Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA CyberSecurity Analyst CySA+ Certification Exam

Last Update 8 hours ago Total Questions : 487

The CompTIA CyberSecurity Analyst CySA+ Certification Exam content is now fully updated, with all current exam questions added 8 hours ago. Deciding to include CS0-003 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our CS0-003 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these CS0-003 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any CompTIA CyberSecurity Analyst CySA+ Certification Exam practice test comfortably within the allotted time.

Question # 71

A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The traffic is then routed to a geographic location to which the company has no association. Which of the following best describes this type of threat?

A.

Hacktivist

B.

Zombie

C.

Insider threat

D.

Nation-state actor

Question # 72

An analyst views the following log entries:

The organization has a partner vendor with hosts in the 216.122.5.x range. This partner vendor is required to have access to monthly reports and is the only external vendor with authorized access. The organization prioritizes incident investigation according to the following hierarchy: unauthorized data disclosure is more critical than denial of service attempts.

which are more important than ensuring vendor data access.

Based on the log files and the organization ' s priorities, which of the following hosts warrants additional investigation?

A.

121.19.30.221

B.

134.17.188.5

C.

202.180.1582

D.

216.122.5.5

Question # 73

A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?

A.

Hacklivist

B.

Advanced persistent threat

C.

Insider threat

D.

Script kiddie

Question # 74

During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this information?

A.

Header analysis

B.

Packet capture

C.

SSL inspection

D.

Reverse engineering

Question # 75

Which of the following responsibilities does the legal team have during an incident management event? (Select two).

A.

Coordinate additional or temporary staffing for recovery efforts.

B.

Review and approve new contracts acquired as a result of an event.

C.

Advise the Incident response team on matters related to regulatory reporting.

D.

Ensure all system security devices and procedures are in place.

E.

Conduct computer and network damage assessments for insurance.

F.

Verify that all security personnel have the appropriate clearances.

Question # 76

A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well. Which of the following is the most likely explanation?

A.

C2 beaconing activity

B.

Data exfiltration

C.

Anomalous activity on unexpected ports

D.

Network host IP address scanning

E.

A rogue network device

Question # 77

An auditor is reviewing an evidence log associated with a cybercrime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not properly followed?

A.

Validating data integrity

B.

Preservation

C.

Legal hold

D.

Chain of custody

Question # 78

An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

A.

SOAR

B.

SIEM

C.

SLA

D.

IoC

Question # 79

An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?

A.

File debugging

B.

Traffic analysis

C.

Reverse engineering

D.

Machine isolation

Question # 80

A web vulnerability scanner has identified many instances of poorly written code that allow for path traversal. Which of the following is the best option for rewriting the code?

A.

Sanitize the user-supplied file and directory names in the application input.

B.

Validate or encode the application output.

C.

Scrub SQL commands that were entered by users into text input fields.

D.

Limit the privilege level of the web applications.

Go to page: