Download 2021 Free CompTIA CySA+ CS0-002 Practice Exam Questions

test2021-11-16T07:39:58+00:00

CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.

To pass the CompTIA CySA+ CS0-002 test on the first try, you must have accurate syllabus information and an excellent study guide. FreeTestShare 100 percent genuine CompTIA CySA+ CS0-002 Practice Exam Questions give you in-depth knowledge of the CS0-002 exam syllabus. To put your skills to the test, try CompTIA CySA+ CS0-002 free practice questions!

Page 1 of 8

1. An analyst is reviewing the following code output of a vulnerability scan:

if (search name ! = null )

{

%>

employee <%search names%> not found

}

Which of the following types of vulnerabilities does this MOST likely represent?

A insecure direct object reference vulnerability

An HTTP response split vulnerability

A credential bypass vulnerability

A XSS vulnerability

2. A cybersecurity analyst is responding to an incident. The company’s leadership team wants to attribute the incident to an attack group.

Which of the following models would BEST apply to the situation?

Intelligence cycle

Diamond Model of Intrusion Analysis

Kill chain

MITRE ATT&CK

3. A security analyst has discovered suspicious traffic and determined a host is connecting to a known malicious website.

The MOST appropriate action for the analyst to take would be lo implement a change request to:

update the antivirus software

configure the firewall to block traffic to the domain

add the domain to the blacklist

create an IPS signature for the domain

4. A security analyst is supporting an embedded software team.

Which of the following is the BEST recommendation to ensure proper error handling at runtime?

Perform static code analysis.

Require application fuzzing.

Enforce input validation

Perform a code review

5. A user reports a malware alert to the help desk A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes.

Which of the following should the security analyst do NEXT?

Document the procedures and walk through the incident training guide.

Sanitize the workstation and verify countermeasures are restored

Reverse engineer the malware to determine its purpose and risk to the organization.

Isolate the workstation and issue a new computer to the user.

6. A system administrator is doing network reconnaissance of a company’s external network to determine the vulnerability of various services that are running.

Sending some sample traffic to the external host, the administrator obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

SSH

HTTP

SMB

HTTPS

7. An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.

Which of the following should the analyst do NEXT?

Decompile each binary to derive the source code.

Perform a factory reset on the affected mobile device.

Compute SHA-256 hashes for each binary.

Encrypt the binaries using an authenticated AES-256 mode of operation.

Inspect the permissions manifests within each application.

8. Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?

Reverse engineering

Application log collectors

Workflow orchestration

API integration

Scripting

9. A malicious hacker wants to gather guest credentials on a hotel 802.11 network.

Which of the following tools is the malicious hacker going to use to gain access to information found on the hotel network?

Nikto

Aircrak-ng

Nessus

tcpdump

10. A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now.

The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

Accept this risk for now because this is a “high” severity, but testing will require more than the four days available, and the system ATO needs to be competed.

Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.

Ensure HTTP validation is enabled by rebooting the server.

Page 2 of 8

11. A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program.

Which of the following is the MOST appropriate product category for this purpose?

SOAR

WAF

SCAP

UEBA

12. CORRECT TEXT

You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company's hardening guidelines indicate the following:

• TLS 1.2 is the only version of TLS running.

• Apache 2.4.18 or greater should be used.

• Only default ports should be used.

INSTRUCTIONS

Using the supplied data, record the status of compliance with the company's guidelines for each server.

The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

13. An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network.

Which of the following schedules BEST addresses these requirements?

Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

14. The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide.

Which of the following controls would BEST protect the service?

Whitelisting authorized IP addresses

Enforcing more complex password requirements

Blacklisting unauthorized IP addresses

Establishing a sinkhole service

15. A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports.

Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access?

Apply a firewall application server rule.

Whitelist the application server.

Sandbox the application server.

Enable port security.

Block the unauthorized networks.

16. An organization has several systems that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets.

Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

Use SSO across all applications

Perform a manual privilege review

Adjust the current monitoring and logging rules

Implement multifactor authentication

17. A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware.

Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

Enabling application blacklisting

Enabling sandboxing technology

Purchasing cyber insurance

Installing a firewall between the workstations and Internet

18. A security analyst has been alerted to several emails that snow evidence an employee is planning malicious activities that involve employee Pll on the network before leaving the organization. The security analysis BEST response would be to coordinate with the legal department and:

the public relations department

senior leadership

law enforcement

the human resources department

19. As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.

Which of the following BEST describes this test?

