Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 81

A cybersecurity analyst has recovered a recently compromised server to its previous state. Which of the following should the analyst perform next?

A.

Eradication

B.

Isolation

C.

Reporting

D.

Forensic analysis

Full Access
Question # 82

A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?

A.

WAF

B.

Wireshark

C.

EDR

D.

Nmap

Full Access
Question # 83

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?

A.

Credentialed network scanning

B.

Passive scanning

C.

Agent-based scanning

D.

Dynamic scanning

Full Access
Question # 84

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing the packets containing the file transfer itself. Which of the following can the analyst perform to see the entire contents of the downloaded files?

A.

Change the display filter to f cp. accive. pore

B.

Change the display filter to tcg.port=20

C.

Change the display filter to f cp-daca and follow the TCP streams

D.

Navigate to the File menu and select FTP from the Export objects option

Full Access
Question # 85

Which of the following is a nation-state actor least likely to be concerned with?

A.

Detection by MITRE ATT&CK framework.

B.

Detection or prevention of reconnaissance activities.

C.

Examination of its actions and objectives.

D.

Forensic analysis for legal action of the actions taken

Full Access
Question # 86

During a recent site survey. an analyst discovered a rogue wireless access point on the network. Which of the following actions should be taken first to protect the network while preserving evidence?

A.

Run a packet sniffer to monitor traffic to and from the access point.

B.

Connect to the access point and examine its log files.

C.

Identify who is connected to the access point and attempt to find the attacker.

D.

Disconnect the access point from the network

Full Access
Question # 87

Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?

A.

Deploy a database to aggregate the logging.

B.

Configure the servers to forward logs to a SIEM-

C.

Share the log directory on each server to allow local access,

D.

Automate the emailing of logs to the analysts.

Full Access
Question # 88

A security analyst runs the following command:

# nmap -T4 -F 192.168.30.30

Starting nmap 7.6

Host is up (0.13s latency)

PORT STATE SERVICE

23/tcp open telnet

443/tcp open https

636/tcp open ldaps

Which of the following should the analyst recommend first to harden the system?

A.

Disable all protocols that do not use encryption.

B.

Configure client certificates for domain services.

C.

Ensure that this system is behind a NGFW.

D.

Deploy a publicly trusted root CA for secure websites.

Full Access
Go to page: