CompTIA CySA+ CS0-002 Practice Questions

0.0(0)
studied byStudied by 5 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/111

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

112 Terms

1
New cards
A cybersecurity analyst receives a phone call from an unknown person with the number blocked on the caller ID. After starting conversation, the caller begins to request sensitive information. Which of the following techniques is being applied?A. Social engineeringB. PhishingC. ImpersonationD. War dialing
A
2
New cards
Which of the following is the main benefit of sharing incident details with partner organizations or external trusted parties during the incident response process?A. It facilitates releasing incident results, findings and resolution to the media and all appropriate government agenciesB. It shortens the incident life cycle by allowing others to document incident details and prepare reports.C. It enhances the response process, as others may be able to recognize the observed behavior and provide valuable insight.D. It allows the security analyst to defer incident-handling activities until all parties agree on how to proceed with analysis.
C
3
New cards
The security analyst determined that an email containing a malicious attachment was sent to several employees within the company, and it was not stopped by any of the email filtering devices. An incident was declared. During the investigation, it was determined that most users deleted the email, but one specific user executed the attachment. Based on the details gathered, which of the following actions should the security analyst perform NEXT?A. Obtain a copy of the email with the malicious attachment. Execute the file on another user's machine and observe the behavior. Document all findings.B. Acquire a full backup of the affected machine. Reimage the machine and then restore from the full backup.C. Take the affected machine off the network. Review local event logs looking for activity and processes related to unknown or unauthorized software.D. Take possession of the machine. Apply the latest OS updates and firmware. Discuss the problem with the user and return the machine.
C
4
New cards
Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation?A. stringsB. sha1sumC. fileD. ddE. gzip
B
5
New cards
Given the following logs:Aug 18 11:00:57 comptia sshd[5657]: Failed password for root from 10.10.10.192 port 38980 ssh2Aug 18 23:08:26 comptia sshd[5768]: Failed password for root from 18.70.0.160 port 38156 ssh2Aug 18 23:08:30 comptia sshd[5770]: Failed password for admin from 18.70.0.160 port 38556 ssh2Aug 18 23:08:34 comptia sshd[5772]: Failed password for invalid user asterisk from 18.70.0.160 port 38864 ssh2Aug 18 23:08:38 comptia sshd[5774]: Failed password for invalid user sjobeck from 10.10.1.16 port 39157 ssh2Aug 18 23:08:42 comptia sshd[5776]: Failed password for root from 18.70.0.160 port 39467 ssh2
Which of the following can be suspected?A. An unauthorized user is trying to gain access from 10.10.10.192.B. An authorized user is trying to gain access from 10.10.10.192.C. An authorized user is trying to gain access from 18.70.0.160.D. An unauthorized user is trying to gain access from 18.70.0.160.
D
6
New cards
A security analyst has been asked to review permissions on accounts within Active Directory to determine if they are appropriate to the user's role. During this process, the analyst notices that a user from building maintenance is part of the Domain Admin group. Which of the following does this indicate?A. Cross-site scriptingB. Session hijackC. Privilege escalationD. Rootkit
C
7
New cards
In the last six months, a company is seeing an increase in credential-harvesting attacks. The latest victim was the chief executive officer (CEO). Which of the following countermeasures will render the attack ineffective?A. Use a complex password according to the company policy.B. Implement an intrusion-prevention system.C. Isolate the CEO's computer in a higher security zone.D. Implement multifactor authentication.
D
8
New cards
After a security breach, it was discovered that the attacker had gained access to the network by using a brute-force attack against a service account with a password that was set to not expire, even though the account had a long, complex password. Which of the following could be used to prevent similar attacks from being successful in the future?A. Complex password policiesB. Account lockoutC. Self-service password reset portalD. Scheduled vulnerability scans
B
9
New cards
A security analyst wants to capture data flowing in and out of a network. Which of the following would MOST likely assist in achieving this goal?A. Taking a screenshot.B. Analyzing network traffic and logs.C. Analyzing big data metadata.D. Capturing system image.
B
10
New cards
There are reports that hackers are using home thermostats to ping a national service provider without the provider's knowledge. Which of the following attacks is occurring from these devices?A. IoTB. DDoSC. MITMD. MIMO
B
11
New cards
Which of the following is the purpose of a SIEM solution?A. To provide real-time security analysis and alerts generated within the security system.B. To provide occasional updates on global security breachesC. To act as an attack vectorD. To act as an intrusion prevention system
A
12
New cards
An actor with little to no knowledge of the tools they use to carry out an attack is known as which of the following?A. White hatB. Black hatC. Attack vectorD. Script kiddie
D
13
New cards
Which one of the following does NOT accurately portray the attributes of an Advanced Persistent Threat (APT) attack?A. They often exploit unknown vulnerabilitiesB. They typically use freely available attacking tools to cut down on costs.C. They target large or government organizationD. They use sophisticated means to gain access to highly valued resources
B
14
New cards
Which of the following are the Security intelligence data elements that assure quality of the data? (Choose three)A. AccuracyB. ProprietaryC. RelevanceD. Timeliness
ACD
15
New cards
The process of combing through collected data to gather relevant and accurate intelligence data is referred to as \_____ according to the intelligence cycle.A. CollectionB. DisseminationC. FeedbackD. Analysis
D
16
New cards
Which of the following ports would you close if your sever does not host any DNS services?A. 22B. 53C. 443D. 80
B
17
New cards
The Security team advises that there's a server running a legacy software supported by some of the applications within the organization. Upon review, management realizes the potential loss from the risk isn't great enough to warrant spending money to avoid it. This form of response is known as which of the following?A. Compensation ControlB. Risk acceptanceC. Risk avoidanceD. Remediation
B
18
New cards
A critical vulnerability is between which range on CVSS?A. 4.0-7.0B. 3.9-5.0C. 0.0-10.0D. 9.0-10.0
D
19
New cards
An attacker collects information about a target from sources such as LinkedIn, Twitter, and the target's website. This form of reconnaissance is known as which of the following?A. Active reconnaissanceB. Passive reconnaissanceC. Native reconnaissanceD. None of the above options
B
20
New cards
When defining a scope to scan, which of the following should you use? (Choose two)A. An IP rangeB. A gatewayC. A single IPD. A subnet mask only
AC
21
New cards
Which of the following is NOT a factor that can inhibit remediation?A. Legacy SystemsB. SLAC. MOUD. Employment Contract
D
22
New cards
Which of the following will define a scope to scan? Choose two.A. 192.168.10.1B. 192.168.88.1/24C. 127.0.0.1D. 169.254.10.1
AB
23
New cards
Your company is requesting you to assess the extent to which a client's data was compromised in an incident. What analysis are you required to perform?A. MOUB. IIAC. SLAD. PII
B
24
New cards
Which of the following would be used to de-authenticate devices connected to a wireless access point?A. -0B. -cC. 5D. -a
A
25
New cards
To prevent memory compromise and subsequent overflow attacks in operating systems, which OS feature must be available?A. UEFIB. Boot SecurityC. HIPSD. ASLR
D
26
New cards
Which firewall option would allow an administrator to permit an application into an organization's network?A. WhitelistingB. FilteringC. Port SecurityD. Blacklisting
A
27
New cards
The command "Mac Address Sticky" uses physical addresses to restrict and provide network access to the device. True or false?
T
28
New cards
Which of the following is a threat associated with operating in the cloud?A. Unsecure-Wi-FiB. Malicious insiderC. BluejackingD. Evil Twin
B
29
New cards
Which of the following practices are likely to put corporate systems at risk?A. CIAB. PatchingC. MDMD. BYOD
D
30
New cards
A unique feature of a hybrid cloud is the combination of a private and public cloud. True or false?
T
31
New cards
Which mobile security standard allows an organization to manage mobile devices?A. MDMB. BYODC. SSHD. CAN bus
A
32
New cards
Which of the following are fundamentals of MFA? (Choose three)A. Something you have, such a one time pinB. Something you know, such as a passwordC. Something you do, such as a sportD. Something you are, such as biometrics
ABD
33
New cards
In which of the following can the attacker use ARP Poisoning to compromise systems?A. LANB. BluetoothC. WAND. None of the above
A
34
New cards
Locking is an effective mitigative measure again race condition attacks. True or false?
T
35
New cards
You are informed that the recently hired junior accountant within your organization has had her device compromised after clicking on a link within an email that was seemingly sent from the head of accounting department. What type of attack would the junior accountant been a victim of?A. Phishing attackB. SQL InjectionC. DDOS attackD. MITM attack
A
36
New cards
Which security concerns are more easily implemented in the cloud? (Choose three)A. Data localityB. Physical securityC. CustomizationD. Regulatory complianceE. API access
BDE
37
New cards
A Cloud Access Security Broker is a piece of software that does which of the following?A. Introduces new vulnerabilitiesB. Prices cloud servicesC. Sits between your Cloud and on-premises deploymentsD. Reduces security complexity
C
38
New cards
Hardware IDs (such as serial numbers) are often tagged onto assets by which method?A. A handwritten logB. They're notC. A physical tag or stickerD. An external database
C
39
New cards
Good change management includes which of the following features? (Choose three)A. Change identificationB. Regulatory reportingC. Life-cycle trackingD. ReviewE. A shared spreadsheet
ACD
40
New cards
Network segmentation can mitigate the risk of a vulnerability spreading beyond its initial attack vector. True or false?
T
41
New cards
Which architecture represents a cloud deployment that's isolated from other public users of that same cloud infrastructure?A. FirewallB. Virtual private clouds (VPC)C. Serverless computingD. Software-defined networking (SDN)
B
42
New cards
Server virtualization introduces security vulnerabilities by sharing underlying hardware with other virtual machines. True or false?
F
43
New cards
Which feature of a system is shared by all containers running on that system?A. Memory spaceB. Disk spaceC. Operating system kernelD. Network ports
C
44
New cards
Which important access control feature is used by both RBAC and ABAC?A. Permissions assigned to rolesB. Permissions assigned directly to usersC. Principle of Least PrivilegeD. Permissions derived from attributes
C
45
New cards
Account credentials should be encrypted both in-transit and at-rest by default. True or false?
T
46
New cards
A username and password authentication scheme is considered "Multi-Factor Authentication" because the username and password represent the two different factors. True or false?
F
47
New cards
A Honeypot has which of the following features? (Choose three)A. Excludes any sensitive dataB. An easy targetC. Isolated from secure systemsD. Automatically blocks known attack vectors
ABC
48
New cards
Documentation for software assurance come in which forms?A. Standard Operating Procedures and Information Assurance PlansB. Regulatory OversightC. Stackoverflow QueriesD. Continuous Integration / Continuous Deployment
A
49
New cards
Challenges for assuring mobile software include which of the following? (Choose three)A. Device AestheticsB. ConnectivityC. Physical SizeD. Limited ResourcesE. User Education
BCD
50
New cards
Web applications are often exposed over the public internet and this introduces additional security concerns. True or false?
T
51
New cards
Which trait is mostly unique to firmware?A. Publicly availableB. Deployed on the WebC. Easily assuredD. Tight coupling to the hardware
D
52
New cards
Which stage of the SDLC should Software Assurance be introduced at?A. Every stageB. DesignC. TestingD. Deployment
A
53
New cards
DevSecOps means integrating security assurance into the entire DevOps process and pipeline. True or false?
T
54
New cards
Which testing is the most discrete form of testing and often automated as part of a CI/CD pipeline?A. Unit TestingB. Integration TestingC. User Acceptance TestingD. Penetration Testing
A
55
New cards
You should classify all data input sources as which of the following?A. Trusted or UntrustedB. Public or PrivateC. High or LowD. Internal or External
A
56
New cards
Secure credentials are stored in which form?A. With two-way encryptionB. They're never storedC. Plain textD. Salted and Hashed
D
57
New cards
SAST tools can review your code while it's executing to identify flaws or vulnerabilities. True or false?
