Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 25

Which of the following documents sets requirements and metrics for a third-party response during an event?

A.

BIA

B.

DRP

C.

SLA

D.

MOU

Full Access
Question # 26

A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the team create to address this issue?

A.

Service-level agreement

B.

Change management plan

C.

Incident response plan

D.

Memorandum of understanding

Full Access
Question # 27

When undertaking a cloud migration of multiple SaaS application, an organizations system administrator struggled … identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?

A.

CASB

B.

SASE

C.

ZTNA

D.

SWG

Full Access
Question # 28

Which of the following is the first step that should be performed when establishing a disaster recovery plan?

A.

Agree on the goals and objectives of the plan

B.

Determine the site to be used during a disasterC Demonstrate adherence to a standard disaster recovery process

C.

Identity applications to be run during a disaster

Full Access
Question # 29

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

A.

Identify any improvements or changes in the incident response plan or procedures

B.

Determine if an internal mistake was made and who did it so they do not repeat the error

C.

Present all legal evidence collected and turn it over to iaw enforcement

D.

Discuss the financial impact of the incident to determine if security controls are well spent

Full Access
Question # 30

An organization was compromised, and the usernames and passwords of all em-ployees were leaked online. Which of the following best describes the remedia-tion that could reduce the impact of this situation?

A.

Multifactor authentication

B.

Password changes

C.

System hardening

D.

Password encryption

Full Access
Question # 31

An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?

A.

Disable the user's network account and access to web resources

B.

Make a copy of the files as a backup on the server.

C.

Place a legal hold on the device and the user's network share.

D.

Make a forensic image of the device and create a SRA-I hash.

Full Access
Question # 32

During a scan of a web server in the perimeter network, a vulnerability was identified that could be exploited over port 3389. The web server is protected by a WAF. Which of the following best represents the change to overall risk associated with this vulnerability?

A.

The risk would not change because network firewalls are in use.

B.

The risk would decrease because RDP is blocked by the firewall.

C.

The risk would decrease because a web application firewall is in place.

D.

The risk would increase because the host is external facing.

Full Access
Go to page: