Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA CyberSecurity Analyst CySA+ Certification Exam

Last Update 8 hours ago Total Questions : 487

The CompTIA CyberSecurity Analyst CySA+ Certification Exam content is now fully updated, with all current exam questions added 8 hours ago. Deciding to include CS0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CS0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CS0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA CyberSecurity Analyst CySA+ Certification Exam practice test comfortably within the allotted time.

Question # 101

After completing a review of network activity. the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily

at 10:00 p.m. Which of the following is potentially occurring?

A.

Irregular peer-to-peer communication

B.

Rogue device on the network

C.

Abnormal OS process behavior

D.

Data exfiltration

Question # 102

During a security incident, security tools quarantine a device and create a disk image. During the analysis, the image is corrupted. Which of the following best describes how the analyst should proceed with the investigation?

A.

Remediate the corruption that just occurred.

B.

Repair with bootable media.

C.

Rebuild the device’s OS.

D.

Restore from an archived copy.

Question # 103

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?

A.

Exploitation

B.

Reconnaissance

C.

Command and control

D.

Actions on objectives

Question # 104

A security analyst reviews a packet capture and identifies the following output as anomalous:

13:49:57.553161 TP10.203.10.17.45701 > 10.203.10.22.12930:Flags[FPU],seq108331482,win1024,urg0,length0

13:49:57.553162 IP10.203.10.17.45701 > 10.203.10.22.48968:Flags[FPU],seq108331482,win1024,urg0,length0

...

Which of the following activities explains the output?

A.

Nmap Xmas scan

B.

Nikto ' s web scan

C.

Socat ' s proxying traffic using the urgent flag

D.

Angry IP Scanner output

Question # 105

Which of the following is the most likely reason for an organization to assign different internal departmental groups during the post-incident analysis and improvement process?

A.

To expose flaws in the incident management process related to specific work areas

B.

To ensure all staff members get exposure to the review process and can provide feedback

C.

To verify that the organization playbook was properly followed throughout the incident

D.

To allow cross-training for staff who are not involved in the incident response process

Question # 106

A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?

A.

Potential precursor to an attack

B.

Unauthorized peer-to-peer communication

C.

Rogue device on the network

D.

System updates

Question # 107

During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?

A.

Shut down the server.

B.

Reimage the server

C.

Quarantine the server

D.

Update the OS to latest version.

Question # 108

A threat hunter seeks to identify new persistence mechanisms installed in an organization ' s environment. In collecting scheduled tasks from all enterprise workstations, the following host details are aggregated:

Which of the following actions should the hunter perform first based on the details above?

A.

Acquire a copy of taskhw.exe from the impacted host

B.

Scan the enterprise to identify other systems with taskhw.exe present

C.

Perform a public search for malware reports on taskhw.exe.

D.

Change the account that runs the -caskhw. exe scheduled task

Question # 109

A security administrator has found indications of dictionary attacks against the company ' s external-facing portal. Which of the following should be implemented to best mitigate the password attacks?

A.

Multifactor authentication

B.

Password complexity

C.

Web application firewall

D.

Lockout policy

Question # 110

A SOC manager receives a phone call from an upset customer. The customer received a vulnerability report two hours ago: but the report did not have a follow-up remediation response from an analyst. Which of the following documents should the SOC manager review to ensure the team is meeting the appropriate contractual obligations for the customer?

A.

SLA

B.

MOU

C.

NDA

D.

Limitation of liability

Go to page: