1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 11, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 501:

    A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.

    The security administrator notices that the new application uses a port typically monopolized by a virus.

    The security administrator denies the request and suggests a new port or service be used to complete the application's task.

    Which of the following is the security administrator practicing in this example?

    A. Explicit deny

    B. Port security

    C. Access control lists

    D. Implicit deny

  • Question 502:

    A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.

    During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.

    Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

    A. Transitive access

    B. Spoofing

    C. Man-in-the-middle

    D. Replay

  • Question 503:

    After running a packet analyzer on the network, a security analyst has noticed the following output:

    Which of the following is occurring?

    A. A ping sweep

    B. A port scan

    C. A network map

    D. A service discovery

  • Question 504:

    A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

    A. TCP

    B. SMTP

    C. ICMP

    D. ARP

  • Question 505:

    When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?

    A. Bluejacking

    B. ARP cache poisoning

    C. Phishing

    D. DoS

  • Question 506:

    The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

    Locky.js xerty.ini xerty.lib

    Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

    A. Disable access to the company VPN.

    B. Move the files from the NAS to a cloud-based storage solution.

    C. Set permissions on file shares to read-only.

    D. Add the URL included in the .js file to the company's web proxy filter.

  • Question 507:

    A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in % TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

    A. DDoS

    B. APT

    C. Ransomware

    D. Software vulnerability

  • Question 508:

    A threat intelligence analyst who works for a technology firm received this report from a vendor.

    "There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is RandD data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector."

    Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

    A. Polymorphic malware and secure code analysis

    B. Insider threat and indicator analysis

    C. APT and behavioral analysis

    D. Ransomware and encryption

  • Question 509:

    A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and production is affected. Which of the following sources would be used to evaluate which network service was interrupted?

    A. Syslog

    B. Network mapping

    C. Firewall logs

    D. NIDS

  • Question 510:

    A software patch has been released to remove vulnerabilities from company's software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?

    A. Fuzzing

    B. User acceptance testing

    C. Regression testing

    D. Penetration testing

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.