Walk through

Full interruption

Simulation

Parallel

20. A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.

Which of the following would be the BEST solution to recommend to the director?

Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.

Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle data. Train all human resources employees.

Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.

Install specific equipment to create a human resources policy that protects PII dat

Train company employees on how to handle PII dat

Outsource all PII to another company. Send the human resources director to training for PII handling.

Page 3 of 8

21. A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices.

Which of the following should be used to identify the traffic?

Carving

Disk imaging

Packet analysis

Memory dump

Hashing

22. A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC:

../../../../bin/bash

Which of the following commands can be used to determine if the string is present in the log?

echo access.log | grep "../../../../bin/bash"

grep "../../../../bin/bash" 1 cat access.log

grep "../../../. ./bin/bash" < access.log

cat access.log > grep "../../../ ../bin/bash"

23. Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

Unauthorized, unintentional, benign

Unauthorized, intentional, malicious

Authorized, intentional, malicious

Authorized, unintentional, benign

24. An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.

Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

FaaS

RTOS

SoC

GPS

CAN bus

25. A large software company wants to move «s source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business management determines the recovery time objective needs to be within one hour.

Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?

Establish an alternate site with active replication to other regions

Configure a duplicate environment in the same region and load balance between both instances

Set up every cloud component with duplicated copies and auto scaling turned on

Create a duplicate copy on premises that can be used for failover in a disaster situation

26. A web developer wants to create a new web part within the company website that aggregates sales from individual team sites. A cybersecurity analyst wants to ensure security measurements are implemented during this process.

Which of the following remediation actions should the analyst take to implement a vulnerability management process?

Personnel training

Vulnerability scan

Change management

Sandboxing

27. Which of the following technologies can be used to store digital certificates and is typically used in high security implementations where integrity is paramount?

HSM

eFuse

UEFI

Self-encrypting drive

28. A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level authentication is enabled

Which of the following is the BEST remediation for this vulnerability?

Verify the latest endpoint-protection signature is in place.

Verify the corresponding patch for the vulnerability is installed^

Verify the system logs do not contain indicator of compromise.

Verify the threat intelligence feed is updated with the latest solutions

29. The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones.

The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

The DNS name of the new email server

The version of SPF that is being used

The IP address of the new email server

The DMARC policy

30. During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content.

Which of the following is the NEXT step the analyst should take?

Only allow whitelisted binaries to execute.

Run an antivirus against the binaries to check for malware.

Use file integrity monitoring to validate the digital signature.

Validate the binaries' hashes from a trusted source.

Page 4 of 8

31. Which of the following types of policies is used to regulate data storage on the network?

Password

Acceptable use

Account management

Retention

32. The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded

and has revealed a worm is spreading

Which of the following should be the NEXT step in this incident response?

Enable an ACL on all VLANs to contain each segment

Compile a list of loCs so the IPS can be updated to halt the spread.

Send a sample of the malware to the antivirus vendor and request urgent signature creation.

Begin deploying the new anti-malware on all uninfected systems.

33. A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures.

The analyst observes the following plugin output:

Antivirus is installed on the remote host:

Installation path: C:Program FilesAVProductWin32

Product Engine: 14.12.101

Engine Version: 3.5.71

Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.

The engine version is out of date. The oldest supported version from the vendor is 4.2.11.

The analyst uses the vendor's website to confirm the oldest supported version is correct.

Which of the following BEST describes the situation?

This is a false positive, and the scanning plugin needs to be updated by the vendor.

This is a true negative, and the new computers have the correct version of the software.

This is a true positive, and the new computers were imaged with an old version of the software.

This is a false negative, and the new computers need to be updated by the desktop team.

34. A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS.

Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

Run an anti-malware scan on the system to detect and eradicate the current threat

Start a network capture on the system to look into the DNS requests to validate command and control traffic.

Shut down the system to prevent further degradation of the company network

Reimage the machine to remove the threat completely and get back to a normal running state.

Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.

35. An incident response team is responding to a breach of multiple systems that contain PII and PHI.

Disclosing the incident to external entities should be based on:

the responder’s discretion

the public relations policy

the communication plan

senior management’s guidance

36. A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings.

Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.

Incorporate prioritization levels into the remediation process and address critical findings first.

Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.

Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

37. An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed.

Which of the following is the BEST technology for the analyst to recommend?

