CompTIA CySA+CS0-002 – Question200

A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue?

A.
The malware fileless and exists only in physical memory.
B. The malware detects and prevents its own execution in a virtual environment
C. The antivirus does not have the malware's signature.
D. The malware is being executed with administrative privileges.

Correct Answer: D

CompTIA CySA+CS0-002 – Question199

When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

A.
nmap sA O <system> -noping
B. nmap sT O <system> -Pn
C. nmap sS O <system> -Pn
D. nmap sQ O <system> -Pn

Correct Answer: C

CompTIA CySA+CS0-002 – Question198

A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?

A.
Insider threat
B. Nation-threat
C. Hacktivist
D. Organized crime

Correct Answer: B

CompTIA CySA+CS0-002 – Question197

A security team wants to make SaaS solutions accessible from only the corporate campus. Which of the following would BEST accomplish this goal?

A.
Geotagging
B. IP restrictions
C. Reverse proxy
D. Single sign-on

Correct Answer: A

CompTIA CySA+CS0-002 – Question196

SIMULATION
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The companys hardening guidelines indicate the following:
+ TLS 1.2 is the only version of TLS running
+ Apache 2.4.18 or grater should be used
+ Only default ports should be used
INSTRUCTIONS
Using the supplied data, record the status of compliance with the companys guidelines for each server.
The question contains two parts; make sure you complete Part1 and Part2. Make recommendations for issues based ONLY on the hardening guidelines provided.



Correct Answer: See explanation below.

Explanation:


Explanation:
AppServ1 is only using TLS.1.2 –
AppServ4 is only using TLS.1.2 –
AppServ1 is using Apache 2.4.18 or greater
AppServ3 is using Apache 2.4.18 or greater
AppServ4 is using Apache 2.4.18 or greater
Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48

CompTIA CySA+CS0-002 – Question195

Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?

A.
Encryption
B. Data loss prevention
C. Data masking
D. Digital rights management
E. Access control

Correct Answer: B

CompTIA CySA+CS0-002 – Question194

An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the following should the analyst do FIRST?

A.
Perform threat hunting in other areas of the cloud infrastructure.
B. Contact law enforcement to report the incident.
C. Perform a root cause analysis on the container and the service logs.
D. Isolate the container from production using a predefined policy template.

Correct Answer: D

CompTIA CySA+CS0-002 – Question192

A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture:

Which of the following generated the above output?

A.
A port scan
B. A TLS connection
C. A vulnerability scan
D. A ping sweep

Correct Answer: C

CompTIA CySA+CS0-002 – Question191

Which of the following BEST explains the function of a managerial control?

A.
To help design and implement the security planning, program development, and maintenance of the security life cycle
B. To guide the development of training, education, security awareness programs, and system maintenance
C. To create data classification, risk assessments, security control reviews, and contingency planning
D. To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

Correct Answer: C