1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 09, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 881:

    A web-based front end for a business intelligence application uses pass-through authentication to authenticate users The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

    A. Change the security model to force the users to access the database as themselves

    B. Parameterize queries to prevent unauthorized SQL queries against the database

    C. Configure database security logging using syslog or a SIEM

    D. Enforce unique session IDs so users do not get a reused session ID

  • Question 882:

    The help desk notified a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server:

    Given the output, which of the following should the security analyst check NEXT?

    A. The DNS name of the new email server

    B. The version of SPF that is being used

    C. The IP address of the new email server

    D. The DMARC policy

  • Question 883:

    Which of the following policies would slate an employee should not disable security safeguards, such as host firewalls and antivirus on company systems?

    A. Code of conduct policy

    B. Account management policy

    C. Password policy

    D. Acceptable use policy

  • Question 884:

    After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

    Which of the following IP addresses does the analyst need to investigate further?

    A. 192.168.1.1

    B. 192.168.1.10

    C. 192.168.1.12

    D. 192.168.1.193

  • Question 885:

    An analyst is investigating an anomalous event reported by the SOC After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

    A. Patching logs

    B. Threat feed

    C. Backup logs

    D. Change requests

    E. Data classification matrix

  • Question 886:

    An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested m a secure, built- in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

    A. TPM

    B. eFuse

    C. FPGA

    D. HSM

    E. UEFI

  • Question 887:

    During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation. Which of the following would cause the analyst to further review the incident?

    A. BadReputationIp - - [2019-04-12 10:43Z] "GET /etc/passwd" 403 1023

    B. BadReputationIp - - [2019-04-12 10:43Z] "GET /index.html?src=../.ssh/id_rsa" 401 17044

    C. BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=/etc/passwd" 403 11056

    D. BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=../../.ssh/id_rsa" 200 15036

    E. BadReputationIp - - [2019-04-12 10:43Z] "GET /favicon.ico?src=../usr/share/ icons" 200 19064

  • Question 888:

    A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?

    A. Insider threat

    B. Buffer overflow

    C. Advanced persistent threat

    D. Zero day

  • Question 889:

    A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

    A. Implementing a sandboxing solution for viewing emails and attachments

    B. Limiting email from the finance department to recipients on a pre-approved whitelist

    C. Configuring email client settings to display all messages in plaintext when read

    D. Adding a banner to incoming messages that identifies the messages as external

  • Question 890:

    A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?

    A. Begin blocking all IP addresses within that subnet.

    B. Determine the attack vector and total attack surface.

    C. Begin a kill chain analysis to determine the impact.

    D. Conduct threat research on the IP addresses

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.