New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CompTIA CySA+ CS0-002 Exam Dumps

Page: 4 / 27
Question 16

Which of the following is a difference between SOAR and SCAP?

Options:

A.

SOAR can be executed taster and with fewer false positives than SCAP because of advanced heunstics

B.

SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope

C.

SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does

D.

SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts

Question 17

A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

Which of the following BEST describes what the analyst Just found?

Options:

A.

Users 4 and 5 are using their credentials to transfer files to multiple servers.

B.

Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

C.

An unauthorized user is using login credentials in a script.

D.

A bot is running a brute-force attack in an attempt to log in to the domain.

Question 18

During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following:

• The development team used a new software language that was not supported by the security team's automated assessment tools.

• During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected.

• The current IPS did not have effective signatures and policies in place to detect and prevent runtime attacks on the new application.

To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

Options:

A.

Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed

B.

Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically

C.

Contact the human resources department to hire new security team members who are already familiar with the new language

D.

Run the software on isolated systems so when they are compromised, the attacker cannot pivot to adjacent systems

E.

Instruct only the development team to document the remediation steps for this vulnerability

F.

Outsource development and hosting of the applications in the new language to a third-party vendor so the risk is transferred to that provider

Question 19

A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to achieve this goal?

Options:

A.

Focus on incidents that have a high chance of reputation harm.

B.

Focus on common attack vectors first.

C.

Focus on incidents that affect critical systems.

D.

Focus on incidents that may require law enforcement support.

Page: 4 / 27
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 22, 2024
Questions: 372
CS0-002 pdf

CS0-002 PDF

$25.5  $84.99
CS0-002 Engine

CS0-002 Testing Engine

$28.5  $94.99
CS0-002 PDF + Engine

CS0-002 PDF + Testing Engine

$40.5  $134.99