Download CompTIA CySA+ CS0-002 Practice Tests: Cybersecurity Analyst Exam Preparation and more Exams Computer Science in PDF only on Docsity!
CompTIA CySA+ CS0-002 Practice Tests
Questions 2024 - 2025
A cybersecurity analyst receives a phone call from an unknown person with the number blocked on the caller ID. After starting conversation, the caller begins to request sensitive information. Which of the following techniques is being applied? A. Social engineering B. Phishing C. Impersonation D. War dialing - ANS- A Which of the following is the main benefit of sharing incident details with partner organizations or external trusted parties during the incident response process? A. It facilitates releasing incident results, findings and resolution to the media and all appropriate government agencies B. It shortens the incident life cycle by allowing others to document incident details and prepare reports. C. It enhances the response process, as others may be able to recognize the observed behavior and provide valuable insight. D. It allows the security analyst to defer incident-handling activities until all parties agree on how to proceed with analysis. - ANS- C The security analyst determined that an email containing a malicious attachment was sent to several employees within the company, and it was not stopped by any of the email filtering devices. An incident was declared. During the investigation, it was determined that most users deleted the email, but one specific user executed the attachment. Based on the details gathered, which of the following actions should the security analyst perform NEXT? A. Obtain a copy of the email with the malicious attachment. Execute the file on another user's machine and observe the behavior. Document all findings. B. Acquire a full backup of the affected machine. Reimage the machine and then restore from the full backup. C. Take the affected machine off the network. Review local event logs looking for activity and processes related to unknown or unauthorized software. D. Take possession of the machine. Apply the latest OS updates and fir - ANS- C
Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation? A. strings B. sha1sum C. file D. dd E. gzip - ANS- B Given the following logs: Aug 18 11:00:57 comptia sshd[5657]: Failed password for root from 10.10.10.192 port 38980 ssh Aug 18 23:08:26 comptia sshd[5768]: Failed password for root from 18.70.0.160 port 38156 ssh Aug 18 23:08:30 comptia sshd[5770]: Failed password for admin from 18.70.0.160 port 38556 ssh Aug 18 23:08:34 comptia sshd[5772]: Failed password for invalid user asterisk from 18.70.0.160 port 38864 ssh Aug 18 23:08:38 comptia sshd[5774]: Failed password for invalid user sjobeck from 10.10.1.16 port 39157 ssh Aug 18 23:08:42 comptia sshd[5776]: Failed password for root from 18.70.0.160 port 39467 ssh Which of the following can be suspected? A. An unauthorized user is trying to gain access from 10.10.10.192. B. An authorized user is trying to gain access from 10.10.10.192. C. An authorized user is trying to gain access from 18.70.0.160. D. An unauthorized user is trying to gain access from 18.70.0.160 - ANS- D A security analyst has been asked to review permissions on accounts within Active Directory to determine if they are appropriate to the user's role. During this process, the analyst notices that a user from building maintenance is part of the Domain Admin group. Which of the following does this indicate? A. Cross-site scripting B. Session hijack C. Privilege escalation D. Rootkit - ANS- C
A. To provide real-time security analysis and alerts generated within the security system. B. To provide occasional updates on global security breaches C. To act as an attack vector D. To act as an intrusion prevention system - ANS- A An actor with little to no knowledge of the tools they use to carry out an attack is known as which of the following? A. White hat B. Black hat C. Attack vector D. Script kiddie - ANS- D Which one of the following does NOT accurately portray the attributes of an Advanced Persistent Threat (APT) attack? A. They often exploit unknown vulnerabilities B. They typically use freely available attacking tools to cut down on costs. C. They target large or government organization D. They use sophisticated means to gain access to highly valued resources - ANS- B Which of the following are the Security intelligence data elements that assure quality of the data? (Choose three) A. Accuracy B. Proprietary C. Relevance D. Timeliness - ANS- ACD The process of combing through collected data to gather relevant and accurate intelligence data is referred to as _____ according to the intelligence cycle. A. Collection B. Dissemination C. Feedback D. Analysis - ANS- D
