New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CompTIA CompTIA CySA+ CS0-002 New Questions

Page: 11 / 27
Question 44

When investigating a compromised system, a security analyst finds the following script in the /tmp directory:

Which of the following attacks is this script attempting, and how can it be mitigated?

Options:

A.

This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.

B.

This is a password-spraying attack, and it can be mitigated by using multifactor authentication.

C.

This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.

D.

This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.

Question 45

A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 46

A technician working at company.com received the following email:

After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

Options:

A.

Forwarding of corporate email should be disallowed by the company.

B.

A VPN should be used to allow technicians to troubleshoot computer issues securely.

C.

An email banner should be implemented to identify emails coming from external sources.

D.

A rule should be placed on the DLP to flag employee IDs and serial numbers.

Question 47

During an investigation, an analyst discovers the following rule in an executive's email client:

The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to .

B.

Use the SIEM to correlate logging events from the email server and the domain server.

C.

Remove the rule from the email client and change the password.

D.

Recommend that the management team implement SPF and DKIM.

Page: 11 / 27
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 22, 2024
Questions: 372
CS0-002 pdf

CS0-002 PDF

$25.5  $84.99
CS0-002 Engine

CS0-002 Testing Engine

$28.5  $94.99
CS0-002 PDF + Engine

CS0-002 PDF + Testing Engine

$40.5  $134.99