Scribd Logo
Upload

Welcome to Scribd!

  • 395 views

    Comptia: Comptia Cysa+ Certification Exam (Cs0-002)

    Uploaded by

    DumpsLeader

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Comptia: Comptia Cysa+ Certification Exam (Cs0-002)

    Uploaded by

    DumpsLeader
    395 views8 pages

    Original Title

    CompTIA-CS0-002

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    395 views8 pages

    Comptia: Comptia Cysa+ Certification Exam (Cs0-002)

    Uploaded by

    DumpsLeader

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    CompTIA

    CS0-002

    CompTIA CySA+
    Certification Exam
    (CS0-002)
    Version: Demo

    [ Total Questions: 10]


    Web: www.dumpsleader.com

    Email: [email protected]
    IMPORTANT NOTICE
    Feedback
    We have developed quality product and state-of-art service to ensure our customers interest. If you have any
    suggestions, please feel free to contact us at [email protected]

    Support
    If you have any questions about our product, please provide the following items:

    exam code
    screenshot of the question
    login id/email

    please contact us at [email protected] and our technical experts will provide support within 24 hours.

    Copyright
    The product of each order has its own encryption code, so you should use it independently. Any unauthorized
    changes will inflict legal punishment. We reserve the right of final explanation for this statement.
    Valid Questions and Answers CompTIA - CS0-002

    Question #:1

    An organization wants to move non-essential services into a cloud computing environment. Management has a
    cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud
    recovery strategies would work BEST to attain the desired outcome?

    A. Duplicate all services in another instance and load balance between the instances.

    B. Establish a hot site with active replication to another region within the same cloud provider.

    C. Set up a warm disaster recovery site with the same cloud provider in a different region

    D. Configure the systems with a cold site at another cloud provider that can be used for failover.

    Answer: C

    Question #:2

    A security analyst is reviewing the following web server log:

    Which of the following BEST describes the issue?

    A. Directory traversal exploit

    B. Cross-site scripting

    C. SQL injection

    D. Cross-site request forgery

    Answer: A

    Question #:3

    It is important to parameterize queries to prevent:

    A. the execution of unauthorized actions against a database.

    B. a memory overflow that executes code with elevated privileges.

    C. the esrtablishment of a web shell that would allow unauthorized access.

    D. the queries from using an outdated library with security vulnerabilities.

    Answer: A

    100% Valid Questions - Guaranteed Success 1 of 5


    Valid Questions and Answers CompTIA - CS0-002

    Question #:4

    Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the
    BEST solution to improve the equipment's security posture?

    A. Move the legacy systems behind a WAF

    B. Implement an air gap for the legacy systems.

    C. Implement a VPN between the legacy systems and the local network.

    D. Place the legacy systems in the DMZ

    Answer: A

    Question #:5

    A security analyst is investigating an incident that appears to have started with SOL injection against a
    publicly available web application. Which of the following is the FIRST step the analyst should take to
    prevent future attacks?

    A. Modify the IDS rules to have a signature for SQL injection.

    B. Take the server offline to prevent continued SQL injection attacks.

    C. Create a WAF rule In block mode for SQL injection

    D. Ask the developers to implement parameterized SQL queries.

    Answer: A

    Question #:6

    A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The
    company collects full packet captures at the Internet gateway and retains them for one week. Which of the
    following will enable the analyst to obtain the BEST results?

    A. grep -a <suspicious ip> internet.pcap

    B. tcpdump-n-rinternet.pcaphost<suspicious ip>

    C. strings internet.pcap | grep <suspicious ip>

    D. npcapd internet.pcap | grep <suspicious ip>

    Answer: B

    100% Valid Questions - Guaranteed Success 2 of 5


    Valid Questions and Answers CompTIA - CS0-002

    Question #:7

    A security analyst is reviewing the network security monitoring logs listed below:

    Which of the following is the analyst MOST likely observing? (Select TWO).

    A. 10.1.1.128 sent malicious requests, and the alert is a false positive.

    B. 10.1.1.129 sent potential malicious requests to the web server.

    C. 10.1.1.129 sent non-malicious requests, and the alert is a false positive.

    D. 10.1.1.128 sent potential malicious traffic to the web server.

    E. 10.1.1 .129 successfully exploited a vulnerability on the web server.

    100% Valid Questions - Guaranteed Success 3 of 5


    Valid Questions and Answers CompTIA - CS0-002

    Answer: A E

    Question #:8

    Which of the following sources would a security analyst rely on to provide relevant and timely threat
    information concerning the financial services industry?

    A. Information sharing and analysis membership

    B. Open-source intelligence, such as social media and blogs

    C. Real-time and automated firewall rules subscriptions

    D. Common vulnerability and exposure bulletins

    Answer: C

    Question #:9

    A contained section of a building is unable to connect to the Internet A security analyst. A security analyst
    investigates me issue but does not see any connections to the corporate web proxy However the analyst does
    notice a small spike in traffic to the Internet. The help desk technician verifies all users are connected to the
    connect SSID. but there are two of the same SSIDs listed in the network connections. Which of the following
    BEST describes what is occurring?

    A. Bandwidth consumption

    B. Denial of service

    C. Beaconing

    D. Rogue device on the network

    Answer: A

    Question #:10

    Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing
    network packet captures from the company's API server. A portion of a capture file is shown below:

    POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/


    "><s:Body><GetIPLocation+xmlns="http://tempuri.org/">

    <request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance
    "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22

    POST /services/v1_0/Public/Members.svc/soap
    <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/>

    100% Valid Questions - Guaranteed Success 4 of 5


    Valid Questions and Answers CompTIA - CS0-002

    <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>[email protected]</a:Us
    192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89

    POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="


    http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
    <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body></s:Enve
    192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22

    POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="


    http://schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http://tempuri.org/">
    <request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="
    http://www.w3.org/2001/XMLSchema-instance"><a:Authentication>
    <a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0</a:Imp
    <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authenticatio
    192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89

    Which of the following MOST likely explains how the clients' accounts were compromised?

    A. The clients' authentication tokens were impersonated and replayed.

    B. The clients' usernames and passwords were transmitted in cleartext.

    C. An XSS scripting attack was carried out on the server.

    D. A SQL injection attack was carried out on the server.

    Answer: B

    100% Valid Questions - Guaranteed Success 5 of 5


    About dumpsleader.com
    dumpsleader.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
    Questions, Study Guides, Practice Tests.

    We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
    Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

    View list of all certification exams: All vendors

    We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
    below.

    Sales: [email protected]
    Feedback: [email protected]
    Support: [email protected]

    Any problems about IT certification or our products, You can write us back and we will get back to you within 24
    hours.

    You might also like