1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 09, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 281:

    A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

    A. jailbreaking.

    B. cracking.

    C. hashing.

    D. fuzzing.

  • Question 282:

    A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate web server. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the web server. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BEST describes the type of threat being used?

    A. APT

    B. Zero-day attack

    C. Man-in-the-middle attack

    D. XSS

  • Question 283:

    A security administrator uses FTK to take an image of a hard drive that is under investigation. Which of the following processes are used to ensure the image is the same as the original disk? (Choose two.)

    A. Validate the folder and file directory listings on both.

    B. Check the hash value between the image and the original.

    C. Boot up the image and the original systems to compare.

    D. Connect a write blocker to the imaging device.

    E. Copy the data to a disk of the same size and manufacturer.

  • Question 284:

    An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host 192.168.1.13 is shown below: Which of the following statements is true?

    A. Running SSH on the Telnet port will now be sent across an unencrypted port.

    B. Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability

    C. Running SSH on port 23 provides little additional security from running it on the standard port.

    D. Remote SSH connections will automatically default to the standard SSH port.

    E. The use of OpenSSH on its default secure port will supersede any other remote connection attempts.

  • Question 285:

    A security analyst's company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

    A. The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.

    B. RFC 3162 is known to cause significant performance problems.

    C. The IPSec implementation has significantly increased the amount of bandwidth needed.

    D. The implementation should have used AES instead of 3DES.

  • Question 286:

    A vulnerability scan returned the following results for a web server that hosts multiple wiki sites:

    Apache-HTTPD-cve-2014-023: Apache HTTPD: mod_cgid denial of service CVE-2014-0231

    Due to a flaw found in mog_cgid, a server using mod_cgid to host CGI scripts could be vulnerable to a DoS attack caused by a remote attacker who is exploiting a weakness in non-standard input, causing processes to hang indefinitely.

    The security analyst has confirmed the server hosts standard CGI scripts for the wiki sites, does not have mod_cgid installed, is running Apache 2.2.22, and is not behind a WAF. The server is located in the DMZ, and the purpose of the server is to allow customers to add entries into a publicly accessible database.

    Which of the following would be the MOST efficient way to address this finding?

    A. Place the server behind a WAF to prevent DoS attacks from occurring.

    B. Document the finding as a false positive.

    C. Upgrade to the newest version of Apache.

    D. Disable the HTTP service and use only HTTPS to access the server.

  • Question 287:

    In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:

    The organization's servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

    A. Malicious process

    B. Unauthorized change

    C. Data exfiltration

    D. Unauthorized access

  • Question 288:

    An analyst received a forensically sound copy of an employee's hard drive. The employee's manager suspects inappropriate images may have been deleted from the hard drive. Which of the following could help the analyst recover the deleted evidence?

    A. File hashing utility

    B. File timestamps

    C. File carving tool

    D. File analysis tool

  • Question 289:

    An employee at an insurance company is processing claims that include patient addresses, clinic visits, diagnosis information, and prescription. While forwarding documentation to the supervisor, the employee accidentally sends the data to a personal email address outside of the company due to a typo. Which of the following types of data has been compromised?

    A. PCI

    B. Proprietary information

    C. Intellectual property

    D. PHI

  • Question 290:

    A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap.

    Which of the following is the correct command to accomplish this?

    A. $ nmap ""PE 192.168.1.7

    B. $ ping --PE 192.168.1.7

    C. $ nmap --traceroute 192.168.1.7

    D. $ nmap ""PO 192.168.1.7

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.