CompTIA CySA+CS0-002 – Question090

A security administrator needs to provide access from partners to an isolated laboratory network inside an organization that meets the following requirements:
The partners' PCs must not connect directly to the laboratory network
The tools the partners need to access while on the laboratory network must be available to all partners
The partners must be able to run analyses on the laboratory network, which may take hours to complete
Which of the following capabilities will MOST likely meet the security objectives of the request?

A.
Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis
B. Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis
C. Deployment of a firewall to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis
D. Deployment of a jump box to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis

Correct Answer: A

CompTIA CySA+CS0-002 – Question089

A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?

A.
Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.
B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.
C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.
D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

Correct Answer: C

CompTIA CySA+CS0-002 – Question088

Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets?

A.
Remote code execution
B. Buffer overflow
C. Unauthenticated commands
D. Certificate spoofing

Correct Answer: A

CompTIA CySA+CS0-002 – Question087

An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production. Several critical servers were recently deployed with the antivirus missing, unnecessary ports disabled, and insufficient password complexity. Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

A.
Perform password-cracking attempts on all devices going into production
B. Perform an Nmap scan on all devices before they are released to production
C. Perform antivirus scans on all devices before they are approved for production
D. Perform automated security controls testing of expected configurations prior to production

Correct Answer: D

CompTIA CySA+CS0-002 – Question086

An organization wants to ensure the privacy of the data that is on its systems. Full disk encryption and DLP are already in use. Which of the following is the BEST option?

A.
Require all remote employees to sign an NDA.
B. Enforce geofencing to limit data accessibility.
C. Require users to change their passwords more frequently.
D. Update the AUP to restrict data sharing.

Correct Answer: A

CompTIA CySA+CS0-002 – Question085

After an incident involving a phishing email, a security analyst reviews the following email access log:

Based on this information, which of the following accounts was MOST likely compromised?

A.
CARLB
B. CINDYP
C. GILLIANO
D. ANDREAD
E. LAURAB

Correct Answer: D

CompTIA CySA+CS0-002 – Question084

Company A is in the process of merging with Company B. As part of the merger, connectivity between the ERP systems must be established so pertinent financial information can be shared between the two entities. Which of the following will establish a more automated approach to secure data transfers between the two entities?

A.
Set up an FTP server that both companies can access and export the required financial data to a folder.
B. Set up a VPN between Company A and Company B, granting access only to the ERPs within the connection.
C. Set up a PKI between Company A and Company B and intermediate shared certificates between the two entities.
D. Create static NATs on each entity's firewalls that map to the ERR systems and use native ERP authentication to allow access.

Correct Answer: B

CompTIA CySA+CS0-002 – Question083

A company frequently experiences issues with credential stuffing attacks. Which of the following is the BEST control to help prevent these attacks from being successful?

A.
SIEM
B. IDS
C. MFA
D. TLS

Correct Answer: C

CompTIA CySA+CS0-002 – Question082

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent similar activity from happening in the future?

A.
An IPS signature modification for the specific IP addresses
B. An IDS signature modification for the specific IP addresses
C. A firewall rule that will block port 80 traffic
D. Implement a web proxy to restrict malicious web content

Correct Answer: C

CompTIA CySA+CS0-002 – Question081

A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

A.
A TXT record on the name server for SPF
B. DNSSEC keys to secure replication
C. Domain Keys Identified Mail
D. A sandbox to check incoming mail

Correct Answer: C