed as part of an upcoming audit requested by management.
Which of the following would holistically assist in this effort?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had been compromised. Upon investigating the incident, the cybersecurity analyst found that a brute force attack was launched against the company.
Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
A zero-day crypto-worm is quickly spreading through the internal network on port 25 and exploiting a software vulnerability found within the email servers.
Which of the following countermeasures needs to be implemented as soon as possible to mitigate the worm from continuing to spread?
Correct
Incorrect
Unattempted
Question 15 of 65
15. Question
Scan results identify critical Apache vulnerabilities on a company’s web servers. A security analyst believes many of these results are false positives because the web environment mostly consists of Windows servers.
Which of the following is the BEST method of verifying the scan results?
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
A company has received the results of an external vulnerability scan from its approved scanning vendor. The company is required to remediate these vulnerabilities for clients within 72 hours of acknowledgement of the scan results.
Which of the following contract breaches would result if this remediation is not provided for clients within the time frame?
Correct
Incorrect
Unattempted
Question 17 of 65
17. Question
A Linux-based file encryption malware was recently discovered in the wild. Prior to running the malware on a preconfigured sandbox to analyze its behavior, a security professional executes the following command: umount “”a “”t cifs,nfs
Which of the following is the main reason for executing the above command?
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.
Which of the following BEST describes the control being implemented?
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.
Which of the following should be used to communicate expectations related to the execution of scans?
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:
Which of the following describes the reason why the discovery is failing?
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
A cybersecurity professional wants to determine if a web server is running on a remote host with the IP address 192.168.1.100. Which of the following can be used to perform this task?
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs: tftp “”I 10.1.1.1 GET fourthquarterreport.xls
Which of the following is the BEST course of action?
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
The primary difference in concern between remediating identified vulnerabilities found in general-purpose IT network servers and that of SCADA systems is that:
Correct
Incorrect
Unattempted
Question 24 of 65
24. Question
A security analyst at a small regional bank has received an alert that nation states are attempting to infiltrate financial institutions via phishing campaigns. Which of the following techniques should the analyst recommend as a proactive measure to defend against this type of threat?
Correct
Incorrect
Unattempted
Question 25 of 65
25. Question
A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particular network segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorized access? (Choose two.)
Correct
Incorrect
Unattempted
Question 26 of 65
26. Question
A cybersecurity analyst is reviewing log data and sees the output below:
Which of the following technologies MOST likely generated this log?
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a five-minute sample is included.
Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
During the forensic a phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. The attacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potential remediation?
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
Which of the following is a vulnerability when using Windows as a host OS for virtual machines?
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and the internal perimeter of the environment. During which of the following processes is this type of information normally gathered?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The
PII in question includes the following:
Which of the following would BEST accomplish the task assigned to the analyst?
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
A recently issued audit report highlighted exceptions related to end-user handling of sensitive data and access credentials. A security manager is addressing the findings. Which of the following activities should be implemented?
Correct
Incorrect
Unattempted
Question 34 of 65
34. Question
During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?
Correct
Incorrect
Unattempted
Question 35 of 65
35. Question
A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?
Correct
Incorrect
Unattempted
Question 36 of 65
36. Question
Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristics, these files were quarantined by the host- based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
Which of the following has the GREATEST impact to the data retention policies of an organization?
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization’s workstation devices?
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering the vulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerable application is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code execution to gain privileged access to the system. Which of the following is the BEST course of action to mitigate this threat?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation?
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
A centralized tool for organizing security events and managing their response and resolution is known as:
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensic lab. Which of the following items would be MOST helpful to secure the PC? (Choose three.)
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of the following is the MOST important security control for the manager to invest in to protect the facility?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
A company has implemented WPA2, a 20-character minimum for the WiFi passphrase, and a new WiFi passphrase every 30 days, and has disabled SSID broadcast on all wireless access points. Which of the following is the company trying to mitigate?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memory utilization, and outbound network traffic are consuming the laptop’s resources. Which of the following is the BEST course of actions to resolve the problem?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of the following would be the BEST course of action for the analyst to take?
Correct
Incorrect
Unattempted
Question 49 of 65
49. Question
During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
A security analyst has determined the security team should take action based on the following log:
Which of the following should be used to improve the security posture of the system?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web server that had not been used in over a year and was not regularly patched. After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing. They want to start the process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?
Correct
Incorrect
Unattempted
Question 52 of 65
52. Question
A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data.
Which of the following types of data incurs the highest regulatory constraints?
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?
Correct
Incorrect
Unattempted
Question 54 of 65
54. Question
A newly discovered malware has a known behavior of connecting outbound to an external destination on port 27500 for the purposes of exfiltrating data. The following are four snippets taken from running netstat “”an on separate Windows workstations:
Based on the above information, which of the following is MOST likely to be exposed to this malware?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
An insurance company employs quick-response team drivers that carry corporate-issued mobile devices with the insurance company’s app installed on them.
Devices are configuration-hardened by an MDM and kept up to date. The employees use the app to collect insurance claim information and process payments.
Recently, a number of customers have filed complaints of credit card fraud against the insurance company, which occurred shortly after their payments were processed via the mobile app. The cyber-incident response team has been asked to investigate. Which of the following is MOST likely the cause?
Correct
Incorrect
Unattempted
Question 56 of 65
56. Question
A cybersecurity consultant found common vulnerabilities across the following services used by multiple servers at an organization: VPN, SSH, and HTTPS. Which of the following is the MOST likely reason for the discovered vulnerabilities?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
A recent audit included a vulnerability scan that found critical patches released 60 days prior were not applied to servers in the environment. The infrastructure team was able to isolate the issue and determined it was due to a service being disabled on the server running the automated patch management application.
Which of the following would be the MOST efficient way to avoid similar audit findings in the future?
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
A security analyst performed a review of an organization’s software development life cycle. The analyst reports that the life cycle does not contain a phase in which team members evaluate and provide critical feedback on another developer’s code. Which of the following assessment techniques is BEST for describing the analyst’s report?
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?
Correct
Incorrect
Unattempted
Question 61 of 65
61. Question
Organizational policies require vulnerability remediation on severity 7 or greater within one week. Anything with a severity less than 7 must be remediated within
30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updated to omit the false positive from future scans:
The organization has three Apache web servers:
The results of a recent vulnerability scan are shown below:
The team performs some investigation and finds a statement from Apache:
Which of the following actions should the security team perform?
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
A security analyst is creating ACLs on a perimeter firewall that will deny inbound packets that are from internal addresses, reserved external addresses, and multicast addresses. Which of the following is the analyst attempting to prevent?
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
A server contains baseline images that are deployed to sensitive workstations on a regular basis. The images are evaluated once per month for patching and other fixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?
Correct
Incorrect
Unattempted
Question 64 of 65
64. Question
A security analyst notices PII has been copied from the customer database to an anonymous FTP server in the DMZ. Firewall logs indicate the customer database has not been accessed from anonymous FTP server. Which of the following departments should make a decision about pursuing further investigation? (Choose two.)
Correct
Incorrect
Unattempted
Question 65 of 65
65. Question
A security analyst received several service tickets reporting that a company storefront website is not accessible by internal domain users. However, external users are accessing the website without issue. Which of the following is the MOST likely reason for this behavior?
Correct
Incorrect
Unattempted
X
Use Page numbers below to navigate to other practice tests