CompTIA CompTIA CySA+ CS0-003 Questions & Answers

• Question 281:

  A technician working at company.com received the following email:

  

  After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

  A. Forwarding of corporate email should be disallowed by the company.

  B. A VPN should be used to allow technicians to troubleshoot computer issues securely.

  C. An email banner should be implemented to identify emails coming from external sources.

  D. A rule should be placed on the DLP to flag employee IDs and serial numbers.

  Correct Answer: C

  An email banner is a message that is added to the top or bottom of an email to provide some information or warning to the recipient. An email banner should be implemented to identify emails coming from external sources to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets. An email banner can help employees recognize phishing or spoofing attempts and avoid clicking on malicious links or attachments. It can also remind employees not to share confidential information with external parties or forward corporate emails to personal accounts. The other options are not relevant or effective for this purpose. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 13; https://www.csoonline.com/article5970/what-is-spoofing-definition-and-how-to-preventit.html

• Question 282:

  A company is aiming to test a new incident response plan. The management team has made it clear that the initial test should have no impact on the environment. The company has limited resources to support testing. Which of the following exercises would be the best approach?

  A. Tabletop scenarios

  B. Capture the flag

  C. Red team vs. blue team

  D. Unknown-environment penetration test

  Correct Answer: A

  A tabletop scenario is an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios. A tabletop scenario is the best approach for a company that wants to test a new incident response plan without impacting the environment or using many resources. A tabletop scenario can help the company identify strengths and weaknesses in their plan, clarify roles and responsibilities, and improve communication and coordination among team members. The other options are more intensive and disruptive exercises that involve simulating a real incident or attack. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 16; https://www.linkedin.com/pulse/tabletop-exercises-explained-matt-lemon-phd

• Question 283:

  Which of the following is the best reason why organizations need operational security controls?

  A. To supplement areas that other controls cannot address

  B. To limit physical access to areas that contain sensitive data

  C. To assess compliance automatically against a secure baseline

  D. To prevent disclosure by potential insider threats

  Correct Answer: A

  Operational security controls are security measures that are implemented and executed by people rather than by systems. Operational security controls are needed to supplement areas that other controls, such as technical or physical controls, cannot address. For example, operational security controls can include policies, procedures, training, awareness, audits, reviews, testing, etc. These controls can help ensure that employees follow best practices, comply with regulations, detect and report incidents, and respond to emergencies. The other options are not specific to operational security controls or are too narrow in scope. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0002), page 14; https://www.isaca.org/resources/isacajournal/issues6/volume-3/operational-security-controls

• Question 284:

  An organization has the following risk mitigation policies

  Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000 Other nsk mitigation will be pnontized based on risk value.

  The following risks have been identified: Which of the following is the ordei of priority for risk mitigation from highest to lowest?

  

  A. A, C, D, B

  B. B, C, D, A

  C. C, B, A, D

  D. C. D, A, B

  E. D, C, B, A

  Correct Answer: C

  The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.

• Question 285:

  A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

  A. parameterize.

  B. decode.

  C. guess.

  D. decrypt.

  Correct Answer: B

  Lime-based cookies are a type of cookies that use lime encoding to store data in a web browser. Lime encoding is a simple substitution cipher that replaces each character in a string with another character based on a fixed key. Lime-based cookies are easy to decode because the key is publicly available and the encoding algorithm is simple. Anyone who intercepts or accesses the lime-based cookies can easily decode them and read the data stored in them. This is a security concern because lime-based cookies are often used for session management, which means they store information about the user's identity and preferences on a web application. If an attacker can decode the lime-based cookies, they can impersonate the user or access their sensitive information. Reference: https://www.dcode.fr/lime-encryption https://www.techopedia.com/definition/1529/session-cookie

• Question 286:

  Which of the following activities is designed to handle a control failure that leads to a breach?

  A. Risk assessment

  B. Incident management

  C. Root cause analysis

  D. Vulnerability management

  Correct Answer: B

  Incident management is a process that aims to handle a control failure that leads to a breach by restoring normal operations as quickly as possible and minimizing the impact and damage of the incident. Incident management involves activities such as identifying, analyzing, containing, eradicating, recovering, and learning from security incidents. Risk assessment, root cause analysis, and vulnerability management are other processes related to security management, but they are not designed to handle a control failure that leads to a breach.

  Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

• Question 287:

  HOTSPOT

  The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.

  If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean.

  If the vulnerability is valid, the analyst must remediate the finding.

  After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

  INSTRUCTIONS

  STEP 1: Review the information provided in the network diagram.

  STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Step 1

  

  

  Hot Area:

  Correct Answer:

  

  

• Question 288:

  HOTSPOT

  A security analyst performs various types of vulnerability scans.

  Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

  INSTRUCTIONS

  Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

  For ONLY the credentialed and non-credentialed scans, evaluate the results for False Positives and check the Findings that display false positives.

  NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

  Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results. The Linux Web Server, File-Print Server, and Directory Server are draggable.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Hot Area:

  

  Correct Answer: