Practice CS0-002 Exam Online

Question 1

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

Other-Image-2c25d0abd-9346-4ce2-97cf-b6effd98dd2e

Which of the following actions should the security analyst take?

A : Release the email for delivery due to its importance.

B : Immediately contact a purchasing agent to expedite.

C : Delete the email and block the sender.

D : Purchase the gift cards and submit an expense report.

Answer: C

Question 2

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

A : detection and prevention capabilities to improve.

B : which systems were exploited more frequently.

C : possible evidence that is missing during forensic analysis.

D : which analysts require more training.

E : the time spent by analysts on each of the incidents.

Answer: A

Question 3

While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

A : Block the sender In the email gateway.

B : Delete the email from the company's email servers.

C : Ask the sender to stop sending messages.

D : Review the message in a secure environment.

Answer: D

Question 4

A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC:

../../../../bin/bash

Which of the following commands can be used to determine if the string is present in the log?

A : echo access.log | grep '../../../../bin/bash'

B : grep '../../../../bin/bash' 1 cat access.log

C : grep '../../../. ./bin/bash' < access.log

D : cat access.log > grep '../../../ ../bin/bash'

Answer: C

Question 5

An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:

* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target

* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

A : Improving detection capabilities

B : Bundling critical assets

C : Profiling threat actors and activities

D : Reducing the attack surface area

Answer: D

Name:	CompTIA Cybersecurity Analyst (CySA+)
Exam Code:	CS0-002
Certification:	CompTIA Cybersecurity Analyst
Vendor:	CompTIA
Total Questions:	578
Last Updated:	Apr 23, 2024

CompTIA CS0-002