CompTIA CS0-002 CompTIA Cybersecurity Analyst (CySA+) Certification Exam Online Training
CompTIA CS0-002 Online Training
The questions for CS0-002 were last updated at Jan 05,2025.
- Exam Code: CS0-002
- Exam Name: CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- Certification Provider: CompTIA
- Latest update: Jan 05,2025
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization.
To BEST resolve the issue, the organization should implement
- A . federated authentication
- B . role-based access control.
- C . manual account reviews
- D . multifactor authentication.
A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim.
Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?
- A . Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
- B . Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
- C . Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
- D . Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts .conf file.
The output of the diff command against the known-good backup reads as follows:
Which of the following MOST likely occurred?
- A . The file was altered to accept payments without charging the cards
- B . The file was altered to avoid logging credit card information
- C . The file was altered to verify the card numbers are valid.
- D . The file was altered to harvest credit card numbers
Which of the following are components of the intelligence cycle? (Select TWO.)
- A . Collection
- B . Normalization
- C . Response
- D . Analysis
- E . Correction
- F . Dissension
A security technician is testing a solution that will prevent outside entities from spoofing the company’s email domain, which is comptiA.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task?
- A . Add TXT @ "v=spf1 mx include:_spf.comptiA.org all" to the DNS record.
- B . Add TXT @ "v=spf1 mx include:_spf.comptiA.org all" to the email server.
- C . Add TXT @ "v=spf1 mx include:_spf.comptiA.org +all" to the domain controller.
- D . Add TXT @ "v=spf1 mx include:_spf.comptiA.org +all" to the web server.
A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality.
Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?
- A . Deidentification
- B . Encoding
- C . Encryption
- D . Watermarking
An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network.
Which of the following schedules BEST addresses these requirements?
- A . Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans
- B . Monthly vulnerability scans, biweekly topology scans, daily host discovery scans
- C . Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans
- D . Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans
A Chief Executive Officer (CEO) is concerned about the company’s intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm.
Which of the following courses of action is appropriate?
- A . Limit all access to the sensitive data based on geographic access requirements with strict role-based access controls.
- B . Enable data masking and reencrypt the data sets using AES-256.
- C . Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.
- D . Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash.
A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get onto the system.
Which of the following registry keys would MOST likely have this information?
- A . HKEY_USERS<user SID>SoftwareMicrosoftWindowsCurrentVersionRun
- B . HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
- C . HKEY_USERS<user SID>SoftwareMicrosoftWindowsexplorerMountPoints2
- D . HKEY_USERS<user SID>SoftwareMicrosoftInternet ExplorerTyped URLs
- E . HKEY_LOCAL_MACHINESYSTEMControlSet001serviceseventlogSystemiusb3hub
Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?
- A . Data encryption
- B . Data deidentification
- C . Data masking
- D . Data minimization
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Thank you for this test, Greatful :):)