1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 17, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 441:

    A new policy requires the security team to perform web application and OS vulnerability scans. All of the company's web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company's web application, while at the same time reducing false positives?

    A. The vulnerability scanner should be configured to perform authenticated scans.

    B. The vulnerability scanner should be installed on the web server.

    C. The vulnerability scanner should implement OS and network service detection.

    D. The vulnerability scanner should scan for known and unknown vulnerabilities.

  • Question 442:

    A software development company in the manufacturing sector has just completed the alpha version of its flagship application. The application has been under development for the past three years. The SOC has seen intrusion attempts made by indicators associated with a particular APT. The company has a hot site location for COOP. Which of the following threats would most likely incur the BIGGEST economic impact for the company?

    A. DDoS

    B. ICS destruction

    C. IP theft

    D. IPS evasion

  • Question 443:

    A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

    A. APT

    B. DDoS

    C. Zero day

    D. False positive

  • Question 444:

    The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?

    A. The security analysts should not respond to internal audit requests during an active investigation

    B. The security analysts should report the suspected breach to regulators when an incident occurs

    C. The security analysts should interview system operators and report their findings to the internal auditors

    D. The security analysts should limit communication to trusted parties conducting the investigation

  • Question 445:

    The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation?

    A. Activate the escalation checklist

    B. Implement the incident response plan

    C. Analyze the forensic image

    D. Perform evidence acquisition

  • Question 446:

    A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the information processed by the system with respect to CIA. Which of the following should provide the CIA classification for the information?

    A. The cloud provider

    B. The data owner

    C. The cybersecurity analyst

    D. The system administrator

  • Question 447:

    A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?

    A. Reserved MACs

    B. Host IPs

    C. DNS routing tables

    D. Gateway settings

  • Question 448:

    An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?

    A. Trend analysis

    B. Behavior analysis

    C. Availability analysis

    D. Business analysis

  • Question 449:

    A malicious user is reviewing the following output:

    root:~#ping 192.168.1.137 64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms 64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms root: ~#

    Based on the above output, which of the following is the device between the malicious user and the target?

    A. Proxy

    B. Access point

    C. Switch

    D. Hub

  • Question 450:

    The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

    A. OSSIM

    B. SDLC

    C. SANS

    D. ISO

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.