Get 396 CompTIA CySA+ Certification Exam (CS0-002) Questions

Elevate your cybersecurity expertise with this comprehensive collection of exam questions and detailed answers, meticulously curated to ensure you're fully prepared for success. Whether you're a seasoned security professional or aspiring to advance your career in the field, this guide is your go-to companion for acing the CompTIA CS0-002

Question # 1 Topic 1

A security analyst discovers the following firewall log entries during an incident:

Which of the following is MOST likely occurring?

A. Banner grabbing

B. Port scanning

C. Beaconing

D. Data exfiltration

Correct Answer: B

Question # 2 Topic 1

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an appropriate course of action?

A. Automate the use of a hashing algorithm after verified users make changes to their data.

B. Use encryption first and then hash the data at regular, defined times.

C. Use a DLP product to monitor the data sets for unauthorized edits and changes.

D. Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Correct Answer: A

Question # 3 Topic 1

The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit requests for new users at the last minute, causing the help desk to scramble to create accounts across many different interconnected systems. Which of the following solutions would work BEST to assist the help desk with the onboarding and offboarding process while protecting the company's assets?

A. MFA

B. CASB

C. SSO

D. RBAC

Correct Answer: D

Question # 4 Topic 1

A security analyst is reviewing the following server statistics:

Which of the following is MOST likely occurring?

A. Race condition

B. Privilege escalation

C. Resource exhaustion

D. VM escape

Correct Answer: C

Question # 5 Topic 1

A security team wants to make SaaS solutions accessible from only the corporate campus. Which of the following would BEST accomplish this goal?

A. Geotagging

B. IP restrictions

C. Reverse proxy

D. Single sign-on

Correct Answer: A

Question # 6 Topic 1

A company that uses email for all internal and external communications received a legal notice from a vendor that was disputing a contract award.

The company needs to implement ta legal hold on the email of users who were involved in the vendor selection process and the awarding of the contract. Which of the following describes the appropriate steps that should be taken to comply with the legal notice?

A. Notify the security team of the legal hold and remove user access to the email accounts.

B. Coordinate with legal counsel and then not the security team to ensure the appropriate email accounts are frozen.

C. Disable the user accounts that are associated with the legal hold and create new user accounts so they can continue doing business.

D. Encrypt messages that are associated with the legal hold and initiate a chain of custody to ensure admissibility in future legal proceedings.

Correct Answer: B

Question # 7 Topic 1

Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?

A. Data deidentification

B. Data encryption

C. Data masking

D. Data minimization

Correct Answer: B

Question # 8 Topic 1

During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform NEXT to ensure the data integrity of the evidence?

A. Generate hashes for each file from the hard drive.

B. Create a chain of custody document.

C. Determine a timeline of events using correct time synchronization.

D. Keep the cloned hard drive in a safe place.

Correct Answer: A

Question # 9 Topic 1

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

A. Perform static code analysis.

B. Require application fuzzing.

C. Enforce input validation.

D. Perform a code review.

Correct Answer: B

Question # 10 Topic 1

A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?

A. True positive

B. True negative

C. False positive

D. False negative

Correct Answer: C