CompTIA CySA+ CS0-002 Practice Questions With Correct Answers

A cybersecurity analyst receives a phone call from an unknown person with the number blocked on the caller ID. After starting conversation, the caller begins to request sensitive information. Which of the following techniques is being applied? A. Social engineering B. Phishing C. Impersonation D. War dialing - Answer A Which of the following is the main benefit of sharing incident details with partner organizations or external trusted parties during the incident response process? A. It facilitates releasing incident results, findings and resolution to the media and all appropriate government agencies B. It shortens the incident life cycle by allowing others to document incident details and prepare reports. C. It enhances the response process, as others may be able to recognize the observed behavior and provide valuable insight. D. It allows the security analyst to defer incident-handling activities until all parties agree on how to proceed with analysis. - Answer C The security analyst determined that an email containing a malicious attachment was sent to several employees within the company, and it was not stopped by any of the email filtering devices. An incident was declared. During the investigation, it was determined that most users deleted the email, but one specific user executed the attachment. Based on the details gathered, which of the following actions should the security analyst perform NEXT? A. Obtain a copy of the email with the malicious attachment. Execute the file on another user's machine and observe the behavior. Document all findings. B. Acquire a full backup of the affected machine. Reimage the machine and then restore from the full backup. C. Take the affected machine off the network. Review local event logs looking for activity and processes related to unknown or unauthorized software. D. Take possession of the machine. Apply the latest OS updates and firmware. Discuss the problem with the user and return the machine. - Answer C Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation? A. strings B. sha1sum C. file D. dd E. gzip - Answer B Given the following logs: Aug 18 11:00:57 comptia sshd[5657]: Failed password for root from 10.10.10.192 port 38980 ssh2 Aug 18 23:08:26 comptia sshd[5768]: Failed password for root from 18.70.0.160 port 38156 ssh2 Aug 18 23:08:30 comptia sshd[5770]: Failed password for admin from 18.70.0.160 port 38556 ssh2 Aug 18 23:08:34 comptia sshd[5772]: Failed password for invalid user asterisk from 18.70.0.160 port 38864 ssh2 Aug 18 23:08:38 comptia sshd[5774]: Failed password for invalid user sjobeck from 10.10.1.16 port 39157 ssh2 Aug 18 23:08:42 comptia sshd[5776]: Failed password for root from 18.70.0.160 port 39467 ssh2 Which of the following can be suspected? A. An unauthorized user is trying to gain access from 10.10.10.192. B. An authorized user is trying to gain access from 10.10.10.192. C. An authorized user is trying to gain access from 18.70.0.160. D. An unauthorized user is trying to gain access from 18.70.0.160. - Answer D A security analyst has been asked to review permissions on accounts within Active Directory to determine if they are appropriate to the user's role. During this process, the analyst notices that a user from building maintenance is part of the Domain Admin group. Which of the following does this indicate? A. Cross-site scripting B. Session hijack C. Privilege escalation D. Rootkit - Answer C In the last six months, a company is seeing an increase in credential-harvesting attacks. The latest victim was the chief executive officer (CEO). Which of the following countermeasures will render the attack ineffective? A. Use a complex password according to the company policy. B. Implement an intrusion-prevention system. C. Isolate the CEO's computer in a higher security zone. D. Implement multifactor authentication. - Answer D After a security breach, it was discovered that the attacker had gained access to the network by using a brute-force attack against a service account with a password that was set to not expire, even though the account had a long, complex password. Which of the following could be used to prevent similar attacks from being successful in the future? A. Complex password policies B. Account lockout C. Self-service password reset portal D. Scheduled vulnerability scans - Answer B A security analyst wants to capture data flowing in and out of a network. Which of the following would MOST likely assist in achieving this goal? A. Taking a screenshot. B. Analyzing network traffic and logs. C. Analyzing big data metadata. D. Capturing system image. - Answer B There are reports that hackers are using home thermostats to ping a national service provider without the provider's knowledge. Which of the following attacks is occurring from these devices? A. IoT B. DDoS C. MITM D. MIMO - Answer B Which of the following is the purpose of a SIEM solution? A. To provide real-time security analysis and alerts generated within the security system. B. To provide occasional updates on global security breaches C. To act as an attack vector D. To act as an intrusion prevention system - Answer A An actor with little to no knowledge of the tools they use to carry out an attack is known as which of the following? A. White hat B. Black hat C. Attack vector D. Script kiddie - Answer D Which one of the following does NOT accurately portray the attributes of an Advanced Persistent Threat (APT) attack? A. They often exploit unknown vulnerabilities B. They typically use freely available attacking tools to cut down on costs. C. They target large or government organization D. They use sophisticated means to gain access to highly valued resources - Answer B Which of the following are the Security intelligence data elements that assure quality of the data? (Choose three) A. Accuracy B. Proprietary C. Relevance D. Timeliness - Answer ACD The process of combing through collected data to gather relevant and accurate intelligence data is referred to as _____ according to the intelligence cycle. A. Collection B. Dissemination C. Feedback D. Analysis - Answer D Which of the following ports would you close if your sever does not host any DNS services? A. 22 B. 53 C. 443 D. 80 - Answer B The Security team advises that there's a server running a legacy software supported by some of the applications within the organization. Upon review, management realizes the potential loss from the risk isn't great enough to warrant spending money to avoid it. This form of response is known as which of the following? A. Compensation Control B. Risk acceptance C. Risk avoidance D. Remediation - Answer B A critical vulnerability is between which range on CVSS? A. 4.0-7.0 B. 3.9-5.0 C. 0.0-10.0 D. 9.0-10.0 - Answer D An attacker collects information about a target from sources such as LinkedIn, Twitter, and the target's website. This form of reconnaissance is known as which of the following? A. Active reconnaissance B. Passive reconnaissance C. Native reconnaissance D. None of the above options - Answer B When defining a scope to scan, which of the following should you use? (Choose two) A. An IP range B. A gateway C. A single IP D. A subnet mask only - Answer AC Which of the following is NOT a factor that can inhibit remediation? A. Legacy Systems B. SLA C. MOU D. Employment Contract - Answer D