Which of the following ports would you close if your sever does not host any DNS services? A. 22 B. 53 C. 443 D. 80 - ANS- B The Security team advises that there's a server running a legacy software supported by some of the applications within the organization. Upon review, management realizes the potential loss from the risk isn't great enough to warrant spending money to avoid it. This form of response is known as which of the following? A. Compensation Control B. Risk acceptance C. Risk avoidance D. Remediation - ANS- B A critical vulnerability is between which range on CVSS? A. 4.0-7. B. 3.9-5. C. 0.0-10. D. 9.0-10.0 - ANS- D An attacker collects information about a target from sources such as LinkedIn, Twitter, and the target's website. This form of reconnaissance is known as which of the following? A. Active reconnaissance B. Passive reconnaissance C. Native reconnaissance D. None of the above options - ANS- B When defining a scope to scan, which of the following should you use? (Choose two) A. An IP range B. A gateway
B. Boot Security C. HIPS D. ASLR - ANS- D Which firewall option would allow an administrator to permit an application into an organization's network? A. Whitelisting B. Filtering C. Port Security D. Blacklisting - ANS- A The command "Mac Address Sticky" uses physical addresses to restrict and provide network access to the device. True or false? - ANS- T Which of the following is a threat associated with operating in the cloud? A. Unsecure-Wi-Fi B. Malicious insider C. Bluejacking D. Evil Twin - ANS- B Which of the following practices are likely to put corporate systems at risk? A. CIA B. Patching C. MDM D. BYOD - ANS- D A unique feature of a hybrid cloud is the combination of a private and public cloud. True or false? - ANS- T Which mobile security standard allows an organization to manage mobile devices? A. MDM B. BYOD
C. SSH
D. CAN bus - ANS- A Which of the following are fundamentals of MFA? (Choose three) A. Something you have, such a one time pin B. Something you know, such as a password C. Something you do, such as a sport D. Something you are, such as biometrics - ANS- ABD In which of the following can the attacker use ARP Poisoning to compromise systems? A. LAN B. Bluetooth C. WAN D. None of the above - ANS- A Locking is an effective mitigative measure again race condition attacks. True or false? - ANS- T You are informed that the recently hired junior accountant within your organization has had her device compromised after clicking on a link within an email that was seemingly sent from the head of accounting department. What type of attack would the junior accountant been a victim of? A. Phishing attack B. SQL Injection C. DDOS attack D. MITM attack - ANS- A Which security concerns are more easily implemented in the cloud? (Choose three) A. Data locality B. Physical security C. Customization D. Regulatory compliance E. API access - ANS- BDE
Which feature of a system is shared by all containers running on that system? A. Memory space B. Disk space C. Operating system kernel D. Network ports - ANS- C Which important access control feature is used by both RBAC and ABAC? A. Permissions assigned to roles B. Permissions assigned directly to users C. Principle of Least Privilege D. Permissions derived from attributes - ANS- C Account credentials should be encrypted both in-transit and at-rest by default. True or false? - ANS- T A username and password authentication scheme is considered "Multi-Factor Authentication" because the username and password represent the two different factors. True or false? - ANS- F A Honeypot has which of the following features? (Choose three) A. Excludes any sensitive data B. An easy target C. Isolated from secure systems D. Automatically blocks known attack vectors - ANS- ABC Documentation for software assurance come in which forms? A. Standard Operating Procedures and Information Assurance Plans B. Regulatory Oversight C. Stackoverflow Queries D. Continuous Integration / Continuous Deployment - ANS- A Challenges for assuring mobile software include which of the following? (Choose three) A. Device Aesthetics
B. Connectivity C. Physical Size D. Limited Resources E. User Education - ANS- BCD Web applications are often exposed over the public internet and this introduces additional security concerns. True or false? - ANS- T Which trait is mostly unique to firmware? A. Publicly available B. Deployed on the Web C. Easily assured D. Tight coupling to the hardware - ANS- D Which stage of the SDLC should Software Assurance be introduced at? A. Every stage B. Design C. Testing D. Deployment - ANS- A DevSecOps means integrating security assurance into the entire DevOps process and pipeline. True or false? - ANS- T Which testing is the most discrete form of testing and often automated as part of a CI/CD pipeline? A. Unit Testing B. Integration Testing C. User Acceptance Testing D. Penetration Testing - ANS- A You should classify all data input sources as which of the following? A. Trusted or Untrusted B. Public or Private
An eFuse bit can only be written to a single time. True or false? - ANS- T UEFI provides the necessary functionality for which system level process? A. Secure Boot B. Boot Loaders C. BIOS D. Anti-virus software - ANS- A Which boot process validates each successive piece of software as they start and halts if invalid software is discovered? A. Measured Boot B. UEFI C. Secure Boot D. Bus Encryption - ANS- C Which types of data are TEEs used to secure? (Choose three) A. DRM Controls B. Payment/PCI Data C. Virus or Malware Definitions D. Biometric Data E. OS Versioning - ANS- ABD Match the two types of keys with their purpose.
