1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 01, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 951:

    An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server. Which of the following is MOST likely to be a false positive?

    A. OpenSSH/OpenSSL Package Random Number Generator Weakness

    B. Apache HTTP Server Byte Range DoS

    C. GDI+ Remote Code Execution Vulnerability (MS08-052)

    D. HTTP TRACE / TRACK Methods Allowed (002-1208)

    E. SSL Certificate Expiry

  • Question 952:

    A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:

    Which of the following is MOST likely a false positive?

    A. ICMP timestamp request remote date disclosure

    B. Windows SMB service enumeration via \srvsvc

    C. Anonymous FTP enabled

    D. Unsupported web server detection

  • Question 953:

    Which of the following should be found within an organization's acceptable use policy?

    A. Passwords must be eight characters in length and contain at least one special character.

    B. Customer data must be handled properly, stored on company servers, and encrypted when possible

    C. Administrator accounts must be audited monthly, and inactive accounts should be removed.

    D. Consequences of violating the policy could include discipline up to and including termination.

  • Question 954:

    A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

    A. Client-side whitelisting

    B. Server-side whitelisting

    C. Server-side blacklisting

    D. Client-side blacklisting

  • Question 955:

    A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 956:

    The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization's email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

    A. Post of the company blog

    B. Corporate-hosted encrypted email

    C. VoIP phone call

    D. Summary sent by certified mail

    E. Externally hosted instant message

  • Question 957:

    During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate:

    A. malware scans.

    B. secure communications.

    C. chain of custody forms.

    D. decryption tools.

  • Question 958:

    A malicious hacker wants to gather guest credentials on a hotel 802.11 network. Which of the following tools is the malicious hacker going to use to gain access to information found on the hotel network?

    A. Nikto

    B. Aircrak-ng

    C. Nessus

    D. tcpdump

  • Question 959:

    A security analyst received an email with the following key: Xj3XJ3LLc

    A second security analyst received an email with following key: 3XJ3xjcLLC

    The security manager has informed the two analysts that the email they received is a key that allows access to the company's financial segment for maintenance. This is an example of:

    A. dual control

    B. private key encryption

    C. separation of duties

    D. public key encryption

    E. two-factor authentication

  • Question 960:

    An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following:

    The source of the breach is linked to an IP located in a foreign country. The breach is isolated to the research and development servers. The hash values of the data before and after the breach are unchanged. The affected servers were

    regularly patched, and a recent scan showed no vulnerabilities.

    Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)

    A. The confidentiality of the data is unaffected.

    B. The threat is an APT.

    C. The source IP of the threat has been spoofed.

    D. The integrity of the data is unaffected.

    E. The threat is an insider.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.