CySA+ (CS0-002) CompTIA Cybersecurity Analyst (CySA+) - 10/17/2022
Exam Prep Answered.
An analyst needs to forensically examine a Windows machine that was compromised by a threat actor.
Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, espec...
an analyst needs to forensically examine a windows machine that was compromised by a threat actor intelligence reports state this specific
Geschreven voor
Western Governors University
CompTIA Cybersecurity Analyst (CYSA)
Alle documenten voor dit vak (6)
1
beoordeling
Door: dawoleke2021 • 8 maanden geleden
Verkoper
Volgen
dennys
Ontvangen beoordelingen
Voorbeeld van de inhoud
CySA+ (CS0 -002) CompTIA Cybersecurity Analyst (CySA+) - 10/17/2022 Exam Prep Answered. An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, whi ch of the following BEST explains alternate data streams? A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources B. A way to store data on an external drive attached to a Windows machine th at is not readily accessible to users C. A windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file D. A Windows attribute that can be used by a ttackers to hide malicious files within system memory "ANSWER" - D. A Windows attribute that can be used by attackers to hide malicious files within system memory An executive assistant wants to onboard a new cloud -based product to help with business analy tics and dashboarding. Which of the following would be the BEST integration option for this service? A. Manually log in to the service and upload data files on a regular basis. B. Have the internal development team script connectivity and file transfers to the new service. C. Create a dedicated SFTP site and schedule transfers to ensure file transport security. D. Utilize the cloud product's API for supported and ongoing integrat ions. "ANSWER" - D. Utilize the cloud product's API for supported and ongoing integrations Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely preven ted this incident? A. SSO B. DLP C. WAF D. VDI "ANSWER" - B. DLP A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing? A. Deidentification B. Encoding C. Encryption D. Watermarking "ANSWER" - A. Deidentification Which of the following are components of the intelligence cycle? (Select TWO). A. Collection B. Normalization C. Response D. Analysis E. Correction F. Dissension "ANSWER" - A. Collection D. Analysis During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect. Which of the following is the BEST place to acquire evidence to perform data carving? A. The system memory B. The hard drive C. Network packets D. The Windows Registry "ANSWER" - A. The system memory A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access? A. Single sign -on B. Mandatory access control C. Multifactor authentication D. Federation E. Privileged access management "ANSWER" - C. Multifactor authenticatio n An organization wants to move non -essential services into a cloud computing Environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to att ain the desired outcome? A. Duplicate all services in another instance and load balance between the instances. B. Establish a hot site with active replication to another region within the same cloud provider C. Set up a warm disaster recovery site with the same cloud provider in a different region. D. Configure the systems with a cold site at another cloud provider that can be used for failover. "ANSWER" - C. Set up a warm disaster recovery site with the same cloud provider in a different region. A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task? A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record. B. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the email server. C. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the domain controller. D. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the web server. " ANSWER" - A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record. A Chief Informat ion Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of t he following would be BEST to implement to alleviate the CISO's concern? A. DLP B. Encryption C. Test data D. NDA " ANSWER" - C. Test data A development team uses open -source software and follows an Agile methodology with two-week sprints. Last month, the s ecurity team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vul nerability on the server. Which of the following should be done to correct the cause of the vulnerability? A. Deploy a WAF in front of the application. B. Implement a software repository management tool. C. Install a HIPS on the server. D. Instruct the dev elopers to use input validation in the code. "ANSWER" - B. Implement a software repository management tool. Which of the following BEST describes the primary role of a risk assessment as it relates to compliance with risk-based frameworks? A. It demonstrat es the organization's mitigation of risks associated with internal threats. B. It serves as the basis for control selection. C. It prescribes technical control requirements D. It is an input to the business impact assessment "ANSWER" - B. It serves as the basis for control selection. A security analyst discovers accounts in sensitive SaaS -based systems are not being removed in a timely manner when an employee leaves the organization. To BEST resolve the issue, the organization should implement: A. federated authentication. B. role -based access control. C. manual account reviews D. multifactor authentication. "ANSWER" - A. federated authentication A security analyst had received information from a third -party intelligence -sharing resource that ind icates employee accounts were breached. Which of the following is the NEXT step the analyst should take to address the issue? A. Audit access permissions for all employees to ensure least privilege B. Force a password reset for the impacted employees and r evoke any tokens. C. Configure SSO to prevent passwords from going outside the local network. D. Set up prevailed access management to ensure auditing is enabled " ANSWER" - B. Force a password reset for the impacted employees and revoke any tokens. Bootloa der malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections? A. Compatibility mode B. Sec ure boot mode C. Native mode D. Fast boot mode " ANSWER" - A. Compatibility mode A small electronics company decides to use a contractor to assist with the development of a new FPGA -based
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper dennys. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €14,12. Je zit daarna nergens aan vast.
