CS0-002 CompTIA Cybersecurity Analyst (CySA+) Certification Exam - Practice Questions

Question 4

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

Select all that apply, then click Submit answer.

○
Resetting the phone to factory settings
○
Rebooting the phone and installing the latest security updates
○
Documenting the respective chain of custody
○
Uninstalling any potentially unwanted programs
○
Performing a memory dump of the mobile device for analysis
○
Unlocking the device by browsing the eFuse

Reference / correct answer:

Documenting the respective chain of custody

Performing a memory dump of the mobile device for analysis

Documenting the chain of custody is an important step in the forensic analysis of any device, as it helps to ensure that all evidence is collected and preserved correctly. A memory dump is also essential, as it can provide information about the state of the device when the attack occurred and can be used for further analysis.

Documenting the respective chain of custody can help to preserve the integrity and admissibility of the evidence collected from the mobile device during the forensic analysis. Chain of custody is a record of who handled, accessed or modified the evidence, when, where, how and why . Performing a memory dump of the mobile device for analysis can help to extract volatile data from the mobile device that may contain valuable information about the ransomware attack, such as processes, network connections or encryption keys. Memory dump is a process of copying the contents of the memory (RAM) to a file or storage device .

References: https://www.techopedia.com/definition/23371/chain-of-custody https://www.techopedia.com/definition/10339/memory-dump

Question 5

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

Select all that apply, then click Submit answer.

○
Resetting the phone to factory settings
○
Rebooting the phone and installing the latest security updates
○
Documenting the respective chain of custody
○
Uninstalling any potentially unwanted programs
○
Performing a memory dump of the mobile device for analysis
○
Unlocking the device by blowing the eFuse

Question 6

A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

Select all that apply, then click Submit answer.

○
Uninstall the DNS service
○
Perform a vulnerability scan
○
Change the server's IP to a private IP address
○
Disable the Telnet service
○
Block port 80 with the host-based firewall
○
Change the SSH port to a non-standard port

CS0-002 – CompTIA Cybersecurity Analyst (CySA+) Certification Exam