Software-based drive encryption

Hardware security module

Unified Extensible Firmware Interface

Trusted execution environment

38. A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.

Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

Attack vectors

Adversary capability

Diamond Model of Intrusion Analysis

Kill chain

Total attack surface

39. An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.

Which of the following is MOST likely to be a false positive?

OpenSSH/OpenSSL Package Random Number Generator Weakness

Apache HTTP Server Byte Range DoS

GDI+ Remote Code Execution Vulnerability (MS08-052)

HTTP TRACE / TRACK Methods Allowed (002-1208)

SSL Certificate Expiry

40. Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient.

Which of the following controls would have MOST likely prevented this incident?

SSO

DLP

WAF

VDI

Page 5 of 8

41. A security analyst has discovered trial developers have installed browsers on all development servers in the company's cloud infrastructure and are using them to browse the Internet.

Which of the following changes should the security analyst make to BEST protect the environment?

Create a security rule that blocks Internet access in the development VPC

Place a jumpbox m between the developers' workstations and the development VPC

Remove the administrator profile from the developer user group in identity and access management

Create an alert that is triggered when a developer installs an application on a server

42. An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint.

Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

Patching logs

Threat feed

Backup logs

Change requests

Data classification matrix

43. A security analyst for a large pharmaceutical company was given credentials from a threat intelligence resources organisation for Internal users, which contain usernames and valid passwords for company accounts.

Which of the following is the FIRST action the analyst should take as part of security operations monitoring?

Run scheduled antivirus scans on all employees' machines to look for malicious processes.

Reimage the machines of all users within the group in case of a malware infection.

Change all the user passwords to ensure the malicious actors cannot use them.

Search the event logs for event identifiers that indicate Mimikatz was used.

44. A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident.

Which of the following threat research methodoloqies would be MOST appropriate for the analyst to use?

Reputation data

CVSS score

Risk assessment

Behavioral analysis

45. Which of the following is MOST closely related to the concept of privacy?

An individual's control over personal information

A policy implementing strong identity management processes

A system's ability to protect the confidentiality of sensitive information

The implementation of confidentiality, integrity, and availability

46. A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.

Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

Development of a hypothesis as part of threat hunting

Log correlation, monitoring, and automated reporting through a SIEM platform

Continuous compliance monitoring using SCAP dashboards

Quarterly vulnerability scanning using credentialed scans

47. A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent.

Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

Implementing a sandboxing solution for viewing emails and attachments

Limiting email from the finance department to recipients on a pre-approved whitelist

Configuring email client settings to display all messages in plaintext when read

Adding a banner to incoming messages that identifies the messages as external

48. A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository.

Which of the following will ensure the application is valid?

Ask the user to refresh the existing definition file for the antivirus software

Perform a malware scan on the file in the internal repository

Hash the application's installation file and compare it to the hash provided by the vendor

Remove the user's system from the network to avoid collateral contamination

49. It is important to parameterize queries to prevent:

the execution of unauthorized actions against a database.

a memory overflow that executes code with elevated privileges.

the esrtablishment of a web shell that would allow unauthorized access.

the queries from using an outdated library with security vulnerabilities.

50. A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.

Which of the following should be done to prevent this issue from reoccurring?

Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.

Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.

Ensure power configuration is covered in the datacenter change management policy and have the SAN administrator review this policy.

Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.

Page 6 of 8

51. While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.

The analyst sees the following on the laptop's screen:

Which of the following is the BEST action for the security analyst to take?

Initiate a scan of devices on the network to find password-cracking tools.

Disconnect the laptop and ask the users jsmith and progers to log out.

Force all users in the domain to change their passwords at the next login.

Take the FILE-SHARE-A server offline and scan it for viruses.

52. A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified.

Which of the following will provide a trend of risk mitigation?

Risk response

Risk analysis

Planning

Oversight

Continuous monitoring

53. An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization.

Which of the following can the security analyst use to justify the request?

Data retention

Evidence retention

GDPR

Data correlation procedure

54. After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced output was compromised?

Secure shell is operating of compromise on this system.

There are no indicators of compromise on this system.

MySQL services is identified on a standard PostgreSQL port.

Standard HTP is open on the system and should be closed.

55. Which of the following is the MOST important objective of a post-incident review?

Capture lessons learned and improve incident response processes

Develop a process for containment and continue improvement efforts

Identify new technologies and strategies to remediate

Identify a new management strategy

56. While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal.

Which of the following would be BEST to prevent this type of attack from beinq successful1?

Implement MFA on the email portal using out-of-band code delivery.

Create a new rule in the IDS that triggers an alert on repeated login attempts

Leverage password filters to prevent weak passwords on employee accounts from being exploited.

Alter the lockout policy to ensure users are permanently locked out after five attempts.

Configure a WAF with brute force protection rules in block mode

57. A company recently experienced financial fraud, which included shared passwords being compromised and improper levels of access being granted. The company has asked a security analyst to help improve its controls.

Which of the following will MOST likely help the security analyst develop better controls?

An evidence summarization

An indicator of compromise

An incident response plan

A lessons-learned report

58. A cybersecurity analyst has access to several threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic.

Which of the following would BEST accomplish this goal?

Continuous integration and deployment

Automation and orchestration

Static and dynamic analysis

Information sharing and analysis

59. A security analyst inspects the header of an email that is presumed to be malicious and sees the following:

Which of the following is inconsistent with the rest of the header and should be treated as suspicious?

The subject line

The sender's email address

The destination email server

The use of a TLS cipher

60. An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders.

Which of the following controls is the MOST appropriate to mitigate risks?

Data deduplication

OS fingerprinting

Digital watermarking

Data loss prevention

Page 7 of 8

61. A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked.

Which of the following methods would be MOST appropriate to use?

An adversary capability model

The MITRE ATT&CK framework

The Cyber Kill Chain

The Diamond Model of Intrusion Analysis

62. A custom script monitors real-time

Access to logs may be delayed for some time.

SAML logging is not supported for cloud-based authentication.

Log data may be visible to other customers.

Logs may contain incorrect information

63. A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data.

Which of the following controls should be implemented to BEST address these concerns?

Data masking

Data loss prevention

Data minimization

Data sovereignty

64. A security analyst received an email with the following key:

Xj3XJ3LLc

A second security analyst received an email with following key:

3XJ3xjcLLC

The security manager has informed the two analysts that the email they received is a key that allows access to the company’s financial segment for maintenance.

This is an example of:

dual control

private key encryption

separation of duties

public key encryption

two-factor authentication

65. An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.

Which of the following should be considered FIRST prior to disposing of the electronic data?

Sanitization policy

Data sovereignty

Encryption policy

Retention standards

66. A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/A.php in a phishing email.

To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.

email server that automatically deletes attached executables.

IDS to match the malware sample.

proxy to block all connections to <malwaresource>.

firewall to block connection attempts to dynamic DNS hosts.

67. A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

The To address is invalid.

The email originated from the www.spamfilter.org UR

The IP address and the remote server name are the same.

The IP address was blacklisted.

The From address is invalid.

68. While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it.

Which of the following is the BEST solution for the security analyst to implement?

Block the domain IP at the firewall.

Blacklist the new subnet

Create an IPS rule.

Apply network access control.

69. A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?

Known threat

Zero day

Unknown threat

Advanced persistent threat

70. 1.As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy.

Based on the CISO's concerns, the assessor will MOST likely focus on:

qualitative probabilities.

quantitative probabilities.

qualitative magnitude.

quantitative magnitude.

Page 8 of 8

71. Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

Self-encrypting drive

Bus encryption

TPM

HSM

72. A proposed network architecture requires systems to be separated from each other logically based on defined risk levels.

Which of the following explains the reason why an architect would set up the network this way?

To complicate the network and frustrate a potential malicious attacker

To reduce the number of IP addresses that are used on the network

To reduce the attack surface of those systems by segmenting the network based on risk

To create a design that simplifies the supporting network

73. A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment.

Which of the following is the BEST solution?

Virtualize the system and decommission the physical machine.

Remove it from the network and require air gapping.

Only allow access to the system via a jumpbox

Implement MFA on the specific system.

74. Massivelog log has grown to 40GB on a Windows server At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located.

Which of the following lines of PowerShell script will allow a user to extract the last 10.000 lines of the loq for review?

get-content * ./Massivelog. log' -Last 10000 > extract.txt;

info tail n -10000 Massrvelog.log I extracttxt:

tail -10000 Massivelog.log > extract, txt

get content '/Massivelog.log' -Last 10000 | extract.txt

Download 2021 Free CompTIA CySA+ CS0-002 Practice Exam Questions

Download 2021 Free CompTIA CySA+ CS0-002 Practice Exam Questions

Share this post

Author

Leave a Reply Cancel reply

Related Posts