1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA CySA+
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Sep 10, 2024

CompTIA CompTIA CySA+ CS0-002 Questions & Answers

  • Question 81:

    Which of the following is the BEST way to gather patch information on a specific server?

    A. Event Viewer

    B. Custom script

    C. SCAP software

    D. CI/CD

  • Question 82:

    An organization's network administrator uncovered a rogue device on the network that is emulating the characteristics of a switch. The device is trunking protocols and inserting tagging values to control the flow of traffic at the data link layer. Which of the following BEST describes the attack?

    A. DNS pharming

    B. VLAN hopping

    C. Spoofing

    D. Injection attack

  • Question 83:

    To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

    A. SCAP

    B. SAST

    C. DAST

    D. DACS

  • Question 84:

    A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

    A. SLA for system uptime.

    B. DLP procedures.

    C. logging and monitoring capabilities.

    D. data protection capabilities.

  • Question 85:

    A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?

    A. Potential data loss to external users

    B. Loss of public/private key management

    C. Cloud-based authentication attack

    D. Insufficient access logging

  • Question 86:

    Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the BEST solution to improve the equipment's security posture?

    A. Move the legacy systems behind a WAF.

    B. Implement an air gap for the legacy systems.

    C. Place the legacy systems in the DMZ.

    D. Implement a VPN between the legacy systems and the local network.

  • Question 87:

    A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall's behavior and responses. The analyst executes the following commands:

    #nmap -p22 -sS 10.0.1.200 #hping3 -S -c1 -p22 10.0.1.200 The analyst then compares the following results for port 22:

    1.

    nmap returns "Closed"

    2.

    hping3 returns "flags=RA"

    Which of the following BEST describes the firewall rule?

    A. DNAT ?to-destination 1.1.1.1:3000

    B. REJECT with ?tcp-reset

    C. LOG ?log-tcp-sequence

    D. DROP

  • Question 88:

    An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers. Which of the following is a benefit of having these communication plans?

    A. They can help to prevent the inadvertent release of damaging information outside the organization.

    B. They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.

    C. They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.

    D. They can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.

  • Question 89:

    A company recently experienced financial fraud, which included shared passwords being compromised and improper levels of access being granted. The company has asked a security analyst to help improve its controls. Which of the following will MOST likely help the security analyst develop better controls?

    A. An evidence summarization

    B. An incident response plan

    C. A lessons-learned report

    D. An indicator of compromise

  • Question 90:

    A Chief Executive Officer (CEO) is concerned about the company's intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?

    A. Limit all access to the sensitive data based on geographic access requirements with strict role-based access controls.

    B. Enable data masking and reencrypt the data sets using AES-256.

    C. Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.

    D. Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.