CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
You are a cybersecurity analyst tasked
with interpreting scan data from Compa-
ny A's servers. You must verify the re-
Part 1 Answer
quirements are being met for all of the
Check on the following:
servers and recommend changes if you
AppServ1 is only using TLS.1.2
find they are not. The company's harden-
AppServ4 is only using TLS.1.2
ing guidelines indicate the following:
AppServ1 is using Apache 2.4.18 or
greater
• TLS 1.2 is the only version of TLS run-
AppServ3 is using Apache 2.4.18 or
ning.
greater
• Apache 2.4.18 or greater should be
AppServ4 is using Apache 2.4.18 or
used.
greater
• Only default ports should be used. IN-
STRUCTIONS
Part 2 Answer
Recommendation:
Using the supplied data, record the sta-
Recommendation is to disable TLS v1.1
tus of compliance with the company's
on AppServ2 and AppServ3. Also up-
guidelines for each server.
grade AppServ2 Apache to
The question contains two parts: make
version 2.4.48 from its current version of
sure you complete Part 1 and Part 2.
2.3.48
Make recommendations for
issues based ONLY on the hardening
guidelines provided.
A Chief Information Security Officer
(CISO) is concerned developers have
too much visibility into customer data.
Data masking
Which of the following controls should
be implemented to BEST address these
concerns?
A security analyst for a large pharma-
ceutical company was given credentials
from a threat intelligence resources or-
ganization for Internal users, which con-
Change all the user passwords to ensure
tain usernames and valid passwords for
the malicious actors cannot use them.
company accounts. Which of the fol-
lowing is the FIRST action the analyst
should take as part of security opera-
tions monitoring?
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
The help desk noticed a security analyst
that emails from a new email server are
not being sent out. The new email server
was recently added to the existing ones.
The analyst runs the following command The IP address of the new email server
on the new server.
nslookup -type=txt exampledomain.org
"v=spf1 ip4:72.56.48.0/28 -all"
Line 3
TCP 192.168.0.23:443
A user's computer has been running 185.23.17.119:17207 Established
slowly when the user tries to access web
pages. A security analyst runs the com-
mand netstat -aon from the command
line and receives the following output:
An analyst is performing penetration
testing and vulnerability assessment ac-
tivities against a new vehicle automation
platform. CAN bus
Which of the following is MOST likely an
attack vector that is being utilized as part
of the testing and assessment?
As part of a review of modern response
plans, which of the following is MOST im-
portant for an organization to understand Legal requirements
when establishing the breach notification
period?
A cybersecurity analyst is currently
The analyst has discovered a True Pos-
checking a newly deployed server that
itive, and the status code is correct pro-
has an access control list applied. When
viding a file not found error
conducting the scan, the analyst re-
message.
ceived the following code snippet of re-
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
sults:
Which of the following describes the out-
put of this scan?
Port 23
An analyst performs a routine scan of a
host using Nmap and receives the follow-
ing output:
Which of the following should the analyst
investigate FIRST?
A security analyst conducted a risk as-
sessment on an organization's wireless
network and identified a high-risk ele-
ment in the implementation of data con- Switch to RADIUS technology
fidentially protection. Which of the follow-
ing is the BEST technical security control
to mitigate this risk?
A security analyst is responding to an
incident on a web server on the company
Isolate the system on the network to
network that is making a large number
ensure it cannot access other systems
of outbound requests over DNS Which of
while evaluation is
the following is the FIRST step the ana-
underway.
lyst should take to evaluate this potential
indicator of compromise?
Welcome to the Enterprise Help Desk
System. Please work the ticket escalated
to you in the desk ticket queue.
High Memory Utilization
INSTRUCTIONS
Click on me ticket to see the ticket details wuauclt.exe
Additional content is available on tabs
within the ticket First, select the appro-
priate issue from the drop-down menu.
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
Then, select the MOST likely root cause
from second drop-down menu If at any
time you would like to bring back the
initial state of the simulation, please click
the Reset All button
An analyst is working with a network
engineer to resolve a vulnerability that
was found in a piece of legacy hardware,
which is critical to the operation of the
organization's production line. The lega-
cy hardware does not have third-party
Segment the network to constrain ac-
support, and the OEM manufacturer of
cess to administrative interfaces.
the controller is no longer in operation.
The analyst documents the activities and
verifies these actions prevent remote ex-
ploitation of the vulnerability. Which of
the following would be the MOST appro-
priate to remediate the controller?
An organization was alerted to a possi-
ble compromise after its proprietary data ftps.bluemed.net
was found for sale on the Internet. An
analyst is reviewing the logs from the
next-generation UTM in an attempt to
find evidence of this breach. Given the
following output:
Which of the following should be the fo-
cus of the investigation?
A storage area network (SAN) was inad-
vertently powered off while power main-
tenance was being performed in a data-
center. None of the systems should have Ensure both power supplies on the SAN
lost all power during the maintenance. are serviced by separate circuits, so that
Upon review, it is discovered that a SAN if one circuit goes
administrator moved a power plug when down, the other remains powered.
testing the SAN's fault notification fea-
tures.
