최신CompTIA Cybersecurity Analyst (CySA+) Certification - CS0-002무료샘플문제
A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details:
* Bursts of network utilization occur approximately every seven days.
* The content being transferred appears to be encrypted or obfuscated.
* A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.
* The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.
* Single file sizes are 10GB.
Which of the following describes the most likely cause of the issue?
A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?
A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating dat a. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?
A security analyst performed a targeted system vulnerability scan to obtain critical information. After the output result, the analyst used the OVAL XML language to review and calculate the discovered risk. Which of the following types of scans did the security analyst perform?
Ensuring that all areas of security have the proper controls is a primary reason why organizations use:
A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the most appropriate product category for this purpose?
During a routine security review, anomalous traffic from 9.9.9.9 was observed accessing a web server in the corporate perimeter network. The server is mission critical and must remain accessible around the world to serve web content. The Chief Information Security Officer has directed that improper traffic must be restricted. The following output is from the web server:

Which of the following is the best method to accomplish this task?
An organization has the following policy statements:
* AlI emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized coolant.
* AM network activity will be logged and monitored.
* Confidential data will be tagged and tracked
* Confidential data must never be transmitted in an unencrypted form.
* Confidential data must never be stored on an unencrypted mobile device.
Which of the following is the organization enforcing?
Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one Of the servers may be malware.
INSTRUCTIONS
Servers 1 , 2, and 4 are clickable. Select the Server and the process that host the malware.



An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?
Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment's security posture?
A company is required to monitor for unauthorized changes to baselines on all assets to comply with industry regulations. Two of the remote units did not recover after scans were performed on the assets. An analyst needs to recommend a solution to prevent recurrence. Which of the following is the best way to satisfy the regulatory requirement without impacting the availability to similar assets and creating an unsustainable process?
Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?
To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?
Which of the following activities is designed to handle a control
failure that leads to a breach?