F
58
New cards
Pros of dynamic analysis tools include which of the following? (Choose three)A. Provides a real-use viewB. Are simple to configure and useC. Have a limited variety in optionsD. Captures information at a discrete levelE. Identifies distinct flaws from SAST
ADE
59
New cards
SAML relies on which format for data transfer?A. XMLB. Speech-to-TextC. CSVD. JSON
A
60
New cards
Which type of Root of Trust is hardwired into the PCB or system board of a system?A. USB DongleB. Certificate AuthorityC. TPMD. HSM
C
61
New cards
An eFuse bit can only be written to a single time. True or false?
T
62
New cards
UEFI provides the necessary functionality for which system level process?A. Secure BootB. Boot LoadersC. BIOSD. Anti-virus software
A
63
New cards
Which boot process validates each successive piece of software as they start and halts if invalid software is discovered?A. Measured BootB. UEFIC. Secure BootD. Bus Encryption
C
64
New cards
Which types of data are TEEs used to secure? (Choose three)A. DRM ControlsB. Payment/PCI DataC. Virus or Malware DefinitionsD. Biometric DataE. OS Versioning
ABD
65
New cards
Match the two types of keys with their purpose.1. User password to unlock the drive2. Private key used to secure data
A. Authentication KeyB. Data Encryption Key
AB
66
New cards
Which of the following would be a part of heuristic analysis? (Choose two)A. Code analysis of unexecuted filesB. Observing patterns in attack vectors on an institutionC. Observing code execution in a sandboxD. Noting relationships between network traffic and malware
AC
67
New cards
Which type of security log would be most useful in order to determine the centrally cached web sites?A. Syslog Server logB. Windows Security Event LogC. Proxy Server SyslogD. Proxy Server Log
D
68
New cards
Which command-line tool is used to send the results of an onscreen command to a text file?A. \>B. |C. \D. <
A
69
New cards
Which of the following is the most basic initial function of a SIEM system?A. Correlation via rulesB. Log aggregation dashboardC. Artificial IntelligenceD. Security Orchestration and Automation Response
B
70
New cards
Which log is associated with tracking both successful and failed authentication attempts on a Linux operating system?A. auth.logB. faillogC. security event logD. syslog
A
71
New cards
Which type of network analysis decodes the content of packets to see the application data moving through the network?A. Flow AnalysisB. DNS AnalysisC. Protocol AnalysisD. Packet Analysis
D
72
New cards
Which form of email security infrastructure specifically focuses on digital signatures of outbound email from a mail server?A. DNSB. DMARCC. DKIMD. SPF
C
73
New cards
Which type of email-related concern escalates most of the other security concerns?A. Embedded linksB. Forwarder redirectionC. Social engineeringD. Attachments
C
74
New cards
Which type of impact is best described as the impact to the data within a company?A. LocalB. OrganizationalC. TotalD. Immediate
A
75
New cards
Which permissions would let someone view and launch a file that used memory triggering a CPU process? (Choose two)A. DeleteB. PermissionsC. ReadD. WriteE. Execute
CE
76
New cards
Which of the following are the best candidates for a blacklist? (Choose two)A. FirewallsB. Network ACLsC. MalwareD. Malicious traffic patternsE. Permissions
CD
77
New cards
Regarding firewall passwords, which of the following typically cause the greatest vulnerabilities? (Choose two)A. Config filesB. UpdatesC. ZonesD. DefaultsE. Rules
AD
78
New cards
When IPS traffic is allowed through to the network when it should have been blocked, it's referred to as which of the following?A. False negativeB. False positiveC. Out-of-band enforcementD. Baseline
A
79
New cards
Which of the following are likely areas of management in a Data Loss Prevention system? (Choose three)A. PrintingB. PermissionsC. EmailD. SoftwareE. User Authentication
ACD
80
New cards
Which location is typical for an EDR agent installation?A. FirewallB. Virtual ServerC. RouterD. Switch
B
81
New cards
Which element of a NAC topology best describes a layer 2 switch?A. Authentication ServerB. SupplicantC. Internet of ThingsD. Authenticator