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
You are a cybersecurity analyst tasked
with interpreting scan data from Compa-
ny A's servers. You must verify the re-
Part 1 Answer
quirements are being met for all of the
Check on the following:
servers and recommend changes if you
AppServ1 is only using TLS.1.2
find they are not. The company's harden-
AppServ4 is only using TLS.1.2
ing guidelines indicate the following:
AppServ1 is using Apache 2.4.18 or
greater
• TLS 1.2 is the only version of TLS run-
AppServ3 is using Apache 2.4.18 or
ning.
greater
• Apache 2.4.18 or greater should be
AppServ4 is using Apache 2.4.18 or
used.
greater
• Only default ports should be used. IN-
STRUCTIONS
Part 2 Answer
Recommendation:
Using the supplied data, record the sta-
Recommendation is to disable TLS v1.1
tus of compliance with the company's
on AppServ2 and AppServ3. Also up-
guidelines for each server.
grade AppServ2 Apache to
The question contains two parts: make
version 2.4.48 from its current version of
sure you complete Part 1 and Part 2.
2.3.48
Make recommendations for
issues based ONLY on the hardening
guidelines provided.
A Chief Information Security Officer
(CISO) is concerned developers have
too much visibility into customer data.
Data masking
Which of the following controls should
be implemented to BEST address these
concerns?
A security analyst for a large pharma-
ceutical company was given credentials
from a threat intelligence resources or-
ganization for Internal users, which con-
Change all the user passwords to ensure
tain usernames and valid passwords for
the malicious actors cannot use them.
company accounts. Which of the fol-
lowing is the FIRST action the analyst
should take as part of security opera-
tions monitoring?
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
The help desk noticed a security analyst
that emails from a new email server are
not being sent out. The new email server
was recently added to the existing ones.
The analyst runs the following command The IP address of the new email server
on the new server.
nslookup -type=txt exampledomain.org
"v=spf1 ip4:72.56.48.0/28 -all"
Line 3
TCP 192.168.0.23:443
A user's computer has been running 185.23.17.119:17207 Established
slowly when the user tries to access web
pages. A security analyst runs the com-
mand netstat -aon from the command
line and receives the following output:
An analyst is performing penetration
testing and vulnerability assessment ac-
tivities against a new vehicle automation
platform. CAN bus
Which of the following is MOST likely an
attack vector that is being utilized as part
of the testing and assessment?
As part of a review of modern response
plans, which of the following is MOST im-
portant for an organization to understand Legal requirements
when establishing the breach notification
period?
A cybersecurity analyst is currently
The analyst has discovered a True Pos-
checking a newly deployed server that
itive, and the status code is correct pro-
has an access control list applied. When
viding a file not found error
conducting the scan, the analyst re-
message.
ceived the following code snippet of re-
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
sults:
Which of the following describes the out-
put of this scan?
Port 23
An analyst performs a routine scan of a
host using Nmap and receives the follow-
ing output:
Which of the following should the analyst
investigate FIRST?
A security analyst conducted a risk as-
sessment on an organization's wireless
network and identified a high-risk ele-
ment in the implementation of data con- Switch to RADIUS technology
fidentially protection. Which of the follow-
ing is the BEST technical security control
to mitigate this risk?
A security analyst is responding to an
incident on a web server on the company
Isolate the system on the network to
network that is making a large number
ensure it cannot access other systems
of outbound requests over DNS Which of
while evaluation is
the following is the FIRST step the ana-
underway.
lyst should take to evaluate this potential
indicator of compromise?
Welcome to the Enterprise Help Desk
System. Please work the ticket escalated
to you in the desk ticket queue.
High Memory Utilization
INSTRUCTIONS
Click on me ticket to see the ticket details wuauclt.exe
Additional content is available on tabs
within the ticket First, select the appro-
priate issue from the drop-down menu.
, CYSA+ CompTIA Verified Multiple Choice and Conceptual Actual Emended
Exam Questions With Reviewed 100% Correct Detailed Answers
Guaranteed Pass!!Current Update
Then, select the MOST likely root cause
from second drop-down menu If at any
time you would like to bring back the
initial state of the simulation, please click
the Reset All button
An analyst is working with a network
engineer to resolve a vulnerability that
was found in a piece of legacy hardware,
which is critical to the operation of the
organization's production line. The lega-
cy hardware does not have third-party
Segment the network to constrain ac-
support, and the OEM manufacturer of
cess to administrative interfaces.
the controller is no longer in operation.
The analyst documents the activities and
verifies these actions prevent remote ex-
ploitation of the vulnerability. Which of
the following would be the MOST appro-
priate to remediate the controller?
An organization was alerted to a possi-
ble compromise after its proprietary data ftps.bluemed.net
was found for sale on the Internet. An
analyst is reviewing the logs from the
next-generation UTM in an attempt to
find evidence of this breach. Given the
following output:
Which of the following should be the fo-
cus of the investigation?
A storage area network (SAN) was inad-
vertently powered off while power main-
tenance was being performed in a data-
center. None of the systems should have Ensure both power supplies on the SAN
lost all power during the maintenance. are serviced by separate circuits, so that
Upon review, it is discovered that a SAN if one circuit goes
administrator moved a power plug when down, the other remains powered.
testing the SAN's fault notification fea-
tures.
