Free CompTIA Cybersecurity Analyst (CySA+) Exam CS0-002 Exam Practice Test

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

• System timeline reconstruction
• System registry extraction
• Data carving
• Volatile memory analysts

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

• Resetting the phone to factory settings
• Rebooting the phone and installing the latest security updates
• Documenting the respective chain of custody
• Uninstalling any potentially unwanted programs
• Performing a memory dump of the mobile device for analysis
• Unlocking the device by browsing the eFuse

A security analyst performed a targeted system vulnerability scan to obtain critical information. After the output result, the analyst used the OVAL XML language to review and calculate the discovered risk. Which of the following types of scans did the security analyst perform?

• Active
• Network map
• Passive
• External

A computer hardware manufacturer developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades?

• Encryption
• eFuse
• Secure Enclave
• Trusted execution

A security analyst is designing firewall rules to prevent external IP spoofing Which of the following explains the firewall rule for mitigation?

• Packets with external source IP addresses do not enter the network from either direction.
• Packets with internal source IP addresses do not enter the network from the outside.
• Packets with internal source IP addresses do not exit the network from the inside.
• Packets with public IP addresses do not pass through the router in either direction.

Which of following allows Secure Boot to be enabled?

• eFuse
• UEFI
• MSM
• PAM

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned?

• The human resources department
• Customers
• Company leadership
• The legal team

A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to achieve this goal?

• Focus on incidents that have a high chance of reputation harm.
• Focus on common attack vectors first.
• Focus on incidents that affect critical systems.
• Focus on incidents that may require law enforcement support.

An analyst receives an alert from the continuous-monitoring solution about unauthorized changes to the firmware versions on several field devices. The asset owners confirm that no firmware version updates were performed by authorized technicians, and customers have not reported any performance issues or outages. Which Of the following actions would be BEST for the analyst to recommend to the asset owners to secure the devices from further exploitation?

• Change the passwords on the devices.
• Implement BIOS passwords.
• Remove the assets from the production network for analysis.
• Report the findings to the threat intel community.

During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

• Set the web page to redirect to an application support page when a bad password is entered.
• Disable error messaging for authentication
• Recognize that error messaging does not provide confirmation of the correct element of authentication
• Avoid using password-based authentication for the application