최신 CS0-003 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

문제1

Which of the following would an organization use to develop a business continuity plan?

A. A configuration management database in print at an off-site location

B. A repository for all the software used by the organization

C. A diagram of all systems and interdependent applications

D. A prioritized list of critical systems defined by executive leadership

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason the firewall feed stopped working?

A. The firewall was using a paid feed.

B. The firewall certificate expired.

C. The firewall failed open.

D. The firewall service account was locked out.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire company. The link resulted in a malware download, which was subsequently installed and run.
INSTRUCTIONS
Part 1
Review the artifacts associated with the security incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.
Part 2
Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used.

Firewall log:

File integrity Monitoring Report:

Malware domain list:

Vulnerability Scan Report:

Phishing Email:

정답:

문제4

A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:
[+] XSS: In form input 'txtSearch' with action https://localhost/search.aspx
[-] XSS: Analyzing response #1...
[-] XSS: Analyzing response #2...
[-] XSS: Analyzing response #3...
[+] XSS: Response is tainted. Looking for proof of the vulnerability.
Which of the following is the most likely reason for this vulnerability?

A. The developer did not set proper cross-site scripting protections in the header.

B. The developer set input validation protection on the specific field of search.aspx.

C. The developer did not implement default protections in the web application build.

D. The developer did not set proper cross-site request forgery protections.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제5

An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?

A. Make a copy of the files as a backup on the server.

B. Disable the user's network account and access to web resources

C. Place a legal hold on the device and the user's network share.

D. Make a forensic image of the device and create a SRA-I hash.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?

A. STIX/TAXII

B. APIs

C. Data enrichment

D. Threat feed

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제7

A list of loCs released by a government security organization contains the SHA-256 hash for a Microsoft- signed legitimate binary, svchost. exe. Which of the following best describes the result if security teams add this indicator to their detection signatures?

A. Security teams would detect rogue svchost. exe processesintheirenvironment.

B. This indicator would fire on the majority of Windows devices.

C. Security teams would detect event entries detailing executionofknown-malicioussvchost. exe processes.

D. Malicious files with a matching hash would be detected.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration.
INSTRUCTIONS
Select the command that generated the output in tabs 1 and 2.
Review the output text in all tabs and identify the file responsible for the malicious behavior.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

정답:

Explanation:
Select the command that generated the output in tab 1:
* netstat -bo
Select the command that generated the output in tab 2:
* tasklist
Identify the file responsible for the malicious behavior:
* cmd.exe
Select the command that generated the output in tab 1: The output in tab 1 displays active network connections, which can be generated using the netstat command with options to display the owning process ID.
Select the command that generated the output in tab 1:
* netstat -bo
Select the command that generated the output in tab 2: The output in tab 2 lists the running processes with their PIDs and memory usage, which can be generated using the tasklist command.
Select the command that generated the output in tab 2:
* tasklist
Identify the file responsible for the malicious behavior: To identify the malicious file, we compare the hashes of the current files against the baseline hashes. From the provided data:
* The hash for cmd.exe in the current state (tab 3) is 372ab227fd5ea779c211a1451881d1e1.
* The baseline hash for cmd.exe (tab 4) is a2cdef1c445d3890cc3456789058cd21.
Since these hashes do not match, cmd.exe is the file responsible for the malicious behavior.

문제9

An analyst is trying to capture anomalous traffic from a compromised host. Which of the following are the best tools for achieving this objective? (Select two).

A. Wireshark

B. Vulnerability scanner

C. SIEM

D. tcpdump

E. Nmap

F. SOAR

정답: A,D

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?

A. Legal department

B. Law enforcement

C. Help desk

D. Board member

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Which of the following is the most appropriate action a security analyst to take to effectively identify the most security risks associated with a locally hosted server?

A. Contract an external penetration tester to attempt a brute-force attack.

B. Download a vendor support agent to validate drivers that are installed.

C. Execute a vulnerability scan against the target host.

D. Run the operating system update tool to apply patches that are missing.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Which of the following best describes the key goal of the containment stage of an incident response process?

A. To limit further damage from occurring

B. To get services back up and running

C. To prevent data follow-on actions by adversary exfiltration

D. To communicate goals and objectives of theincidentresponse plan

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제13

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

A. Disable the cross-origin resource sharing header.

B. Configure an Access-Control-Allow-Origin header to authorized domains.

C. Block requests without an X-Frame-Options header.

D. Set an Http Only flag to force communication by HTTPS.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제14

Which of the following would eliminate the need for different passwords for a variety or internal application?

A. CASB

B. SSO

C. PAM

D. MFA

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

최신 CS0-003 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

우리와 연락하기

유용한 링크

최신 업데이트