CySA+ (CS0-002) CompTIA Cybersecurity Analyst (CySA+) - 10/17/2022
Exam Prep Answered.
An analyst needs to forensically examine a Windows machine that was compromised by a threat actor.
Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, espec...
CySA+ (CS0 -002) CompTIA Cybersecurity Analyst (CySA+) - 10/17/2022 Exam Prep Answered. An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, whi ch of the following BEST explains alternate data streams? A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources B. A way to store data on an external drive attached to a Windows machine th at is not readily accessible to users C. A windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file D. A Windows attribute that can be used by a ttackers to hide malicious files within system memory "ANSWER" - D. A Windows attribute that can be used by attackers to hide malicious files within system memory An executive assistant wants to onboard a new cloud -based product to help with business analy tics and dashboarding. Which of the following would be the BEST integration option for this service? A. Manually log in to the service and upload data files on a regular basis. B. Have the internal development team script connectivity and file transfers to the new service. C. Create a dedicated SFTP site and schedule transfers to ensure file transport security. D. Utilize the cloud product's API for supported and ongoing integrat ions. "ANSWER" - D. Utilize the cloud product's API for supported and ongoing integrations Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely preven ted this incident? A. SSO B. DLP C. WAF D. VDI "ANSWER" - B. DLP A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing? A. Deidentification B. Encoding C. Encryption D. Watermarking "ANSWER" - A. Deidentification Which of the following are components of the intelligence cycle? (Select TWO). A. Collection B. Normalization C. Response D. Analysis E. Correction F. Dissension "ANSWER" - A. Collection D. Analysis During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect. Which of the following is the BEST place to acquire evidence to perform data carving? A. The system memory B. The hard drive C. Network packets D. The Windows Registry "ANSWER" - A. The system memory A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access? A. Single sign -on B. Mandatory access control C. Multifactor authentication D. Federation E. Privileged access management "ANSWER" - C. Multifactor authenticatio n An organization wants to move non -essential services into a cloud computing Environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to att ain the desired outcome? A. Duplicate all services in another instance and load balance between the instances. B. Establish a hot site with active replication to another region within the same cloud provider C. Set up a warm disaster recovery site with the same cloud provider in a different region. D. Configure the systems with a cold site at another cloud provider that can be used for failover. "ANSWER" - C. Set up a warm disaster recovery site with the same cloud provider in a different region. A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task? A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record. B. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the email server. C. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the domain controller. D. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the web server. " ANSWER" - A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record. A Chief Informat ion Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of t he following would be BEST to implement to alleviate the CISO's concern? A. DLP B. Encryption C. Test data D. NDA " ANSWER" - C. Test data A development team uses open -source software and follows an Agile methodology with two-week sprints. Last month, the s ecurity team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vul nerability on the server. Which of the following should be done to correct the cause of the vulnerability? A. Deploy a WAF in front of the application. B. Implement a software repository management tool. C. Install a HIPS on the server. D. Instruct the dev elopers to use input validation in the code. "ANSWER" - B. Implement a software repository management tool. Which of the following BEST describes the primary role of a risk assessment as it relates to compliance with risk-based frameworks? A. It demonstrat es the organization's mitigation of risks associated with internal threats. B. It serves as the basis for control selection. C. It prescribes technical control requirements D. It is an input to the business impact assessment "ANSWER" - B. It serves as the basis for control selection. A security analyst discovers accounts in sensitive SaaS -based systems are not being removed in a timely manner when an employee leaves the organization. To BEST resolve the issue, the organization should implement: A. federated authentication. B. role -based access control. C. manual account reviews D. multifactor authentication. "ANSWER" - A. federated authentication A security analyst had received information from a third -party intelligence -sharing resource that ind icates employee accounts were breached. Which of the following is the NEXT step the analyst should take to address the issue? A. Audit access permissions for all employees to ensure least privilege B. Force a password reset for the impacted employees and r evoke any tokens. C. Configure SSO to prevent passwords from going outside the local network. D. Set up prevailed access management to ensure auditing is enabled " ANSWER" - B. Force a password reset for the impacted employees and revoke any tokens. Bootloa der malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections? A. Compatibility mode B. Sec ure boot mode C. Native mode D. Fast boot mode " ANSWER" - A. Compatibility mode A small electronics company decides to use a contractor to assist with the development of a new FPGA -based
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller dennys. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.