CompTIA CS0-002 CompTIA Cybersecurity Analyst (CySA+) Certification Exam Online Training
CompTIA CS0-002 Online Training
The questions for CS0-002 were last updated at Jan 03,2025.
- Exam Code: CS0-002
- Exam Name: CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- Certification Provider: CompTIA
- Latest update: Jan 03,2025
An analyst performs a routine scan of a host using Nmap and receives the following output:
Which of the following should the analyst investigate FIRST?
- A . Port 21
- B . Port 22
- C . Port 23
- D . Port 80
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices.
Which of the following should be used to identify the traffic?
- A . Carving
- B . Disk imaging
- C . Packet analysis
- D . Memory dump
- E . Hashing
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?
- A . An IPS signature modification for the specific IP addresses
- B . An IDS signature modification for the specific IP addresses
- C . A firewall rule that will block port 80 traffic
- D . A firewall rule that will block traffic from the specific IP addresses
An organization’s Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers.
Which of the following is a benefit of having these communication plans?
- A . They can help to prevent the inadvertent release of damaging information outside the organization.
- B . They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.
- C . They can help to keep the organization’s senior leadership informed about the status of patching during the recovery phase.
- D . They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.
CORRECT TEXT
While investigating an incident in a company’s SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company’s internal network using their assigned corporate logins.
Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).
A Configure /etc/sshd_config to deny root logins and restart the SSHD service.
B. Add a rule on the network IPS to block SSH user sessions
C. Configure /etc/passwd to deny root logins and restart the SSHD service.
D. Reset the passwords for all accounts on the affected system.
E. Add a rule on the perimeter firewall to block the source IP address.
F. Add a rule on the affected system to block access to port TCP/22.
The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately.
Which of the following would be the BEST method of communication?
- A . Post of the company blog
- B . Corporate-hosted encrypted email
- C . VoIP phone call
- D . Summary sent by certified mail
- E . Externally hosted instant message
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:
In which of the following phases is this APT MOST likely to leave discoverable artifacts?
- A . Data collection/exfiltration
- B . Defensive evasion
- C . Lateral movement
- D . Reconnaissance
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)
- A . Parameterized queries
- B . Session management
- C . Input validation
- D . Output encoding
- E . Data protection
- F . Authentication
A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use.
Which of the following will fix the cause of the issue?
- A . Change the security model to force the users to access the database as themselves
- B . Parameterize queries to prevent unauthorized SQL queries against the database
- C . Configure database security logging using syslog or a SIEM
- D . Enforce unique session IDs so users do not get a reused session ID
A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked.
Which of the following methods would be MOST appropriate to use?
- A . An adversary capability model
- B . The MITRE ATT&CK framework
- C . The Cyber Kill Chain
- D . The Diamond Model of Intrusion Analysis
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Thank you for this test, Greatful :):)