1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 01, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 141:

    An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

    Which of the following conclusions is supported by the application log?

    A. An attacker was attempting to perform a DoS attack against the server

    B. An attacker was attempting to download files via a remote command execution vulnerability

    C. An attacker was attempting to perform a buffer overflow attack to execute a payload in memory

    D. An attacker was attempting to perform an XSS attack via a vulnerable third-party library

  • Question 142:

    A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities:

    APT X's approach to a target would be sending a phishing email to the target after conducting active and passive reconnaissance. Upon successful compromise, APT X conducts internal reconnaissance and attempts to move laterally by utilizing existing resources. When APT X finds data that aligns to its objectives, it stages and then exfiltrates data sets in sizes that can range from 1GB to 5GB. APT X also establishes several backdoors to maintain a C2 presence in the environment.

    In which of the following phases in this APT MOST likely to leave discoverable artifacts?

    A. Data collection/exfiltration

    B. Defensive evasion

    C. Lateral movement

    D. Reconnaissance

  • Question 143:

    During an incident investigation, a security analyst acquired a malicious file that was used as a backdoor but was not detected by the antivirus application. After performing a reverse-engineering procedure, the analyst found that part of the code was obfuscated to avoid signature detection. Which of the following types of instructions should the analyst use to understand how the malware was obfuscated and to help deobfuscate it?

    A. MOV

    B. ADD

    C. XOR

    D. SUB

    E. MOVL

  • Question 144:

    A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

    A. The traffic is common static data that Windows servers send to Microsoft

    B. Someone has configured an unauthorized SMTP application over SSL

    C. A connection from the database to the web front end is communicating on the port

    D. The server is receiving a secure connection using the new TLS 1.3 standard

  • Question 145:

    A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?

    A. Dissemination

    B. Analysis

    C. Feedback

    D. Requirements

    E. Collection

  • Question 146:

    The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

    Which of the following should the organization consider investing in FIRST due to the potential impact of availability?

    A. Hire a managed service provider to help with vulnerability management

    B. Build a warm site in case of system outages

    C. Invest in a failover and redundant system, as necessary

    D. Hire additional staff for the IT department to assist with vulnerability management and log review

  • Question 147:

    A company's senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position. On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day.

    Which of the following describes the access management policy in place at the company?

    A. Mandatory-based

    B. Host-based

    C. Federated access

    D. Role-based

  • Question 148:

    An analyst is reviewing the following code output of a vulnerability scan:

    Which of the following types of vulnerabilities does this MOST likely represent?

    A. A XSS vulnerability

    B. An HTTP response split vulnerability

    C. A credential bypass vulnerability

    D. A carriage-return, line-feed vulnerability

  • Question 149:

    The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router. The company currently uses the same device mentioned in the threat report. Which of the following configuration changes would BEST improve the organization's security posture?

    A. Implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability

    B. Implement an IDS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability

    C. Implement an IPS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability

    D. Implement an IDS rule that contains content for the malware variant and patch the routers to protect against the vulnerability

  • Question 150:

    A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

    A. Logs may contain incorrect information.

    B. SAML logging is not supported for cloud-based authentication.

    C. Access to logs may be delayed for some time.

    D. Log data may be visible to other customers.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.