Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

CompTIA CySA+ CS0-002 Release Date

Page: 10 / 27
Question 40

A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment. Which of the following should the analyst do to block this activity?

Options:

A.

Create an IPS rule to block the subnet.

B.

Sinkhole the IP address.

C.

Create a firewall rule to block the IP address.

D.

Close all unnecessary open ports.

Question 41

Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

Options:

A.

Smart cards

B.

Multifactor authentication

C.

Biometrics

D.

Increased password-rotation frequency

Question 42

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations Which of the following steps in the intelligence cycle is the security analyst performing?

Options:

A.

Analysis and production

B.

Processing and exploitation

C.

Dissemination and evaluation

D.

Data collection

E.

Planning and direction

Question 43

A security analyst reviews SIEM logs and discovers the following error event:

Which of the following environments does the analyst need to examine to continue troubleshooting the event?

Options:

A.

Proxy server

B.

SQL server

C.

Windows domain controller

D.

WAF appliance

E.

DNS server

Page: 10 / 27
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 4, 2024
Questions: 372
CS0-002 pdf

CS0-002 PDF

$29.75  $84.99
CS0-002 Engine

CS0-002 Testing Engine

$33.25  $94.99
CS0-002 PDF + Engine

CS0-002 PDF + Testing Engine

$47.25  $134.99