comptia cysa cs0 002 practice test questions 20222023 | consisting of 112 questions with verified answers from experts
Written for
CompTIA CySA+ CS0-002
All documents for this subject (36)
Seller
Follow
Labsolution
Reviews received
Content preview
CompTIA CySA+ CS0-002 Practice Test Questions
1. A cybersecurity analyst receives a phone call from an unknown
person with the number blocked on the caller ID. After starting
conversation, the caller begins to request sensitive information. Which of
the following tech- niques is being applied?
A. Social engineering
B. Phishing
C. Impersonation
D. War dialing: Answer- A
2. Which of the following is the main benefit of sharing incident details
with partner organizations or external trusted parties during the incident
response process?
A. It facilitates releasing incident results, findings and resolution to
the media and all appropriate government agencies
B. It shortens the incident life cycle by allowing others to document
incident details and prepare reports.
C. It enhances the response process, as others may be able to recognize
the observed behavior and provide valuable insight.
D. It allows the security analyst to defer incident-handling activities until
all parties agree on how to proceed with analysis.: Answer- C
3. The security analyst determined that an email containing a malicious
attachment was sent to several employees within the company, and it was
not stopped by any of the email filtering devices. An incident was declared.
,During the investigation, it was determined that most users deleted the
email, but one specific user executed the attachment. Based on the details
gathered, which of the following actions should the security analyst
perform NEXT?
A. Obtain a copy of the email with the malicious attachment. Execute the
file on another user's machine and observe the behavior. Document all
findings.
B. Acquire a full backup of the affected machine. Reimage the machine
and then restore from the full backup.
C.Take the affected machine off the network. Review local event logs
looking for activity and processes related to unknown or unauthorized
software.
D. Take possession of the machine. Apply the latest OS updates and
firmware. Discuss the problem with the user and return the machine.:
Answer- C
4. Which of the following tools should a cybersecurity analyst use to
verify the integrity of a forensic image before and after an investigation?
A. strings
B. sha1sum
,C. file
D. dd
E. gzip: Answer- B
5. Given the following logs:
Aug 18 11:00:57 comptia sshd[5657]: Failed password for root
from 10.10.10.192 port 38980 ssh2
Aug 18 23:08:26 comptia sshd[5768]: Failed password for root
from 18.70.0.160 port 38156 ssh2
Aug 18 23:08:30 comptia sshd[5770]: Failed password for admin
from 18.70.0.160 port 38556 ssh2
Aug 18 23:08:34 comptia sshd[5772]: Failed password for invalid user
aster- isk from 18.70.0.160 port 38864 ssh2
Aug 18 23:08:38 comptia sshd[5774]: Failed password for invalid
user sjobeck from 10.10.1.16 port 39157 ssh2
Aug 18 23:08:42 comptia sshd[5776]: Failed password for root
from 18.70.0.160 port 39467 ssh2
Which of the following can be suspected?
A. An unauthorized user is trying to gain access from 10.10.10.192.
B. An authorized user is trying to gain access from 10.10.10.192.
C. An authorized user is trying to gain access from 18.70.0.160.
D. An unauthorized user is trying to gain access from 18.70.0.160.: Answer-
D
6. A security analyst has been asked to review permissions on accounts
within Active Directory to determine if they are appropriate to the user's
, role. During this process, the analyst notices that a user from building
maintenance is part of the Domain Admin group. Which of the following
does this indicate?
A. Cross-site scripting
B. Session hijack
C. Privilege escalation
D. Rootkit: C
7. In the last six months, a company is seeing an increase in credential-
har- vesting attacks. The latest victim was the chief executive officer (CEO).
Which of the following countermeasures will render the attack ineffective?
A. Use a complex password according to the company policy.
B. Implement an intrusion-prevention system.
C. Isolate the CEO's computer in a higher security zone.
D. Implement multifactor authentication.: D
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Labsolution. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
