1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 09, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 901:

    A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party,

    mail.marketing.com. Below is the existing SPF record:

    v=spf1 a mx -all

    Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

    A. v=spf1 a mx redirect:mail.marketing.com ?all

    B. v=spf1 a mx include:mail.marketing.com -all

    C. v=spf1 a mx +all

    D. v=spf1 a mx include:mail.marketing.com ~all

  • Question 902:

    A security analyst is reviewing the following web server log: GET %2f..%2f..%2f.. %2f.. %2f.. %2f.. %2f../etc/passwd Which of the following BEST describes the issue?

    A. Directory traversal exploit

    B. Cross-site scripting

    C. SQL injection

    D. Cross-site request forgery

  • Question 903:

    While analyzing logs from a WAF, a cybersecurity analyst finds the following:

    "GET /form.php?id=463225%2b%2575%256e%2569%256f%256e%2b%2573%2574% 2box3133333731,1223,1224andname=andstate=IL"

    Which of the following BEST describes what the analyst has found?

    A. This is an encrypted GET HTTP request

    B. A packet is being used to bypass the WAF

    C. This is an encrypted packet

    D. This is an encoded WAF bypass

  • Question 904:

    A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

    A. The parties have an MOU between them that could prevent shutting down the systems

    B. There is a potential disruption of the vendor-client relationship

    C. Patches for the vulnerabilities have not been fully tested by the software vendor

    D. There is an SLA with the client that allows very little downtime

  • Question 905:

    A security analyst working in the SOC recently discovered Balances m which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in the situation?

    A. implement an IPS signature for the malware and update the blacklisting for the associated domains and IPs

    B. Implement an IPS signature for the malware and another signature request to Nock all the associated domains and IPs

    C. Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains

    D. Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the IPs and domains

  • Question 906:

    The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

    A. web servers on private networks.

    B. HVAC control systems

    C. smartphones

    D. firewalls and UTM devices

  • Question 907:

    A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

    A. Probability

    B. Adversary capability

    C. Attack vector

    D. Impact

    E. Classification

    F. Indicators of compromise

  • Question 908:

    Which of the following are components of the intelligence cycle? (Select TWO.)

    A. Collection

    B. Normalization

    C. Response

    D. Analysis

    E. Correction

    F. Dissension

  • Question 909:

    Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

    A. Use a UEFl boot password.

    B. Implement a self-encrypted disk.

    C. Configure filesystem encryption

    D. Enable Secure Boot using TPM

  • Question 910:

    A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

    A. firewall behind the VPN server

    B. VPN server parallel to the firewall

    C. VPN server behind the firewall

    D. VPN on the firewall

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.