최신 CS0-003 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

문제1

An employee received a phishing email that contained malware targeting the company. Which of the following is the best way for a security analyst to get more details about the malware and avoid disclosing information?

A. Upload the malware to the VirusTotal website

B. Use a local sandbox in a microsegmented environment

C. Share the malware with the EDR provider

D. Hire an external consultant to perform the analysis

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제2

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?

A. Buffer overflow

B. Cross-site scripting

C. Beaconing

D. PHP traversal

정답: C

문제3

When starting an investigation, which of the following must be done first?

A. Notify law enforcement

B. Interview the witnesses

C. Secure the scene

D. Seize all related evidence

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제4

A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?

A. Configure the EDR to perform a full scan.

B. Log in to the affected systems and run necstat.

C. Cross-reference the signature with open-source threat intelligence.

D. Transfer the malware to a sandbox environment.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?

A. Conduct regular red team exercises over the application in production

B. Implement proper input validation for any data entry form

C. Use application security scanning as part of the pipeline for the CI/CDflow

D. Ensure that all implemented coding libraries are regularly checked

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which of the following is a reason why proper handling and reporting of existing evidence are important for the investigation and reporting phases of an incident response?

A. TO ensure the report is legally acceptable in case it needs to be presented in court

B. To ensure the evidence can be used in a postmortem analysis

C. To prevent the possible loss of a data source for further root cause analysis

D. To present a lessons-learned analysis for the incident response team

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제7

An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason the firewall feed stopped working?

A. The firewall was using a paid feed.

B. The firewall certificate expired.

C. The firewall failed open.

D. The firewall service account was locked out.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

A Chief Information Security Officer wants to lock down the users' ability to change applications that are installed on their Windows systems. Which of the following is the best enterprise-level solution?

A. HIPS

B. GPO

C. Registry

D. DLP

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제9

An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?

A. Diamond Model of Intrusion Analysis

B. OSSTMM

C. MITRE ATT&CK

D. OWASP

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제10

Which of the following concepts is using an API to insert bulk access requests from a file into an identity management system an example of?

A. Command and control

B. Automation

C. Single sign-on

D. Data enrichment

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제11

An incident response team finished responding to a significant security incident. The management team has asked the lead analyst to provide an after-action report that includes lessons learned. Which of the following is the most likely reason to include lessons learned?

A. To satisfy regulatory requirements for incident reporting

B. To identify areas of improvement in the incident response process

C. To highlight the notable practices of the organization's incident response team

D. To hold other departments accountable

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:
[+] XSS: In form input 'txtSearch' with action https://localhost/search.aspx
[-] XSS: Analyzing response #1...
[-] XSS: Analyzing response #2...
[-] XSS: Analyzing response #3...
[+] XSS: Response is tainted. Looking for proof of the vulnerability.
Which of the following is the most likely reason for this vulnerability?

A. The developer did not set proper cross-site scripting protections in the header.

B. The developer set input validation protection on the specific field of search.aspx.

C. The developer did not implement default protections in the web application build.

D. The developer did not set proper cross-site request forgery protections.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제13

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?

A. Rollback

B. Implementation

C. Testing

D. Validation

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제14

Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system, application, or user base is affected by an uptime availability outage?

A. Impact

B. Scope

C. Evidence

D. Timeline

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제15

A security administrator needs to import Pll data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality?

A. Watermarking

B. Data masking

C. Hashing

D. Encoding

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제16

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

A. Implementing intrusion detection software to alert security teams of unauthorized access attempts

B. Deploying an additional layer of access controls to verify authorized individuals

C. Conducting regular security awareness training of employees to prevent social engineering attacks

D. Running regular penetration tests to identify and address new vulnerabilities

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제17

A manufacturer has hired a third-party consultant to assess the security of an OT network that includes both fragile and legacy equipment Which of the following must be considered to ensure the consultant does no harm to operations?

A. Using passive instead of active vulnerability scans

B. Running scans during off-peak manufacturing hours

C. Preserving the state of PLC ladder logic prior to scanning

D. Employing Nmap Scripting Engine scanning techniques

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제18

A security analyst needs to mitigate a known, exploited vulnerability related not tack vector that embeds software through the USB interface. Which of the following should the analyst do first?

A. Conduct security awareness training on the risks of using unknown and unencrypted USBs.

B. Check configurations to determine whether USB ports are enabled on company assets.

C. Write a removable media policy that explains that USBs cannot be connected to a company asset.

D. Review logs to see whether this exploitable vulnerability has already impacted the company.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제19

During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee's personal email. Which of the following should the analyst recommend be done first?

A. Enable filtering on the web proxy.

B. Configure a deny rule on the firewall.

C. Disable the public email access with CASB.

D. Place a legal hold on the employee's mailbox.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

최신 CS0-003 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification

우리와 연락하기

유용한 링크

최신 업데이트