Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 9

After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASB to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?

A.

SIEM ingestion logs are reduced by 20%.

B.

Phishing alerts drop by 20%.

C.

False positive rates drop to 20%.

D.

The MTTR decreases by 20%.

Full Access
Question # 10

A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which

of the following groups should the issue be escalated to first in order to comply with industry best practices?

A.

Help desk

B.

Law enforcement

C.

Legal department

D.

Board member

Full Access
Question # 11

Which of the following is a KPI that is used to monitor or report on the effectiveness of an incident response reporting and communication program?

A.

Incident volume

B.

Mean time to detect

C.

Average time to patch

D.

Remediated incidents

Full Access
Question # 12

Which of the following should be updated after a lessons-learned review?

A.

Disaster recovery plan

B.

Business continuity plan

C.

Tabletop exercise

D.

Incident response plan

Full Access
Question # 13

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

A.

Running regular penetration tests to identify and address new vulnerabilities

B.

Conducting regular security awareness training of employees to prevent social engineering attacks

C.

Deploying an additional layer of access controls to verify authorized individuals

D.

Implementing intrusion detection software to alert security teams of unauthorized access attempts

Full Access
Question # 14

A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network traffic. Which of the following incident response steps should be performed next?

A.

Preparation

B.

Validation

C.

Containment

D.

Eradication

Full Access
Question # 15

A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

A.

Scan the employee's computer with virus and malware tools.

B.

Review the actions taken by the employee and the email related to the event

C.

Contact human resources and recommend the termination of the employee.

D.

Assign security awareness training to the employee involved in the incident.

Full Access
Question # 16

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?

A.

function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 | $a” }

B.

B. function x() { b=traceroute -m 40 $1 | awk ’END{print $1}’) && echo “$1 | $b” }

C.

C. function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ”.in-addr” ’{print $1}’).origin.asn.cymru.com TXT +short }

D.

function z() { c=$(geoiplookup$1) && echo “$1 | $c” }

Full Access
Go to page: