comptia cs0-002 practice test
CompTIA Cybersecurity Analyst (CySA+) Certification Exam
Question 1
Which of the following BEST articulates the benefit of leveraging SCAP in an organization’s cybersecurity analysis toolset?
- A. It automatically performs remedial configuration changes to enterprise security services
- B. It enables standard checklist and vulnerability analysis expressions for automation
- C. It establishes a continuous integration environment for software development operations
- D. It provides validation of suspected system vulnerabilities through workflow orchestration
Answer:
B
Question 2
It is important to parameterize queries to prevent:
- A. the execution of unauthorized actions against a database.
- B. a memory overflow that executes code with elevated privileges.
- C. the esrtablishment of a web shell that would allow unauthorized access.
- D. the queries from using an outdated library with security vulnerabilities.
Answer:
A
Question 3
Which of the following secure coding techniques can be used to prevent cross-site request forgery attacks?
- A. Input validation
- B. Output encoding
- C. Parameterized queries
- D. Tokenization
Answer:
D
Question 4
During a cyber incident, which of the following is the BEST course of action?
- A. Switch to using a pre-approved, secure, third-party communication system.
- B. Keep the entire company informed to ensure transparency and integrity during the incident.
- C. Restrict customer communication until the severity of the breach is confirmed.
- D. Limit communications to pre-authorized parties to ensure response efforts remain confidential.
Answer:
D
Question 5
A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is
compromised Which of the following would provide the BEST results?
- A. Baseline configuration assessment
- B. Uncredentialed scan
- C. Network ping sweep
- D. External penetration test
Answer:
D
Question 6
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and
alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?
- A. Gather information from providers, including datacenter specifications and copies of audit reports.
- B. Identify SLA requirements for monitoring and logging.
- C. Consult with senior management for recommendations.
- D. Perform a proof of concept to identify possible solutions.
Answer:
A
Question 7
After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following
firewall logs to determine how the breach occurred:
Which of the following IP addresses does the analyst need to investigate further?
- A. 192.168.1.1
- B. 192.168.1.10
- C. 192.168.1.12
- D. 192.168.1.193
Answer:
C
Question 8
A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During
the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two
years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce
the vendor upgrade before the end of life is reached.
Which of the following risk actions has the security committee taken?
- A. Risk exception
- B. Risk avoidance
- C. Risk tolerance
- D. Risk acceptance
Answer:
D
Question 9
A cybersecurity analyst is dissecting an intrusion down to the specific techniques and wants to organize them in a logical
manner. Which of the following frameworks would BEST apply in this situation?
- A. Pyramid of Pain
- B. MITRE ATT&CK
- C. Diamond Model of Intrusion Analysts
- D. CVSS v3.0
Answer:
B
Question 10
A contained section of a building is unable to connect to the Internet A security analyst. A security analyst investigates me
issue but does not see any connections to the corporate web proxy However the analyst does notice a small spike in traffic
to the Internet. The help desk technician verifies all users are connected to the connect SSID. but there are two of the same
SSIDs listed in the network connections. Which of the following BEST describes what is occurring?
- A. Bandwidth consumption
- B. Denial of service
- C. Beaconing
- D. Rogue device on the network
Answer:
A
Question 11
A product manager is working with an analyst to design a new application that will perform as a data analytics platform and
will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?
- A. The use of infrastructure-as-code capabilities leads to an increased attack surface.
- B. Patching the underlying application server becomes the responsibility of the client.
- C. The application is unable to use encryption at the database level.
- D. Insecure application programming interfaces can lead to data compromise.
Answer:
D
Question 12
While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious
domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to
add it. Which of the following is the BEST solution for the security analyst to implement?
- A. Block the domain IP at the firewall.
- B. Blacklist the new subnet
- C. Create an IPS rule.
- D. Apply network access control.
Answer:
A
Question 13
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?
- A. Sanitization policy
- B. Data sovereignty
- C. Encryption policy
- D. Retention standards
Answer:
D
Question 14
A security analyst receives an alert from the SIEM about a possible attack happening on the network The analyst opens the
alert and sees the IP address of the suspected server as 192.168.54.66. which is part of the network 192 168 54 0/24. The
analyst then pulls all the command history logs from that server and sees the following
Which of the following activities is MOST likely happening on the server?
- A. A MUM attack
- B. Enumeration
- C. Fuzzing
- D. A vulnerability scan
Answer:
A
Question 15
A bad actor bypasses authentication and reveals all records in a database through an SQL injection.
Implementation of which of the following would work BEST to prevent similar attacks in
- A. Strict input validation
- B. Blacklisting
- C. SQL patching
- D. Content filtering
- E. Output encoding
Answer:
A