1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 17, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 531:

    An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

    A. Honeypot

    B. Jump box

    C. Sandboxing

    D. Virtualization

  • Question 532:

    A system administrator has reviewed the following output:

    Which of the following can a system administrator infer from the above output?

    A. The company email server is running a non-standard port.

    B. The company email server has been compromised.

    C. The company is running a vulnerable SSH server.

    D. The company web server has been compromised.

  • Question 533:

    A security professional is analyzing the results of a network utilization report. The report includes the following information:

    Which of the following servers needs further investigation?

    A. hr.dbprod.01

    B. RandD.file.srvr.01

    C. mrktg.file.srvr.02

    D. web.srvr.03

  • Question 534:

    A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?

    A. Use the IP addresses to search through the event logs.

    B. Analyze the trends of the events while manually reviewing to see if any of the indicators match.

    C. Create an advanced query that includes all of the indicators, and review any of the matches.

    D. Scan for vulnerabilities with exploits known to have been used by an APT.

  • Question 535:

    A recent vulnerability scan found four vulnerabilities on an organization's public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?

    A. A cipher that is known to be cryptographically weak.

    B. A website using a self-signed SSL certificate.

    C. A buffer overflow that allows remote code execution.

    D. An HTTP response that reveals an internal IP address.

  • Question 536:

    A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform?

    A. Continue monitoring critical systems.

    B. Shut down all server interfaces.

    C. Inform management of the incident.

    D. Inform users regarding the affected systems.

  • Question 537:

    A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

    A. Start the change control process.

    B. Rescan to ensure the vulnerability still exists.

    C. Implement continuous monitoring.

    D. Begin the incident response process.

  • Question 538:

    A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

    A. Fuzzing

    B. Behavior modeling

    C. Static code analysis

    D. Prototyping phase

    E. Requirements phase

    F. Planning phase

  • Question 539:

    Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

    A. Perform security awareness training about incident communication.

    B. Request all employees verbally commit to an NDA about the breach.

    C. Temporarily disable employee access to social media

    D. Have law enforcement meet with employees.

  • Question 540:

    A security analyst is reviewing the following log after enabling key-based authentication.

    Given the above information, which of the following steps should be performed NEXT to secure the system?

    A. Disable anonymous SSH logins.

    B. Disable password authentication for SSH.

    C. Disable SSHv1.

    D. Disable remote root SSH logins.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.