D
82
New cards
Which security infrastructure element is added in order to redirect endpoints to a new destination?A. SinkholeB. SandboxC. HoneynetD. Honeypot
A
83
New cards
Which of the following is the most valuable resource in proactive threat management?A. FirewallsB. PeopleC. Artificial IntelligenceD. Intrusion Detection Systems
B
84
New cards
Why do we need to learn about current threats in order to develop an accurate hypothesis to investigate? (Choose three)A. ProceduresB. PoliciesC. TitlesD. TechniquesE. Tactics
ADE
85
New cards
Which type of advanced persistent threat actor is known for having large resources and wanting to affect disruption in a foreign country?A. HacktivistB. Cyber CriminalC. Nation StateD. Cyber-Terrorist
C
86
New cards
Order the threat hunting step appropriately.A. Envision the AttackB. Keep LearningC. Look for AttacksD. Know Thyself
DACB
87
New cards
Which of the following is associated most with network controls rather than endpoint controls?A. Change defaultsB. Deny all ports and protocolsC. ContainerizationD. Desired State Configuration
B
88
New cards
Which of the following is the most valid definition of an attack vector?A. A method of attackB. Exploited vulnerabilitiesC. Agents of potential harm to an enterpriseD. Malware
A
89
New cards
Which of the following is the most accurate description of a system that gathers vast quantities of data through neural networks?A. Machine LearningB. Artificial IntelligenceC. Deep LearningD. Natural Intelligence
C
90
New cards
Which security protocol is associated with public key infrastructure (PKI) as it applies to automation?A. Common Platform Enumeration (CPE)B. Extensible Configuration Checklist Description Format (XCCDF)C. Trust Model for Security Automation Data (TMSAD)D. Open Vulnerability Language (OVAL)
C
91
New cards
Which of the following is an element of Security Orchestration Automation and Response (SOAR)? (Choose two)A. Perform action steps with integrated systemsB. Examine log for patternsC. Collect incoming data streamsD. Capture network traffic
AC
92
New cards
How do APIs allow for better security automation?A. Provide a language for scriptingB. Ensure automatic updatesC. Identify end usersD. Read and write to software systems configurations and data
D
93
New cards
Which of the following enables malware detection software to quickly recognize new variants of a strain of malware? (Choose two)A. Centralized malware databasesB. String hashesC. File hashesD. Deep learning
BD
94
New cards
You're a security analyst wanting to incorporate third-party up-to-date security information into the context of machine learning that's already using content from your SIEM. Which process should be used?A. Data DeduplicationB. Data EnrichmentC. Data MiningD. Data Cleansing
B
95
New cards
Which of the following is the best description of a methodology involving regular small incremental changes over the lifespan of a piece of software?A. Continuous DeliveryB. Continuous IntegrationC. Continuous DeploymentD. Security Automation
B
96
New cards
An incident response process is a methodology providing guidance on handling of cyber threats and breaches. True or false?
T
97
New cards
According to the NIST framework, what are the four objectives of incident response? (Choose four)A. PreparationB. ClassificationC. Containment, eradication, and recoveryD. Detection and analysisE. Post-incident activity
ACDE
98
New cards
A junior network analyst is monitoring network usage when he notices a huge usage on outbound network traffic. The traffic usage indicates a recent spiked bandwidth that has not been recorded. How would the analyst categorize this information?A. Employees downloading torrentsB. Timed out connectionsC. Potential indicator of compromiseD. Packet loss
C
99
New cards
Which of the following are categories of alerts? Choose all that apply.A. InformationalB. PartialC. MediumD. Critical
ACD
100
New cards
Which of the following is NOT a post incident activity?A. Lesson learned reportB. Incident response planningC. Evidence retentionD. Incident summary report
B