You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CompTIA CySA+ (CS0-002) Practice Test 12 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CompTIA CySA+ (CS0-002)
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Which of the following utilities could be used to resolve an IP address to a domain name, assuming the address has a PTR record?
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:
Which of the following traffic patterns or data would be MOST concerning to the security analyst?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used to
BEST protect the network in response to this alert? (Choose two.)
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
A computer at a company was used to commit a crime. The system was seized and removed for further analysis. Which of the following is the purpose of labeling cables and connections when seizing the computer system
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
An analyst reviews a recent report of vulnerabilities on a company’s financial application server. Which of the following should the analyst rate as being of the
HIGHEST importance to the company’s environment?
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
A vulnerability analyst needs to identify all systems with unauthorized web servers on the 10.1.1.0/24 network. The analyst uses the following default Nmap scan: nmap “”sV “”p 1-65535 10.1.1.0/24
Which of the following would be the result of running the above command?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
A cybersecurity analyst is hired to review the security measures implemented within the domain controllers of a company. Upon review, the cybersecurity analyst notices a brute force attack can be launched against domain controllers that run on a Windows platform. The first remediation step implemented by the cybersecurity analyst is to make the account passwords more complex. Which of the following is the NEXT remediation step the cybersecurity analyst needs to implement?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
A security analyst is preparing for the company’s upcoming audit. Upon review of the company’s latest vulnerability scan, the security analyst finds the following open issues:
Which of the following vulnerabilities should be prioritized for remediation FIRST?
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
Given the following log snippet:
Which of the following describes the events that have occurred?
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
During a recent audit, there were a lot of findings similar to and including the following:
Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
The Chief Information Security Officer (CISO) asks a security analyst to write a new SIEM search rule to determine if any credit card numbers are being written to log files. The CISO and security analyst suspect the following log snippet contains real customer card data:
Which of the following expressions would find potential credit card numbers in a format that matches the log snippet?
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
Which of the allowing is a best practice with regard to interacting with the media during an incident?
Correct
Incorrect
Unattempted
Question 15 of 65
15. Question
A security analyst was asked to join an outage call for a critical web application. The web middleware support team determined the web server is running and having no trouble processing requests; however, some investigation has revealed firewall denies to the web server that began around 1.00 a.m. that morning. An emergency change was made to enable the access, but management has asked for a root cause determination. Which of the following would be the BEST next step?
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
A security analyst determines that several workstations are reporting traffic usage on port 3389. All workstations are running the latest OS patches according to patch reporting. The help desk manager reports some users are getting logged off of their workstations, and network access is running slower than normal. The analyst believes a zero-day threat has allowed remote attackers to gain access to the workstations. Which of the following are the BEST steps to stop the threat without impacting all services? (Choose two.)
Correct
Incorrect
Unattempted
Question 17 of 65
17. Question
On which of the following organizational resources is the lack of an enabled password or PIN a common vulnerability?
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
The development team currently consists of three developers who each specialize in a specific programming language:
Developer 1 “” C++/C#
Developer 2 “” Python –
Developer 3 “” Assembly –
Which of the following SDLC best practices would be challenging to implement with the current available staff?
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
Policy allows scanning of vulnerabilities during production hours, but production servers have been crashing lately due to unauthorized scans performed by junior technicians. Which of the following is the BEST solution to avoid production server downtime due to these types of scans?
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day.
Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
Company A’s security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:
Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
A security analyst is reviewing packet captures to determine the extent of success during an attacker’s reconnaissance phase following a recent incident.
The following is a hex and ASCII dump of one such packet:
Which of the following BEST describes this packet?
Correct
Incorrect
Unattempted
Question 24 of 65
24. Question
A security operations team was alerted to abnormal DNS activity coming from a user’s machine. The team performed a forensic investigation and discovered a host had been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecure public Internet site. Which of the following BEST describes the attack?
Correct
Incorrect
Unattempted
Question 25 of 65
25. Question
Which of the following is the MOST secure method to perform dynamic analysis of malware that can sense when it is in a virtual environment?
Correct
Incorrect
Unattempted
Question 26 of 65
26. Question
A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Which of the following will reduce the number of false negatives?
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
Given a packet capture of the following scan:
Which of the following should MOST likely be inferred on the scan’s output?
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim’s browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company’s website?
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
After implementing and running an automated patching tool, a security administrator ran a vulnerability scan that reported no missing patches found. Which of the following BEST describes why this tool was used?
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
While reviewing web server logs, a security analyst notices the following code:
Which of the following would prevent this code from performing malicious actions?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premises implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model. Which of the following should be conducted FIRST?
