[Jun-2026] CS0-002 Dumps Full Questions - CompTIA CySA+ Exam Study Guide [Q181-Q204]

Share

[Jun-2026] CS0-002 Dumps Full Questions - CompTIA CySA+ Exam Study Guide

Exam Questions and Answers for CS0-002 Study Guide


To prepare for the exam, candidates should have a solid understanding of cybersecurity concepts and hands-on experience in cybersecurity. CompTIA offers various training options, including self-paced eLearning courses, virtual instructor-led training (VILT), and in-person classroom training. Additionally, candidates can use practice exams and study guides to help them prepare for the exam.

 

NEW QUESTION # 181
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?

  • A. Acceptable use policy
  • B. Account management policy
  • C. Password policy
  • D. Code of conduct policy

Answer: A


NEW QUESTION # 182
A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?

  • A. The blocklist
  • B. The whitelist
  • C. The IDS signature
  • D. The DNS

Answer: C

Explanation:
The IDS signature should be updated next after receiving a new IoC (Indicator of Compromise) from an ISAC (Information Sharing and Analysis Center) that follows a threat actor's profile and activities. An IoC is a piece of evidence or artifact that suggests a system or network has been compromised or attacked by a threat actor4. An IoC can be an IP address, domain name, URL, file hash, email address, registry key, etc. An ISAC is a nonprofit organization that collects, analyzes, and shares threat intelligence and best practices among its members within a specific sector or industry5. An ISAC can help to improve the security awareness and preparedness of its members by providing timely and relevant information about emerging threats and incidents.


NEW QUESTION # 183
Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

  • A. Logging and monitoring are done by the service provider
  • B. Logging and monitoring are not needed in a public cloud environment
  • C. Logging and monitoring are done by the data owners
  • D. Logging and monitoring duties are specified in the SLA and contract

Answer: D

Explanation:
A service level agreement (SLA) and a contract are documents that define the roles and responsibilities of the parties involved in a public cloud relationship. Logging and monitoring are important security activities that should be clearly specified in the SLA and contract, such as who will perform them, what data will be collected, how long will it be stored, and how will it be accessed or shared. Logging and monitoring are still needed in a public cloud environment, but they are not done solely by the data owners or the service provider. Reference: https://www.csoonline.com/article/2121595/what-to-look-for-in-a-cloud-security-sla.html


NEW QUESTION # 184
An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?

  • A. cat log xxd -r -p | egrep ' [0-9] {16}
  • B. egrep '(3(0-9)) (16) ' log
  • C. egrep ' (0-9) (16) ' log | xxdc
  • D. cat log | xxd -r -p egrep '(0-9) (16)'

Answer: D


NEW QUESTION # 185
A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the BEST technique to address the CISO's concerns?

  • A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
  • B. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
  • C. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.
    Monitor the files for unauthorized changes.
  • D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

Answer: A,C


NEW QUESTION # 186
Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

  • A. Authorized, unintentional, benign
  • B. Unauthorized, intentional, malicious
  • C. Authorized, intentional, malicious
  • D. Unauthorized, unintentional, benign

Answer: C

Explanation:
Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack


NEW QUESTION # 187
Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

  • A. To identify likely attack scenarios within an organization
  • B. To build a business security plan for an organization
  • C. To build a network segmentation strategy
  • D. To identify weaknesses in an organization's security posture

Answer: A


NEW QUESTION # 188
During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

  • A. Application fuzzing
  • B. Peer review code
  • C. Input validation
  • D. Static code analysis

Answer: C


NEW QUESTION # 189
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

Answer:

Explanation:


NEW QUESTION # 190
An analyst is responding to an incident within a cloud infrastructure Based on the logs and traffic analysis, the analyst thinks a container has been compromised Which of the following should Ihe analyst do FIRST?

  • A. Contact law enforcement to report the incident
  • B. Perform threat hunting in other areas of the cloud infrastructure
  • C. Isolate the container from production using a predefined policy template
  • D. Perform a root cause analysis on the container and the service logs

Answer: B


NEW QUESTION # 191
A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

  • A. SMB
  • B. SSH
  • C. HTTPS
  • D. HTTP

Answer: A


NEW QUESTION # 192
An information security analyst is compiling data from a recent penetration test and reviews the following output:

The analyst wants to obtain more information about the web-based services that are running on the target.
Which of the following commands would MOST likely provide the needed information?

  • A. ftpd 10.79.95.173.rdns.datacenters.com 443
  • B. ping -t 10.79.95.173.rdns.datacenters.com
  • C. tracert 10.79.95.173
  • D. telnet 10.79.95.173 443

Answer: C


NEW QUESTION # 193
SIMULATION
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers.
You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
* TLS 1.2 is the only version of TLS running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.




Answer:

Explanation:
Part 1 answer:
Check on the following:
AppServ1 is only using TLS.1.2
AppServ4 is only using TLS.1.2
AppServ1 is using Apache 2.4.18 or greater
AppServ3 is using Apache 2.4.18 or greater
AppServ4 is using Apache 2.4.18 or greater
Part 2 answer:
Recommendation:
Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48


NEW QUESTION # 194
Which of the following attacks can be prevented by using output encoding?

  • A. Command injection
  • B. Directory traversal
  • C. Cross-site scripting
  • D. SQL injection
  • E. Cross-site request forgery
  • F. Server-side request forgery

Answer: C


NEW QUESTION # 195
Drag and Drop Question
You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node.
The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.











Answer:

Explanation:












NEW QUESTION # 196
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?

  • A. Establish a hosted SSO.
  • B. Implement a CASB.
  • C. Virtualize the server.
  • D. Air gap the server.

Answer: D


NEW QUESTION # 197
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

  • A. An attacker was attempting to download files via a remote command execution vulnerability
  • B. An attacker was attempting to perform an XSS attack via a vulnerable third-party library.
  • C. An attacker was attempting to perform a DoS attack against the server.
  • D. An attacker was attempting to perform a buffer overflow attack to execute a payload in memory.

Answer: D


NEW QUESTION # 198
In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

  • A. OWASP ZAP
  • B. Burp Suite
  • C. SCAP
  • D. Unauthenticated

Answer: D


NEW QUESTION # 199
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

  • A. Line 1
  • B. Line 6
  • C. Line 2
  • D. Line 4
  • E. Line 3
  • F. Line 5

Answer: D


NEW QUESTION # 200
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?

  • A. Single sign-on
  • B. IP restrictions
  • C. Reverse proxy
  • D. Geofencing

Answer: D

Explanation:
Explanation/Reference: https://bluedot.io/library/what-is-geofencing/


NEW QUESTION # 201
While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

  • A. Delete the email from the company's email servers.
  • B. Block the sender In the email gateway.
  • C. Review the message in a secure environment.
  • D. Ask the sender to stop sending messages.

Answer: C

Explanation:
The security analyst should review the message in a secure environment first. This will help determine if the message is indeed spam or if it contains any malicious content, such as malware attachments or phishing links. Reviewing the message in a secure environment means using a sandbox or an isolated system that can prevent any potential harm to the analyst's system or network. If the message is confirmed to be spam or malicious, then the analyst can take further actions, such as blocking the sender, deleting the email, or notifying the users3.


NEW QUESTION # 202
An organization wants to collect loCs from multiple geographic regions so it can sell the information to its customers. Which of the following should the organization deploy to accomplish this task?

  • A. A bastion host
  • B. A honeypot
  • C. A proxy server
  • D. A Jumpbox

Answer: B

Explanation:
A honeypot is a decoy system that is designed to attract and trap attackers, by mimicking a real system or network, but containing fake or harmless data. A honeypot can be used to collect IoCs from multiple geographic regions, by deploying it in different locations or networks, and monitoring the activities or attacks that target it. A honeypot can also provide valuable threat intelligence data that can be sold to customers.


NEW QUESTION # 203
A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?

  • A. A honeypot used to catalog the anomalous behavior and update the IPS.
  • B. Logical network segmentation and the use of jump boxes
  • C. Vulnerability scans of the network and proper patching.
  • D. A properly configured and updated EDR solution.

Answer: B


NEW QUESTION # 204
......

CompTIA Cybersecurity Analyst (CySA+) Certification Exam Free Update With 100% Exam Passing Guarantee: https://pdfdumps.free4torrent.com/CS0-002-valid-dumps-torrent.html