Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CS0-002 Exam Questions Tutorials

Page: 17 / 28
Total 372 questions

CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question 65

A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

Options:

A.

Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.

B.

Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed

C.

Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist.

D.

Review the current blocklist to determine which domains can be removed from the list and then update the ACLs

Question 66

While reviewing abnormal user activity, a security analyst notices a user has the following fileshare activities:

Which of the following should the analyst do first?

Options:

A.

Initiate the security incident response process for unauthorized access.

B.

Shut down the servers while the access is investigated.

C.

Remove the user's access for all fileshares.

D.

Lock the user account until the access can be explained.

Question 67

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

Options:

A.

IDS signatures

B.

Data loss prevention

C.

Port security

D.

Sinkholing

Question 68

Which of the following is the primary reason financial institutions may share up-to-date threat intelligence information on a secure feed that is

dedicated to their sector?

Options:

A.

To augment information about common malicious actors and indicators of compromise

B.

To prevent malicious actors from knowing they can defend against malicious attacks

C.

To keep other industries from accessing information meant for financial institutions

D.

To focus on attacks specifically targeted at their customers’ mobile applications

Page: 17 / 28
Total 372 questions