Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA CySA+
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Nov 14, 2024

CompTIA CompTIA CySA+ CS0-002 Questions & Answers

  • Question 1:

    An analyst needs to provide recommendations for the AUP Which of the following is the BEST recommendation to protect the company's intellectual property?

    A. Company assets must be stored in a locked cabinet when not in use.

    B. Company assets must not be utilized for personal use or gain.

    C. Company assets should never leave the company's property.

    D. AII Internet access must be via a proxy server.

  • Question 2:

    During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content

    Which of the following is the NEXT step the analyst should take?

    A. Only allow whitelisted binaries to execute.

    B. Run an antivirus against the binaries to check for malware.

    C. Use file integrity monitoring to validate the digital signature.

    D. Validate the binaries' hashes from a trusted source.

  • Question 3:

    The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?

    A. Whitelisting authorized IP addresses

    B. Enforcing more complex password requirements

    C. Blacklisting unauthorized IP addresses

    D. Establishing a sinkhole service

  • Question 4:

    While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it.

    Which of the following is the BEST solution for the security analyst to implement?

    A. Block the domain IP at the firewall.

    B. Blacklist the new subnet

    C. Create an IPS rule.

    D. Apply network access control.

  • Question 5:

    An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?

    A. Data retention

    B. Evidence retention

    C. GDPR

    D. Data correlation procedure

  • Question 6:

    A large insurance company wants to outsource its claim-handling operations to an overseas third-party organization Which of the following would BEST help to reduce the chance of highly sensitive data leaking?

    A. Configure a VPN between the third party organization and the internal company network

    B. Set up a VDI that the third party must use to interact with company systems.

    C. Use MFA to protect confidential company information from being leaked.

    D. Implement NAC to ensure connecting systems have malware protection

    E. Create jump boxes that are used by the third-party organization so it does not connect directly.

  • Question 7:

    A company recently experienced multiple DNS DDoS attacks, and the information security analyst must provide a DDoS solution to deploy in the company's datacenter Which of the following would BEST prevent future attacks?

    A. Configure a sinkhole on the router.

    B. Buy a UTM to block the number of requests.

    C. Route the queries on the DNS server to 127.0.0.1.

    D. Call the Internet service provider to block the attack.

  • Question 8:

    A cybersecurity analyst is establishing a threat hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose?

    A. Scrum

    B. loC feeds

    C. ISAC

    D. VSS scores

  • Question 9:

    While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.

    The analyst sees the following on the laptop's screen:

    [*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-SHARE-A (service: File Server) [*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A [*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A [SMBv2] NTLMv2-SSP Client : 192.168.23.115 [SMBv2] NTLMv2-SSP Username : CORP\jsmith [SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7... [*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-SHARE-A (service: File Server) [*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A [*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A [SMBv2] NTLMv2-SSP Client : 192.168.23.24 [SMBv2] NTLMv2-SSP Username : CORP\progers [SMBv2] NTLMv2-SSP Hash : 6D093BE2FDD70A...

    Which of the following is the BEST action for the security analyst to take?

    A. Initiate a scan of devices on the network to find password-cracking tools.

    B. Disconnect the laptop and ask the users jsmith and progers to log out.

    C. Force all users in the domain to change their passwords at the next login.

    D. Take the FILE-SHARE-A server offline and scan it for viruses.

  • Question 10:

    The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading

    Which of the following should be the NEXT step in this incident response?

    A. Enable an ACL on all VLANs to contain each segment

    B. Compile a list of loCs so the IPS can be updated to halt the spread.

    C. Send a sample of the malware to the antivirus vendor and request urgent signature creation.

    D. Begin deploying the new anti-malware on all uninfected systems.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.