Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA CySA+ CS0-002 Reddit Questions

Page: 25 / 28
Total 372 questions

CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question 97

A security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?

Options:

A.

Physical key

B.

Retinal scan

C.

Passphrase

D.

Fingerprint

Question 98

The incident response team is working with a third-party forensic specialist to investigate the root cause of a recent intrusion An analyst was asked to submit sensitive network design details for review The forensic specialist recommended electronic delivery for efficiency but email was not an approved communication channel to send network details Which of the following BEST explains the importance of using a secure method of communication during incident response?

Options:

A.

To prevent adversaries from intercepting response and recovery details

B.

To ensure intellectual property remains on company servers

C.

To have a backup plan in case email access is disabled

D.

To ensure the management team has access to all the details that are being exchanged

Question 99

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

Options:

A.

Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

B.

After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

C.

Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

D.

Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

Question 100

After running the cat file01.bin | hexdump -c command, a security analyst reviews the following output snippet:

00000000 ff d8 ft e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|

Which of the following digital-forensics techniques is the analyst using?

Options:

A.

Reviewing the file hash

B.

Debugging the binary file

C.

Implementing file carving

D.

Verifying the file type

E.

Utilizing reverse engineering

Page: 25 / 28
Total 372 questions