Practice Exams:

Free CS0-002 Exam Braindumps

Pass your CompTIA Cybersecurity Analyst (CySA+) Certification Exam exam with these free Questions and Answers

Page 3 of 75
PDF with 372 Questions
QUESTION 6

- (Exam Topic 3)
A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:
CS0-002 dumps exhibit
Which of the following is the MOST likely solution to the listed vulnerability?

  1. A. Enable the browser's XSS filter.
  2. B. Enable Windows XSS protection
  3. C. Enable the browser's protected pages mode
  4. D. Enable server-side XSS protection

Correct Answer: D

QUESTION 7

- (Exam Topic 2)
A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall’s behavior and responses. The analyst executes the following commands:
CS0-002 dumps exhibit
The analyst then compares the following results for port 22: nmap returns “Closed”
hping3 returns “flags=RA”
Which of the following BEST describes the firewall rule?

  1. A. DNAT –-to-destination 1.1.1.1:3000
  2. B. REJECT with –-tcp-reset
  3. C. LOG –-log-tcp-sequence
  4. D. DROP

Correct Answer: B
No doubt does the nmap result mean its being rejected as it returns closed. However, what threw me for a loop was the hping3 response. After further web surfing I found that the "flag=RA" means actually means "flag= RST, ACK" which means that it too was rejected.

QUESTION 8

- (Exam Topic 1)
A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team’s NEXT step during the detection phase of this response process?

  1. A. Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
  2. B. Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.
  3. C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
  4. D. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

Correct Answer: D

QUESTION 9

- (Exam Topic 3)
A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further in investigation?

  1. A. Data carving
  2. B. Timeline construction
  3. C. File cloning
  4. D. Reverse engineering

Correct Answer: C

QUESTION 10

- (Exam Topic 1)
A security analyst is reviewing the following web server log:
CS0-002 dumps exhibit
Which of the following BEST describes the issue?

  1. A. Directory traversal exploit
  2. B. Cross-site scripting
  3. C. SQL injection
  4. D. Cross-site request forgery

Correct Answer: A

Page 3 of 75
PDF with 372 Questions

Post your Comments and Discuss CompTIA CS0-002 exam with other Community members: