CompTIA CySA+CS0-002 – Question170

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations. Which of the following steps in the intelligence cycle is the security analyst performing?

A.
Analysis and production
B. Processing and exploitation
C. Dissemination and evaluation
D. Data collection
E. Planning and direction

Correct Answer: C

CompTIA CySA+CS0-002 – Question169

The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

A.
A Linux-based system and mandatory training on Linux for all BYOD users
B. A firewalled environment for client devices and a secure VDI for BYOD users
C. A standardized anti-malware platform and a unified operating system vendor
D. 802.1X to enforce company policy on BYOD user hardware

Correct Answer: B

CompTIA CySA+CS0-002 – Question168

A financial organization has offices located globally. Per the organization's policies and procedures, all executives who conduct business overseas must have their mobile devices checked for malicious software or evidence of tampering upon their return. The information security department oversees this process, and no executive has had a device compromised. The Chief Information Security Officer wants to implement an additional safeguard to protect the organization's data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

A.
Implement a mobile device wiping solution for use once the device returns home.
B. Install a DLP solution to track data flow.
C. Install an encryption solution on all mobile devices.
D. Train employees to report a lost or stolen laptop to the security department immediately.

Correct Answer: C

CompTIA CySA+CS0-002 – Question167

A cybersecurity analyst needs to harden a server that is currently being used as a web server. The server needs to be accessible when entering www.company.com into the browser. Additionally, web pages require frequent updates, which are performed by a remote contractor. Given the following output:

Which of the following should the cybersecurity analyst recommend to harden the server? (Choose two.)

A.
Uninstall the DNS service
B. Perform a vulnerability scan.
C. Change the server's IP to a private IP address.
D. Disable the Telnet service.
E. Block port 80 with the host-based firewall.
F. Change the SSH port to a non-standard port.

Correct Answer: DF

CompTIA CySA+CS0-002 – Question166

Due to a rise in cyber attackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally. Which of the following countermeasures can BEST prevent the loss of customers' sensitive data?

A.
Implement privileged access management.
B. Implement a risk management process.
C. Implement multifactor authentication.
D. Add more security resources to the environment.

Correct Answer: A

CompTIA CySA+CS0-002 – Question165

During routine monitoring, a security analyst identified the following enterprise network traffic:
Packet capture output:

Which of the following BEST describes what the security analyst observed?

A.
66.187.224.210 set up a DNS hijack with 192.168.12.21.
B. 192.168.12.21 made a TCP connection to 66.187.224.210.
C. 192.168.12.21 made a TCP connection to 209.132.177.50.
D. 209.132.177.50 set up a TCP reset attack to 192.168.12.21.

Correct Answer: C

CompTIA CySA+CS0-002 – Question163

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data.
A threat actor has deployed a virtual machine to attack another virtual machine to gain access to the data.
Through the use of the cloud host's hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability the attacker has used to exploit the system?

A.
Sandbox the virtual machine.
B. Implement an MFA solution.
C. Update to the secure hypervisor version.
D. Implement dedicated hardware for each customer.

Correct Answer: B

CompTIA CySA+CS0-002 – Question162

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

A.
Share details of the security incident with the organization's human resources management team.
B. Note the security incident so other analysts are aware the traffic is malicious.
C. Communicate the security incident to the threat team for further review and analysis.
D. Report the security incident to a manager for inclusion in the daily report.

Correct Answer: C

CompTIA CySA+CS0-002 – Question161

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

A.
Logging and monitoring are not needed in a public cloud environment.
B. Logging and monitoring are done by the data owners.
C. Logging and monitoring duties are specified in the SLA and contract.
D. Logging and monitoring are done by the service provider.

Correct Answer: C