최신 CS0-001 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

문제1

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

A. DNS harvesting

B. Service discovery

C. Log review

D. Packet capture

정답: D

문제2

Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturing department?

A. Human resources

B. Legal

C. Board of trustees

D. Marketing

정답: B

문제3

During a tabletop exercise, it is determined that a security analyst is required to ensure patching and scan reports are available during an incident, as well as documentation of all critical systems. To which of the following stakeholders should the analyst provide the reports?

A. Legal

B. Security operations

C. Affected vendors

D. Management

정답: D

문제4

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

A. Crime tape

B. Chain of custody form

C. Write blockers

D. Drive adapters

E. Hashing utilities

F. Drive imager

정답: B,C

문제5

Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:
tftp -I 10.1.1.1 GET fourthquarterreport.xls
Which of the following is the BEST course of action?

A. Implement an ACL on the perimeter firewall to prevent data exfiltration.

B. Continue to monitor the situation using tools to scan for known exploits.

C. Determine if any credit card information is contained on the server containing the financials.

D. Follow the incident response procedure associate with the loss of business critical data.

정답: D

문제6

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?

A. Behavior analysis

B. Business analysis

C. Trend analysis

D. Availability analysis

정답: C

문제7

An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?

A. Vulnerability analysis

B. Risk analysis

C. Behavioral analysis

D. Netflow analysis

정답: D

문제8

Which of the allowing is a best practice with regard to interacting with the media during an incident?

A. Stipulate that incidents are not to be discussed with the media at any time during the incident.

B. Allow any senior management level personnel with knowledge of the incident to discuss it.

C. Release financial information on the impact of damages caused by the incident.

D. Designate a single port of contact and at least one backup for contact with the media.

정답: D

문제9

The following IDS log was discovered by a company's cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

A. Buffer overflow attack

B. Cross-site scripting attack

C. SQL injection attack

D. Online password crack attack

정답: A

문제10

A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists. The analyst uses the following snippet of code:

Which of the following vulnerabilities is the analyst checking for?

A. Buffer overflow

B. Default passwords

C. SQL injection

D. Format string attack

정답: C

문제11

Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).

A. VLANs

B. Physical access restriction

C. Processing power

D. Hard drive capacity

E. Trained operators

F. OS

정답: B,E,F

문제12

An organization wants to perform network scans to Identify active hosts and vulnerabilities. Management places the highest priority on scans that mimic how an attack would progress. Iftime and resources allow, subsequent scans can be performed using different techniques and methods. Which of the following scan types and sequences would BEST suit the organization's requirements?

A. Credentialed scans followed by compliance scans

B. Compliance scans followed by non-credentialed scans

C. Compliance scans followed by credentialed scans

D. Norvcredentialed scans followed by credentialed scans

정답: C

문제13

A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.
Which of the following BEST describes the control being implemented?

A. Defense in depth

B. Audit remediation

C. Multifactor authentication

D. Access control

정답: A

문제14

A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

A. Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic.

B. Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.

C. Put ACLs in place to restrict traffic destined for random or non-default application ports.

D. Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.

정답: B

문제15

A security analyst suspects that a workstation may be beaconing to a command and control server. Inspect the logs from the company's web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
Modify the firewall ACL, using the Firewall ACL form to mitigate the issue.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

정답:

최신 CS0-001 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

우리와 연락하기

유용한 링크

최신 업데이트