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
Joe, an analyst, has received notice that a vendor who is coming in for a presentation will require access to a server outside the network. Currently, users are only able to access remote sites through a VPN connection. Which of the following should Joe use to BEST accommodate the vendor?
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
A company’s computer was recently infected with ransomware. After encrypting all documents, the malware logs a random AES-128 encryption key and associated unique identifier onto a compromised remote website. A ransomware code snippet is shown below:
Based on the information from the code snippet, which of the following is the BEST way for a cybersecurity professional to monitor for the same malware in the future?
Correct
Incorrect
Unattempted
Question 34 of 65
34. Question
A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outside the company’s headquarters. Which of the following presents the BEST solution to meet this goal?
Correct
Incorrect
Unattempted
Question 35 of 65
35. Question
In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an SQL statement that will provide how long a vulnerability has been present on the network.
Given the following output table:
Which of the following SQL statements would provide the resulted output needed for this correlation?
Correct
Incorrect
Unattempted
Question 36 of 65
36. Question
After an internal audit, it was determined that administrative logins need to use multifactor authentication or a 15-character key with complexity enabled. Which of the following policies should be updates to reflect this change? (Choose two.)
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization’s application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
A security administrator recently deployed a virtual honeynet. The honeynet is not protected by the company’s firewall, while all production networks are protected by a stateful firewall. Which of the following would BEST allow an external penetration tester to determine which one is the honeynet’s network?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value?
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
A logistics company’s vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:
? SQL injection on an infrequently used web server that provides files to vendors
? SSL/TLS not used for a website that contains promotional information
The scan also shows the following vulnerabilities on internal resources:
? Microsoft Office Remote Code Execution on test server for a human resources system
? TLS downgrade vulnerability on a server in a development network
In order of risk, which of the following should be patched FIRST?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be implemented to prevent this incident from reoccurring?
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company’s manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use?
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
A company provides wireless connectivity to the internal network from all physical locations for company-owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company’s network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showing susceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which of the following vulnerability management processes should be implemented?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
Which of the following describes why it is important to include scope within the rules of engagement of a penetration test?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
A cybersecurity analyst develops a regular expression to find data within traffic that will alarm on a hit.
The SIEM alarms on seeing this data in cleartext between the web server and the database server.
Which of the following types of data would the analyst MOST likely to be concerned with, and to which type of data classification does it belong?
Correct
Incorrect
Unattempted
Question 49 of 65
49. Question
An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:
Which of the following commands would have generated the output above?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with which the security analyst should comply?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?
Correct
Incorrect
Unattempted
Question 52 of 65
52. Question
The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) was contacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporation’s quarterly tax returns. Which of the following types of testing would help prevent this from reoccurring?
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
A worm was detected on multiple PCs within the remote office. The security analyst recommended that the remote office be blocked from the corporate network during the incident response. Which of the following processes BEST describes this recommendation?
Correct
Incorrect
Unattempted
Question 54 of 65
54. Question
While conducting research on malicious domains, a threat intelligence analyst received a blue screen of death. The analyst rebooted and received a message stating that the computer had been locked and could only be opened by following the instructions on the screen. Which of the following combinations describes the MOST likely threat and the PRIMARY mitigation for the threat?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
An analyst is reviewing the following log from the company web server:
Which of the following is this an example of?
Correct
Incorrect
Unattempted
Question 56 of 65
56. Question
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:
Based on the output of the scan, which of the following is the BEST answer?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
Which of the following organizations would have to remediate embedded controller vulnerabilities?
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
The following IDS log was discovered by a company’s cybersecurity analyst:
Which of the following was launched against the company based on the IDS log?
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a foreign domain known to have well-funded groups that specifically target the company’s R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes:
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kit with tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?
Correct
Incorrect
Unattempted
Question 61 of 65
61. Question
A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment. Which of the following statements are MOST likely applicable? (Choose two.)
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
A company’s asset management software has been discovering a weekly increase in non-standard software installed on end users’ machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user’s account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?
Correct
Incorrect
Unattempted
Question 64 of 65
64. Question
A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report the applications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day. Which of the following should a security architect recommend to improve the end-user experience without lowering the security posture?
Correct
Incorrect
Unattempted
Question 65 of 65
65. Question
An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has received the following output from the latest scan:
The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap interrogate the ports on the target in more detail. Which of the following commands should the penetration tester use NEXT?
Correct
Incorrect
Unattempted
X
Use Last Page number to navigate to Master Cheat Sheet