New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-002 Exam Dumps - CompTIA CySA+ Certification Exam (CS0-002)

Go to page:
Question # 97

A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?

A.

Implement UEM on an systems and deploy security software.

B.

Implement DLP on all workstations and block company data from being sent outside the company

C.

Implement a CASB and prevent certain types of data from being downloaded to a workstation

D.

Implement centralized monitoring and logging for an company systems.

Full Access
Question # 98

A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

A.

Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.

B.

Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed

C.

Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist.

D.

Review the current blocklist to determine which domains can be removed from the list and then update the ACLs

Full Access
Question # 99

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

A.

Convert all integer numbers in strings to handle the memory buffer correctly.

B.

Implement float numbers instead of integers to prevent integer overflows.

C.

Use built-in functions from libraries to check and handle long numbers properly.

D.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

Full Access
Question # 100

A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

A.

Data masking procedures

B.

Enhanced encryption functions

C.

Regular business impact analysis functions

D.

Geographic access requirements

Full Access
Question # 101

During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following:

• The development team used a new software language that was not supported by the security team's automated assessment tools.

• During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected.

• The current IPS did not have effective signatures and policies in place to detect and prevent runtime attacks on the new application.

To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

A.

Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed

B.

Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically

C.

Contact the human resources department to hire new security team members who are already familiar with the new language

D.

Run the software on isolated systems so when they are compromised, the attacker cannot pivot to adjacent systems

E.

Instruct only the development team to document the remediation steps for this vulnerability

F.

Outsource development and hosting of the applications in the new language to a third-party vendor so the risk is transferred to that provider

Full Access
Question # 102

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

A.

detection and prevention capabilities to improve.

B.

which systems were exploited more frequently.

C.

possible evidence that is missing during forensic analysis.

D.

which analysts require more training.

E.

the time spent by analysts on each of the incidents.

Full Access
Question # 103

An organization has the following policies:

*Services must run on standard ports.

*Unneeded services must be disabled.

The organization has the following servers:

*192.168.10.1 - web server

*192.168.10.2 - database server

A security analyst runs a scan on the servers and sees the following output:

Which of the following actions should the analyst take?

A.

Disable HTTPS on 192.168.10.1.

B.

Disable IIS on 192.168.10.1.

C.

Disable DNS on 192.168.10.2.

D.

Disable MSSQL on 192.168.10.2.

E.

Disable SSH on both servers.

Full Access
Question # 104

Which of the following would best protect sensitive data If a device is stolen?

A.

Remote wipe of drive

B.

Self-encrypting drive

C.

Password-protected hard drive

D.

Bus encryption

Full Access
Go to page: