Free CS0-002 Sample Questions — CompTIA CySA+ Certification Exam (CS0-002)

An international company is implementing a marketing campaign for a new product and needs a security analyst to perform a threat-hunting process to identify possible threat actors. Which of the following should be the analyst’s primary focus?

• A. Hacktivists
• B. Organized crime
• C. Nation-states
• D. Insider threats

Which of the following threat classifications would MOST likely use polymorphic code?

• A. Known threat
• B. Zero-day threat
• C. Unknown threat
• D. Advanced persistent threat

A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities: Alert Detail - Low (Medium) Web Browser XSS Protection not enabled Description: Web browser XSS protection not enabled, or disabled by the configuration of the HTTP Response header URL: https://domain.com/sun/ray - Which of the following is the MOST likely solution to the listed vulnerability?

• A. Enable the browsers XSS filter
• B. Enable Windows XSS protection
• C. Enable the browser’s protected pages mode
• D. Enable server-side XSS protection

An executive assistant wants to onboard a new cloud-based product to help with business analytics and dashboarding. Which of the following would be the BEST integration option for this service?

• A. Manually log in to the service and upload data files on a regular basis
• B. Have the internal development team script connectivity and file transfers to the new service
• C. Create a dedicated SFTP site and schedule transfers to ensure file transport security
• D. Utilize the cloud product's API for supported and ongoing integrations

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also sees that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

• A. IDS signatures
• B. Data loss prevention
• C. Port security
• D. Sinkholing

A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network. Customers are not authorized to alter the configuration. The company deployed a software process to manage unauthorized changes to the appliance, log them, and forward them to a central repository for evaluation. Which of the following processes is the company using to ensure the appliance is not altered from its original configured state?

• A. CI/CD
• B. Software assurance
• C. Anti-tamper
• D. Change management

An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?

• A. Use the MITRE ATT&CK framework to develop threat models
• B. Conduct internal threat research and establish indicators of compromise
• C. Review the perimeter firewall rules to ensure the accuracy of the rule set
• D. Use SCAP scans to monitor for configuration changes on the network

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

• A. Perform static code analysis
• B. Require application fuzzing
• C. Enforce input validation
• D. Perform a code review

Which of the following ICS network protocols has no inherent security functions on TCP port 502?

• A. CIP
• B. DHCP
• C. SSH
• D. Modbus

Which of the following is the greatest security concern regarding ICS?

• A. The involved systems are generally hard to identify
• B. The systems are configured for automatic updates, leading to device failure
• C. The systems are oftentimes air gapped, leading to fileless malware attacks
• D. Issues on the systems cannot be reversed without rebuilding the systems

A cybersecurity analyst is establishing a threat-hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose?

• A. IoC feeds
• B. CVSS scores
• C. Scrum
• D. ISAC

A code review reveals a web application is using time-based cookies for session management. This is a security concern because time-based cookies are easy to:

• A. parameterize
• B. decode
• C. guess
• D. decrypt

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture ”. The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst’s objectives?

• A. tcpdump -w packetCapture
• B. tcpdump -a packetCapture
• C. tcpdump -n packetCapture
• D. nmap -v > packetCapture
• E. nmap -oA > packetCapture

A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely perform to validate the code prior to pushing it to production?

• A. Web-application vulnerability scan
• B. Static analysis
• C. Packet inspection
• D. Penetration test

A security analyst is reviewing existing email protection mechanisms to generate a report. The analysis finds the following DNS records: Record 1 - v=spf1 ip4:192:168.0.0/16 include:_spf.marketing.com include: thirdpartyprovider.com ~all Record 2 - “v=DKIM1\ k=rsa\; p=MIGfMA0GCSqh7d8hyh78Gdg87gd98hag86ga98dhay8gd7ashdca7yg79auhudig7df9ah8g76ag98dhay87ga9” Record 3 - _dmarc.comptia.com TXT v=DMARC1\; p=reject\; pct=100; rua=mailto:[email protected] Which of the following options provides accurate information to be included in the report?

• A. Record 3 serves as a reference of the security features configured at Record 1 and 2
• B. Record 1 is used as a blocklist mechanism to filter unauthorized senders
• C. Record 2 is used as a key to encrypt all outbound messages sent
• D. The three records contain private information that should not be disclosed

Which of the following BEST explains the function of a managerial control?

• A. To scope the security planning, program development, and maintenance of the security life cycle
• B. To guide the development of training, education, security awareness programs, and system maintenance
• C. To implement data classification, risk assessments, security control reviews, and contingency planning
• D. To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

• A. Duplicate all services in another instance and load balance between the instances,
• B. Establish a hot site with active replication to another region within the same cloud provider
• C. Set up a warm disaster recovery site with the same cloud provider in a different region
• D. Configure the systems with a cold site at another cloud provider that can be used for failover

A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities?

• A. Update the IPS and IDS with the latest rule sets from the provider
• B. Create an automated script to update the IPS and IDS rule sets
• C. Use an automated subscription to select threat feeds for IDS
• D. Implement an automated malware solution on the IPS

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

• A. Static analysis
• B. Dynamic analysis
• C. Regression testing
• D. User acceptance testing

Which of the following would best protect sensitive data if a device is stolen?

• A. Remote wipe of drive
• B. Self-encrypting drive
• C. Password-protected hard drive
• D. Bus encryption