Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA CySA+ CS0-003 Full Course Free

Page: 22 / 27
Total 367 questions

CompTIA CyberSecurity Analyst CySA+ Certification Exam Questions and Answers

Question 85

A company has decided to expose several systems to the internet, The systems are currently available internally only. A security analyst is using a subset of CVSS3.1 exploitability metrics to prioritize the vulnerabilities that would be the most exploitable when the systems are exposed to the internet. The systems and the vulnerabilities are shown below:

Which of the following systems should be prioritized for patching?

Options:

A.

brown

B.

grey

C.

blane

D.

sullivan

Question 86

Which of the following statements best describes the MITRE ATT&CK framework?

Options:

A.

It provides a comprehensive method to test the security of applications.

B.

It provides threat intelligence sharing and development of action and mitigation strategies.

C.

It helps identify and stop enemy activity by highlighting the areas where an attacker functions.

D.

It tracks and understands threats and is an open-source project that evolves.

E.

It breaks down intrusions into a clearly defined sequence of phases.

Question 87

Which of the following does "federation" most likely refer to within the context of identity and access management?

Options:

A.

Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access

B.

An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains

C.

Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user

D.

Correlating one's identity with the attributes and associated applications the user has access to

Question 88

A security analyst would like to integrate two different SaaS-based security tools so that one tool can notify the other in the event a threat is detected. Which of the following should the analyst utilize to best accomplish this goal?

Options:

A.

SMB share

B.

API endpoint

C.

SMTP notification

D.

SNMP trap

Page: 22 / 27
Total 367 questions