1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Mar 23, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 971:

    A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

    A. Apply the required patches to remediate the vulnerability.

    B. Escalate the incident to senior management for guidance.

    C. Disable all privileged user accounts on the network.

    D. Temporarily block the attacking IP address.

  • Question 972:

    A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access?

    A. Single sign-on

    B. Mandatory access control

    C. Multifactor authentication

    D. Federation

    E. Privileged access management

  • Question 973:

    A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?

    A. The use of infrastructure-as-code capabilities leads to an increased attack surface.

    B. Patching the underlying application server becomes the responsibility of the client.

    C. The application is unable to use encryption at the database level.

    D. Insecure application programming interfaces can lead to data compromise.

  • Question 974:

    Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:

    POST /services/v1_0/Public/Members.svc/soap

    s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22

    POST /services/v1_0/Public/Members.svc/soap <Password123

    a:Password>

    +i:nil="true"/ >[email protected]

    s:Body> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89

    POST /services/v1_0/Public/Members.svc/soap 516.7.446.605

    a:IPAddress> 192.168.1.22

    - - api.somesite.com 200 0 1003 1011 307 192.168.1.22

    POST /services/v1_0/Public/Members.svc/soap

    kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd

    a:ApiToken>0161222

    4''1=113026046

    a:Authentication> 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89

    Which of the following MOST likely explains how the clients' accounts were compromised?

    A. The clients' authentication tokens were impersonated and replayed.

    B. The clients' usernames and passwords were transmitted in cleartext.

    C. An XSS scripting attack was carried out on the server.

    D. A SQL injection attack was carried out on the server.

  • Question 975:

    A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data

    Developers use personal workstations, giving the company little to no visibility into the development activities.

    Which of the following would be BEST to implement to alleviate the CISO's concern?

    A. DLP

    B. Encryption

    C. Test data

    D. NDA

  • Question 976:

    A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT. Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

    A. Attack vectors

    B. Adversary capability

    C. Diamond Model of Intrusion Analysis

    D. Kill chain

    E. Total attack surface

  • Question 977:

    A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

    Antivirus is installed on the remote host:

    Installation path: C:\Program Files\AVProduct\Win32\

    Product Engine: 14.12.101

    Engine Version: 3.5.71

    Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.

    The engine version is out of date. The oldest supported version from the vendor is 4.2.11.

    The analyst uses the vendor's website to confirm the oldest supported version is correct.

    Which of the following BEST describes the situation?

    A. This is a false positive, and the scanning plugin needs to be updated by the vendor.

    B. This is a true negative, and the new computers have the correct version of the software.

    C. This is a true positive, and the new computers were imaged with an old version of the software.

    D. This is a false negative, and the new computers need to be updated by the desktop team.

  • Question 978:

    As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back

    up and match their gold image. If they find any inconsistencies, they must formally document the information.

    Which of the following BEST describes this test?

    A. Walk through

    B. Full interruption

    C. Simulation

    D. Parallel

  • Question 979:

    A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.

    Which of the following will remediate this software vulnerability?

    A. Enforce unique session IDs for the application.

    B. Deploy a WAF in front of the web application.

    C. Check for and enforce the proper domain for the redirect.

    D. Use a parameterized query to check the credentials.

    E. Implement email filtering with anti-phishing protection.

  • Question 980:

    A security analyst is reviewing the following log from an email security service.

    Which of the following BEST describes the reason why the email was blocked?

    A. The To address is invalid.

    B. The email originated from the www.spamfilter.org URL.

    C. The IP address and the remote server name are the same.

    D. The IP address was blacklisted.

    E. The From address is invalid.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.