1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 17, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 451:

    A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss? (Select THREE).

    A. Prevent users from accessing personal email and file-sharing sites via web proxy

    B. Prevent flash drives from connecting to USB ports using Group Policy

    C. Prevent users from copying data from workstation to workstation

    D. Prevent users from using roaming profiles when changing workstations

    E. Prevent Internet access on laptops unless connected to the network in the office or via VPN

    F. Prevent users from being able to use the copy and paste functions

  • Question 452:

    A threat intelligence analyst who works for a financial services firm received this report:

    "There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector."

    The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).

    A. Advise the firewall engineer to implement a block on the domain

    B. Visit the domain and begin a threat assessment

    C. Produce a threat intelligence message to be disseminated to the company

    D. Advise the security architects to enable full-disk encryption to protect the MBR

    E. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"

    F. Format the MBR as a precaution

  • Question 453:

    An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

    A. Drive adapters

    B. Chain of custody form

    C. Write blockers

    D. Crime tape

    E. Hashing utilities

    F. Drive imager

  • Question 454:

    A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

    A. A compensating control

    B. Altering the password policy

    C. Creating new account management procedures

    D. Encrypting authentication traffic

  • Question 455:

    Given the following access log:

    Which of the following accurately describes what this log displays?

    A. A vulnerability in jQuery

    B. Application integration with an externally hosted database

    C. A vulnerability scan performed from the Internet

    D. A vulnerability in Javascript

  • Question 456:

    A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:

    Which of the following mitigation techniques is MOST effective against the above attack?

    A. The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.

    B. The company should implement a network-based sinkhole to drop all traffic coming from 192.168.1.1 at their gateway router.

    C. The company should implement the following ACL at their gateway firewall: DENY IP HOST 192.168.1.1 170.43.30.0/24.

    D. The company should enable the DoS resource starvation protection feature of the gateway NIPS.

  • Question 457:

    During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

    A. Static code analysis

    B. Peer review code

    C. Input validation

    D. Application fuzzing

  • Question 458:

    A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

    A. Malware has infected the workstation and is beaconing out to the specific IP address of the file server.

    B. The file server is attempting to transfer malware to the workstation via SMB.

    C. An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.

    D. An attacker has gained control of the workstation and is port scanning the network.

  • Question 459:

    A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

    A. Invest in and implement a solution to ensure non-repudiation

    B. Force a daily password change

    C. Send an email asking users not to share their credentials

    D. Run a report on all users sharing their credentials and alert their managers of further actions

  • Question 460:

    Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potential impacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is this considered to be?

    A. Threat intelligence

    B. Threat information

    C. Threat data

    D. Advanced persistent threats

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.