- User password to unlock the drive
- Private key used to secure data A. Authentication Key B. Data Encryption Key - ANS- AB Which of the following would be a part of heuristic analysis? (Choose two) A. Code analysis of unexecuted files
B. Observing patterns in attack vectors on an institution C. Observing code execution in a sandbox D. Noting relationships between network traffic and malware - ANS- AC Which type of security log would be most useful in order to determine the centrally cached web sites? A. Syslog Server log B. Windows Security Event Log C. Proxy Server Syslog D. Proxy Server Log - ANS- D Which command-line tool is used to send the results of an onscreen command to a text file? A. > B. | C.
D. < - ANS- A Which of the following is the most basic initial function of a SIEM system? A. Correlation via rules B. Log aggregation dashboard C. Artificial Intelligence D. Security Orchestration and Automation Response - ANS- B Which log is associated with tracking both successful and failed authentication attempts on a Linux operating system? A. auth.log B. faillog C. security event log D. syslog - ANS- A Which type of network analysis decodes the content of packets to see the application data moving through the network?
Which of the following are the best candidates for a blacklist? (Choose two) A. Firewalls B. Network ACLs C. Malware D. Malicious traffic patterns E. Permissions - ANS- CD Regarding firewall passwords, which of the following typically cause the greatest vulnerabilities? (Choose two) A. Config files B. Updates C. Zones D. Defaults E. Rules - ANS- AD When IPS traffic is allowed through to the network when it should have been blocked, it's referred to as which of the following? A. False negative B. False positive C. Out-of-band enforcement D. Baseline - ANS- A Which of the following are likely areas of management in a Data Loss Prevention system? (Choose three) A. Printing B. Permissions C. Email D. Software E. User Authentication - ANS- ACD Which location is typical for an EDR agent installation? A. Firewall
B. Virtual Server C. Router D. Switch - ANS- B Which element of a NAC topology best describes a layer 2 switch? A. Authentication Server B. Supplicant C. Internet of Things D. Authenticator - ANS- D Which security infrastructure element is added in order to redirect endpoints to a new destination? A. Sinkhole B. Sandbox C. Honeynet D. Honeypot - ANS- A Which of the following is the most valuable resource in proactive threat management? A. Firewalls B. People C. Artificial Intelligence D. Intrusion Detection Systems - ANS- B Why do we need to learn about current threats in order to develop an accurate hypothesis to investigate? (Choose three) A. Procedures B. Policies C. Titles D. Techniques E. Tactics - ANS- ADE Which type of advanced persistent threat actor is known for having large resources and wanting to affect disruption in a foreign country?
A. Common Platform Enumeration (CPE) B. Extensible Configuration Checklist Description Format (XCCDF) C. Trust Model for Security Automation Data (TMSAD) D. Open Vulnerability Language (OVAL) - ANS- C Which of the following is an element of Security Orchestration Automation and Response (SOAR)? (Choose two) A. Perform action steps with integrated systems B. Examine log for patterns C. Collect incoming data streams D. Capture network traffic - ANS- AC How do APIs allow for better security automation? A. Provide a language for scripting B. Ensure automatic updates C. Identify end users D. Read and write to software systems configurations and data - ANS- D Which of the following enables malware detection software to quickly recognize new variants of a strain of malware? (Choose two) A. Centralized malware databases B. String hashes C. File hashes D. Deep learning - ANS- BD You're a security analyst wanting to incorporate third-party up-to-date security information into the context of machine learning that's already using content from your SIEM. Which process should be used? A. Data Deduplication B. Data Enrichment C. Data Mining D. Data Cleansing - ANS- B
Which of the following is the best description of a methodology involving regular small incremental changes over the lifespan of a piece of software? A. Continuous Delivery B. Continuous Integration C. Continuous Deployment D. Security Automation - ANS- B An incident response process is a methodology providing guidance on handling of cyber threats and breaches. True or false? - ANS- T According to the NIST framework, what are the four objectives of incident response? (Choose four) A. Preparation B. Classification C. Containment, eradication, and recovery D. Detection and analysis E. Post-incident activity - ANS- ACDE A junior network analyst is monitoring network usage when he notices a huge usage on outbound network traffic. The traffic usage indicates a recent spiked bandwidth that has not been recorded. How would the analyst categorize this information? A. Employees downloading torrents B. Timed out connections C. Potential indicator of compromise D. Packet loss - ANS- C Which of the following are categories of alerts? Choose all that apply. A. Informational B. Partial C. Medium D. Critical - ANS- ACD
