← Back to exam page

CS0-002 CompTIA Cybersecurity Analyst (CySA+) Certification Exam

Loading demo links...

Showing 1–3 of 15 questions

Question 1

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Text, letter Description automatically generated

Answer is in the explanation below.

Question 2

Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

Select all that apply, then click Submit answer.

  • Message queuing telemetry transport does not support encryption.

  • The devices may have weak or known passwords.

  • The devices may cause a dramatic Increase in wireless network traffic.

  • The devices may utilize unsecure network protocols.

  • Multiple devices may interface with the functions of other loT devices.

  • The devices are not compatible with TLS 12.
Question 3

A security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server. The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked. Which of the following possible TTP combinations might warrant further investigation? (Select TWO).

Select all that apply, then click Submit answer.

  • Requests identified by a threat intelligence service with a bad reputation

  • Requests sent from the same IP address using different user agents

  • Requests blocked by the web server per the input sanitization

  • Failed log-in attempts against the web application

  • Requests sent by NICs with outdated firmware

  • Existence of HTTP/501 status codes generated to the same IP address