CS0-003 CompTIA CyberSecurity Analyst CySA+ Certification Exam - Practice Questions

Question 7

Which of the following security operations tasks are ideal for automation?

Select an option, then click Submit answer.

○
Suspicious file analysis:
Look for suspicious-looking graphics in a folder.

Create subfolders in the original folder based on category of graphics found.

Move the suspicious graphics to the appropriate subfolder
○
Firewall IoC block actions:

Examine the firewall logs for IoCs from the most recently published zero-day exploit Take mitigating actions in the firewall to block the behavior found in the logs Follow up on any false positives that were caused by the block rules
○
Security application user errors:

Search the error logs for signs of users having trouble with the security application Look up the user's phone number
Call the user to help with any questions about using the application
○
Email header analysis:

Check the email header for a phishing confidence metric greater than or equal to five Add the domain of sender to the block list
Move the email to quarantine

Question 8

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

Select an option, then click Submit answer.

○
Set an Http Only flag to force communication by HTTPS.
○
Block requests without an X-Frame-Options header.
○
Configure an Access-Control-Allow-Origin header to authorized domains.
○
Disable the cross-origin resource sharing header.

Question 9

Which of the following is described as a method of enforcing a security policy between cloud customers and cloud services?

Select an option, then click Submit answer.

○
CASB
○
DMARC
○
SIEM
○
PAM

Reference / correct answer:

CASB

A CASB (Cloud Access Security Broker) is a security solution that acts as an intermediary between cloud users and cloud providers, and monitors and enforces security policies for cloud access and usage. A CASB can help organizations protect their data and applications in the cloud from unauthorized or malicious access, as well as comply with regulatory standards and best practices. A CASB can also provide visibility, control, and analytics for cloud activity, and identify and mitigate potential threats12

The other options are not correct. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps email domain owners prevent spoofing and phishing attacks by verifying the sender’s identity and instructing the receiver how to handle unauthenticated messages34 SIEM (Security Information and Event Management) is a security solution that collects, aggregates, and analyzes log data from various sources across an organization’s network, such as applications, devices, servers, and users, and provides real-time alerts, dashboards, reports, and incident response capabilities to help security teams identify and mitigate cyberattacks56 PAM (Privileged Access Management) is a security solution that helps organizations manage and protect the access and permissions of users, accounts, processes, and systems that have elevated or administrative privileges. PAM can help prevent credential theft, data breaches, insider threats, and compliance violations by monitoring, detecting, and preventing unauthorized privileged access to critical resources78

CS0-003 – CompTIA CyberSecurity Analyst CySA+ Certification Exam