Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA CyberSecurity Analyst CySA+ Certification Exam

Last Update 8 hours ago Total Questions : 487

The CompTIA CyberSecurity Analyst CySA+ Certification Exam content is now fully updated, with all current exam questions added 8 hours ago. Deciding to include CS0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CS0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CS0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA CyberSecurity Analyst CySA+ Certification Exam practice test comfortably within the allotted time.

Question # 91

After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASB to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?

A.

SIEM ingestion logs are reduced by 20%.

B.

Phishing alerts drop by 20%.

C.

False positive rates drop to 20%.

D.

The MTTR decreases by 20%.

Question # 92

The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company:

Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email?

A.

Vulnerability A

B.

Vulnerability B

C.

Vulnerability C

D.

Vulnerability D

Question # 93

A security analyst reviews the following Arachni scan results for a web application that stores PII data:

Which of the following should be remediated first?

A.

SQL injection

B.

RFI

C.

XSS

D.

Code injection

Question # 94

Which of the following is the first step that should be performed when establishing a disaster recovery plan?

A.

Agree on the goals and objectives of the plan

B.

Determine the site to be used during a disasterC Demonstrate adherence to a standard disaster recovery process

C.

Identity applications to be run during a disaster

Question # 95

A security analyst is identifying vulnerabilities in laptops. Users often take their laptops out of the office while traveling, and the vulnerability scan metrics are inaccurate. Which of the following changes should the analyst propose to reduce the MTTD to fewer than four days?

A.

Deploy agents to all endpoints to scan daily for vulnerabilities.

B.

Configure the network vulnerability scan job to use credentials.

C.

Change the vulnerability scanner configuration to perform network scans more than once per day.

D.

Increase the scan maximum running time to four days to wait for missing endpoints.

Question # 96

A security analyst receives an alert for suspicious activity on a company laptop An excerpt of the log is shown below:

Which of the following has most likely occurred?

A.

An Office document with a malicious macro was opened.

B.

A credential-stealing website was visited.

C.

A phishing link in an email was clicked

D.

A web browser vulnerability was exploited.

Question # 97

Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?

A.

TO provide metrics and test continuity controls

B.

To verify the roles of the incident response team

C.

To provide recommendations for handling vulnerabilities

D.

To perform tests against implemented security controls

Question # 98

An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?

A.

Perform a tabletop drill based on previously identified incident scenarios.

B.

Simulate an incident by shutting down power to the primary data center.

C.

Migrate active workloads from the primary data center to the secondary location.

D.

Compare the current plan to lessons learned from previous incidents.

Question # 99

Which of the following should be configured in a WAF to mitigate an RCE attack?

A.

Rate control in deny mode

B.

Rule to detect and block OS commands

C.

Parameterized queries

D.

Stored procedure in the database

Question # 100

A company discovers that its proprietary information is being sold on the dark web. A security analyst uses threat hunting to search for signs of compromise. After running a network packet capture tool, the analyst identifies millions of packets similar to the following:

Internet Protocol Version 4, src: 192.168.1.2, dst: 104.21.75.76

Internet Control Message Protocol

Type: 8 Echo request

Code: 0

Checksum: 0x34db [correct]

Sequence number: 3362

No response seen

Data: 64 bytes

Data payload: 0e1b586f3568s51578a2054af4459865b34857a05924b45824...

The analyst does not detect or identify any other abnormalities. Which of the following is most likely the malicious activity in this scenario?

A.

An insider is using an IP command-and-control channel to sell proprietary information.

B.

A threat actor is performing exfiltration over an alternative protocol.

C.

A machine was infected with a virus that is trying to propagate.

D.

A hacktivist is conducting an ICMP DDoS attack against the company.

Go to page: