PassLeader released the NEWEST CompTIA CySA+ CS0-002 exam dumps recently! Both CS0-002 VCE dumps and CS0-002 PDF dumps are available on PassLeader, either CS0-002 VCE dumps or CS0-002 PDF dumps have the NEWEST CS0-002 exam questions in it, they will help you passing CompTIA CySA+ CS0-002 exam easily! You can download the valid CS0-002 dumps VCE and PDF from PassLeader here: https://www.passleader.com/cs0-002.html (982 Q&As Dumps)
Also, previewing the NEWEST PassLeader CS0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1HwRGGVuTkbp0pHbqwvkeue2EVToD2YzJ
NEW QUESTION 876
As part of the senior leadership team’s ongoing risk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones. The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data. Which of the following would be appropriate for the security analyst to coordinate?
A.   A black-box penetration testing engagement.
B.   A tabletop exercise.
C.   Threat modeling.
D.   A business impact analysis.
Answer: D
NEW QUESTION 877
An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production. Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity. Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?
A.   Perform password-cracking attempts on all devices going into production.
B.   Perform an Nmap scan on all devices before they are released to production.
C.   Perform antivirus scans on all devices before they are approved for production.
D.   Perform automated security controls testing of expected configurations prior to production.
Answer: D
NEW QUESTION 878
The incident response team is working with a third-party forensic specialist to investigate the root cause of a recent intrusion. An analyst was asked to submit sensitive network design details for review. The forensic specialist recommended electronic delivery for efficiency but email was not an approved communication channel to send network details. Which of the following BEST explains the importance of using a secure method of communication during incident response?
A.   To prevent adversaries from intercepting response and recovery details.
B.   To ensure intellectual property remains on company servers.
C.   To have a backup plan in case email access is disabled.
D.   To ensure the management team has access to all the details that are being exchanged.
Answer: B
NEW QUESTION 879
During the threat modeling process for a new application that a company is launching, a security analyst needs to define methods and items to take into consideration. Which of the following are part of a known threat modeling method?
A.   Threat profile, infrastructure and application vulnerabilities, security strategy and plans.
B.   Purpose, objective, scope, (earn management, cost, roles and responsibilities.
C.   Spoofing tampering, repudiation, information disclosure, denial of service elevation of privilege.
D.   Human impact, adversary’s motivation, adversary’s resources, adversary’s methods.
Answer: C
NEW QUESTION 880
A Chief Information Security Officer has asked for a list of hosts that have critical and high-seventy findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?
A.   Nessus
B.   Nikto
C.   Fuzzer
D.   Wireshark
E.   Prowler
Answer: A
NEW QUESTION 881
An organization wants to implement a privileged access management solution to better manage the use to emergency and privileged service accounts. Which of the following would BEST satisfy the organization’s goal?
A.   Access control lists.
B.   Discretionary access controls.
C.   Policy-based access controls.
D.   Credential vaulting.
Answer: C
NEW QUESTION 882
A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Prior to the deployment, the analyst should conduct ____.
A.   a tabletop exercise
B.   a business impact analysis
C.   a PCI assessment
D.   an application stress test
Answer: B
NEW QUESTION 883
Which of the following APT adversary archetypes represent non-nation-state threat actors? (Choose two.)
A.   Kitten
B.   Panda
C.   Tiger
D.   Jackal
E.   Bear
F.   Spider
Answer: CD
NEW QUESTION 884
An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the following should the analyst do FIRST?
A.   Perform threat hunting in other areas of the cloud infrastructure.
B.   Contact law enforcement to report the incident.
C.   Perform a root cause analysis on the container and the service logs.
D.   Isolate the container from production using a predefined policy template.
Answer: A
NEW QUESTION 885
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?
A.   Set the web page to redirect to an application support page when a bad password is entered.
B.   Disable error messaging for authentication.
C.   Recognize that error messaging does not provide confirmation of the correct element of authentication.
D.   Avoid using password-based authentication for the application.
Answer: B
NEW QUESTION 886
Which of the following is a difference between SOAR and SCAP?
A.   SOAR can be executed taster and with fewer false positives than SCAP because of advanced heuristics.
B.   SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope.
C.   SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does.
D.   SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts.
Answer: D
NEW QUESTION 887
An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package. The analyst has baselined the device. Which of the following should the analyst do to BEST mitigate future attacks?
A.   Implement MDM.
B.   Update the maiware catalog.
C.   Patch the mobile device’s OS.
D.   Block third-party applications.
Answer: A
NEW QUESTION 888
Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?
A.   Security regression testing.
B.   Code review.
C.   User acceptance testing.
D.   Stress testing.
Answer: D
NEW QUESTION 889
An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use. Which of the following is the BEST option?
A.   Require all remote employees to sign an NDA.
B.   Enforce geofencing to limit data accessibility.
C.   Require users to change their passwords more frequently.
D.   Update the AUP to restrict data sharing.
Answer: A
NEW QUESTION 890
A company wants to configure the environment to allow passive network monitoring. To avoid disrupting the sensitive network, which of the following must be supported by the scanner’s NIC to assist with the company’s request?
A.   Port bridging.
B.   Tunnel all mode.
C.   Full-duplex mode.
D.   Port mirroring.
E.   Promiscuous mode.
Answer: D
NEW QUESTION 891
Due to a rise in cyber attackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers’ data is protected by the organization internally and externally. Which of the following countermeasures can BEST prevent the loss of customers’ sensitive data?
A.   Implement privileged access management.
B.   Implement a risk management process.
C.   Implement multifactor authentication.
D.   Add more security resources to the environment.
Answer: A
NEW QUESTION 892
A company’s security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported and patches are no longer available. The company is not prepared to cease its use of these workstations. Which of the following would be the BEST method to protect these workstations from threats?
A.   Deploy whitelisting to the identified workstations to limit the attack surface.
B.   Determine the system process centrality and document it.
C.   Isolate the workstations and air gap them when it is feasible.
D.   Increase security monitoring on the workstations.
Answer: C
NEW QUESTION 893
During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?
A.   Share details of the security incident with the organization’s human resources management team.
B.   Note the security incident so other analysts are aware the traffic is malicious.
C.   Communicate the security incident to the threat team for further review and analysis.
D.   Report the security incident to a manager for inclusion in the daily report.
Answer: C
NEW QUESTION 894
A company offers a hardware security appliance to customers that provides remote administration of a device on the customer’s network. Customers are not authorized to alter the configuration. The company deployed a software process to manage unauthorized changes to the appliance log them, and forward them to a central repository for evaluation. Which of the following processes is the company using to ensure the appliance is not altered from its original configured state?
A.   CI/CD.
B.   Software assurance.
C.   Anti-tamper.
D.   Change management.
Answer: D
NEW QUESTION 895
An analyst determines a security incident has occurred. Which of the following is the most appropriate NEXT step in an incident response plan?
A.   Consult the malware analysis process.
B.   Consult the disaster recovery plan.
C.   Consult the data classification process.
D.   Consult the communications plan.
Answer: D
NEW QUESTION 896
A security analyst needs to determine the best method for securing access to a top-secret datacenter. Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter’s security?
A.   Physical key.
B.   Retinal scan.
C.   Passphrase.
D.   Fingerprint.
Answer: D
NEW QUESTION 897
Which of the following is a reason to use a risk-based cyber security framework?
A.   A risk-based approach always requires quantifying each cyber risk faced by an organization.
B.   A risk-based approach better allocates an organization’s resources against cyberthreats and vulnerabilities.
C.   A risk-based approach is driven by regulatory compliance and es required for most organizations.
D.   A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes.
Answer: B
NEW QUESTION 898
Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets?
A.   Remote code execution.
B.   Buffer overflow.
C.   Unauthenticated commands.
D.   Certificate spoofing.
Answer: C
NEW QUESTION 899
A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations. Which of the following steps in the intelligence cycle is the security analyst performing?
A.   Analysis and production.
B.   Processing and exploitation.
C.   Dissemination and evaluation.
D.   Data collection.
E.   Planning and direction.
Answer: B
NEW QUESTION 900
A company uses an FTP server to support its critical business functions. The FTP server is configured as follows:
– The FTP service is running with the data directory configured in /opt/ftp/data.
– The FTP server hosts employees’ home directories in /home.
– Employees may store sensitive information in their home directories.
An log revealed that an FTP director/ traversal attack resulted in sensitive data loss. Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?
A.   Implement file-level encryption of sensitive files.
B.   Reconfigure the FTP server to support FTPS.
C.   Run the FTP server n a chroot environment.
D.   Upgrade the FTP server to the latest version.
Answer: C
NEW QUESTION 901
A vulnerability assessment solution is hosted in the cloud. This solution will be used as an accurate inventory data source for both the configuration management database and the governance risk and compliance tool. An analyst has been asked to automate the data acquisition. Which of the following would be the BEST way to acquire the data?
A.   CSV export.
B.   SOAR.
C.   API.
D.   Machine learning.
Answer: B
NEW QUESTION 902
A new variant of malware is spreading on the company network using TCP 443 to contact its command-and-control server. The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance. Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?
A.   Implement a sinkhole with a high entropy level.
B.   Disable TCP/53 at the perimeter firewall.
C.   Block TCP/443 at the edge router.
D.   Configure the DNS forwarders to use recursion.
Answer: D
NEW QUESTION 903
Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?
A.   Logging and monitoring are not needed in a public cloud environment.
B.   Logging and monitoring are done by the data owners.
C.   Logging and monitoring duties are specified in the SLA and contract.
D.   Logging and monitoring are done by the service provider.
Answer: C
NEW QUESTION 904
At which of the following phases of the SDLC should security FIRST be involved?
A.   Design
B.   Maintenance
C.   Implementation
D.   Analysis
E.   Planning
F.   Testing
Answer: A
NEW QUESTION 905
A company frequently experiences issues with credential stuffing attacks. Which of the following is the BEST control to help prevent these attacks from being successful?
A.   SIEM
B.   IDS
C.   MFA
D.   TLS
Answer: C
NEW QUESTION 906
……
Welcome to choose PassLeader CS0-002 dumps for 100% passing CompTIA CySA+ CS0-002 exam: https://www.passleader.com/cs0-002.html (982 Q&As VCE Dumps and PDF Dumps)
Also, previewing the NEWEST PassLeader CS0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1HwRGGVuTkbp0pHbqwvkeue2EVToD2YzJ