Note! Following CS0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CS0-002

CS0-001 Exam Dumps - CompTIA CySA+ Certification Exam

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
9
Next
Last >>

Question # 17

A cybersecurity analyst was asked to review several results of web vulnerability scan logs.

Given the following snippet of code:

Which of the following BEST describes the situation and recommendations to be made?

The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The code should include the domain name. Recommend the entry be updated with the domain name.

The security analyst has discovered an embedded iframe that is hidden from users accessing the web page. This code is correct. This is a design preference, and no vulnerabilities are present.

The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The link is hidden and suspicious. Recommend the entry be removed from the web page.

The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. Recommend making the iframe visible. Fixing the code will correct the issue.

Full Access

Question # 18

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.

Which of the following actions should the analyst take?

Reschedule the automated patching to occur during business hours.

Monitor the web application service for abnormal bandwidth consumption.

Create an incident ticket for anomalous activity.

Monitor the web application for service interruptions caused from the patching.

Full Access

Question # 19

A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)

A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs

A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack

A Bluetooth peering attack called â€œSnarfingâ€ that allows Bluetooth connections on blocked device types if physically connected to a USB port

A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking

Full Access

Question # 20

A software development company in the manufacturing sector has just completed the alpha version of its flagship application. The application has been under development for the past three years. The SOC has seen intrusion attempts made by indicators associated with a particular APT. The company has a hot site location for COOP. Which of the following threats would most likely incur the BIGGEST economic impact for the company?

DDoS

ICS destruction

IP theft

IPS evasion

Full Access

Question # 21

The primary difference in concern between remediating identified vulnerabilities found in general-purpose IT network servers and that of SCADA systems is that:

change and configuration management processes do not address SCADA systems.

doing so has a greater chance of causing operational impact in SCADA systems.

SCADA systems cannot be rebooted to have changes to take effect.

patch installation on SCADA systems cannot be verified.

Full Access

Question # 22

An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use?

CIS benchmark

Nagios

OWASP

Untidy

Cain & Abel

Full Access

Question # 23

A systems administrator at a company notices an unknown, randomly named process running on a database server that contains several terabytes of personal and account data for customers Reviewing the server, the administrator notices the process was installed and began running two days ago Database logs stored off the server Indicate unusual queries were run but not against tables containing personal and account data. Network logs show encrypted network traffic at minimal levels lo an external IP address that began shortly after the process started and ended at midnight yesterday wnen the threat intelligence feed automatically blocked the IP address. Which of the following is the BEST course of action'

Kill the process, quarantine the server, and begin examining the logs of other devices to which this server has connectivity.

Contact all customers with records in the database to let them know their information may have been compromised.

Kill the process, delete It from the server to prevent It from spreading, and restore a backup of the server.

Leave the process running and remove the network block, allowing the administrator to study the process and determine its purpose.

Full Access

Question # 24

A security analyst performed a review of an organizationâ€™s software development life cycle. The analyst reports that the life cycle does not contain in a phase in which team members evaluate and provide critical feedback on another developerâ€™s code. Which of the following assessment techniques is BEST for describing the analystâ€™s report?

Architectural evaluation

Waterfall

Whitebox testing

Peer review

Full Access

Go to page: