• Home
  • Articles
  • [Sep-2021] CS0-002 Pre-Exam Practice Tests Exam Questions and Answers for CompTIA CySA+ Study Guide [Q76-Q96]

[Sep-2021] CS0-002 Pre-Exam Practice Tests Exam Questions and Answers for CompTIA CySA+ Study Guide [Q76-Q96]

Share

[Sep-2021] CS0-002 Pre-Exam Practice Tests | Exam Questions and Answers for CompTIA CySA+ Study Guide

CompTIA Cybersecurity Analyst (CySA+) Certification Exam Certification Sample Questions

NEW QUESTION 76
A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account to perform queries and look up data in a database. A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

  • A. Parameterize queries to prevent unauthorized SQL queries against the database
  • B. Configure database security logging using syslog or a SIEM
  • C. Enforce unique session IDs so users do not get a reused session ID
  • D. Change the security model to force the users to access the database as themselves

Answer: D

 

NEW QUESTION 77
Organizational policies require vulnerability remediation on severity 7 or greater within one week.
Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:
The organization has three Apache web servers:

The results of a recent vulnerability scan are shown below:

The team performs some investigation and finds a statement from Apache:

Which of the following actions should the security team perform?

  • A. Remediate 192.168.1.22 within 30 days
  • B. Remediate 192.168.1.20 within 30 days
  • C. Investigate the false negative on 192.168.1.20
  • D. Ignore the false positive on 192.168.1.22

Answer: A

 

NEW QUESTION 78
A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate web server. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the web server. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BEST describes the type of threat being used?

  • A. XSS
  • B. APT
  • C. Zero-day attack
  • D. Man-in-the-middle attack

Answer: B

 

NEW QUESTION 79
In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an SQL statement that will provide how long a vulnerability has been present on the network.
Given the following output table:

Which of the following SQL statements would provide the resulted output needed for this correlation?

  • A. SELECT IP, PORT, PlugIn, ScanDate FROM MyResults SET PluginID=`1000'
  • B. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID=`1000'
  • C. SELECT Port, ScanDate, IP, PlugIn FROM MyResults WHERE PluginID=`1000'
  • D. SELECT ScanDate, IP, Port, PlugIn SET MyResults WHERE PluginID=`1000'

Answer: B

 

NEW QUESTION 80
The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:

Which of the following describes the reason why the discovery is failing?

  • A. The scan is returning LDAP error code 52255a.
  • B. The scanning tool lacks valid LDAP credentials.
  • C. The connection to the LDAP server is timing out.
  • D. The server running LDAP has antivirus deployed.
  • E. The LDAP server is configured on the wrong port.

Answer: B

 

NEW QUESTION 81
What organization manages the global IP address space?

  • A. ARIN
  • B. WorldNIC
  • C. NASA
  • D. IANA

Answer: D

 

NEW QUESTION 82
A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the BEST technique to address the CISO's concerns?

  • A. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
  • B. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
  • C. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
  • D. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.
    Monitor the files for unauthorized changes.

Answer: B

 

NEW QUESTION 83
A security analyst needs to reduce the overall attack surface.
Which of the following infrastructure changes should the analyst recommend?

  • A. Increase the network segmentation.
  • B. Air gap sensitive systems.
  • C. Implement a cloud-based architecture.
  • D. Implement a honeypot.

Answer: A

Explanation:
Reference:
https://www.securitymagazine.com/articles/89283-ways-to-reduce-your-attack-surface

 

NEW QUESTION 84
While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a foreign domain known to have well-funded groups that specifically target the company's R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes:

  • A. DNS harvesting.
  • B. an APT.
  • C. a zero-day exploit.
  • D. corporate espionage.

Answer: B

 

NEW QUESTION 85
Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?

  • A. The organization's physical routers
  • B. The organization's virtual infrastructure
  • C. The organization's mobile devices
  • D. The organization's VPN

Answer: B

 

NEW QUESTION 86
A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

  • A. A compensating control
  • B. Creating new account management procedures
  • C. Encrypting authentication traffic
  • D. Altering the password policy

Answer: C

 

NEW QUESTION 87
Given the following log snippet:

Which of the following describes the events that have occurred?

  • A. An attempt to make an SSH connection from "superman" was done using a password.
  • B. An attempt to make an SSH connection from outside the network was done using PKI.
  • C. An attempt to make an SSH connection from 192.168.1.166 was done using PKI.
  • D. An attempt to make an SSH connection from an unknown IP address was done using a password.

Answer: C

 

NEW QUESTION 88
The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

  • A. Fuzzing
  • B. Regression testing
  • C. Peer code reviews
  • D. Static code analysis
  • E. User acceptance testing

Answer: E

 

NEW QUESTION 89
Which of the following is the MOST important objective of a post-incident review?

  • A. Identify new technologies and strategies to remediate
  • B. Develop a process for containment and continue improvement efforts
  • C. Identify a new management strategy
  • D. Capture lessons learned and improve incident response processes

Answer: D

 

NEW QUESTION 90
After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

  • A. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer
  • B. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
  • C. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
  • D. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences

Answer: C

 

NEW QUESTION 91
An organization has recently found some of its sensitive information posted to a social media site.
An investigation has identified large volumes of data leaving the network with the source traced back to host 192.168.1.13. An analyst performed a targeted Nmap scan of this host with the results shown below:

Subsequent investigation has allowed the organization to conclude that all of the well-known, standard ports are secure. Which of the following services is the problem?

  • A. timbuktu-serv1
  • B. winHelper
  • C. ssh
  • D. mysql
  • E. rpcbind

Answer: A

 

NEW QUESTION 92
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:

Which of the following mitigation techniques is MOST effective against the above attack?

  • A. The company should implement the following ACL at their gateway firewall:DENY IP HOST
    192.168.1.1 170.43.30.0/24.
  • B. The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.
  • C. The company should implement a network-based sinkhole to drop all traffic coming from
    192.168.1.1 at their gateway router.
  • D. The company should enable the DoS resource starvation protection feature of the gateway NIPS.

Answer: B

 

NEW QUESTION 93
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/ XMLSchema-instance"></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200
0 1006 1001 0 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</
a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/
><a:Username>[email protected]</a:Username></request></Login></s:Body></ s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http:// tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/
></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - -
api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http:// tempuri.org/"> <request+xmlns:a="http://schemas.datacontract.org/2004/07/ somesite.web+xmlns:i="http://www.w3.org/2001/XMLSchema- instance"><a:Authentication>
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</
a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</ a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</ a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></ IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378
1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

  • A. The clients' usernames and passwords were transmitted in cleartext.
  • B. A SQL injection attack was carried out on the server.
  • C. An XSS scripting attack was carried out on the server.
  • D. The clients' authentication tokens were impersonated and replayed.

Answer: D

 

NEW QUESTION 94
A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:

Which of the following is MOST likely a false positive?

  • A. Windows SMB service enumeration via \srvsvc
  • B. Anonymous FTP enabled
  • C. ICMP timestamp request remote date disclosure
  • D. Unsupported web server detection

Answer: A

 

NEW QUESTION 95
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.

  • A. DST 172.10.45.5.
  • B. DST 138.10.25.5.
  • C. DST 175.35.20.5.
  • D. DST 138.10.2.5.
  • E. DST 172.10.3.5.

Answer: E

Explanation:
Explanation

 

NEW QUESTION 96
......

CompTIA Exam Practice Test To Gain Brilliante Result: https://www.practicedump.com/CS0-002_actualtests.html

Tested Material Used To CS0-002: https://drive.google.com/open?id=1QQhSAsSrU7uw7lHom2cec79incFdN9PD

Related Articles

more
CompTIA CS0-002 Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.