Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Certifications > CS0-002 > CS0-002 Online Practice Questions and Answers

CS0-002 Online Practice Questions and Answers

Questions 4

A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT. Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

A. Attack vectors

B. Adversary capability

C. Diamond Model of Intrusion Analysis

D. Kill chain

E. Total attack surface

Buy Now

Correct Answer: B

Reference: https://www.secureworks.com/blog/advanced-persistent-threats-apt-b

Questions 5

A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

A. parameterize.

B. decode.

C. guess.

D. decrypt.

Buy Now

Correct Answer: B

Explanation: Lime-based cookies are a type of cookies that use lime encoding to store data in a web browser. Lime encoding is a simple substitution cipher that replaces each character in a string with another character based on a fixed key.

Lime-based cookies are easy to decode because the key is publicly available and the encoding algorithm is simple. Anyone who intercepts or accesses the lime-based cookies can easily decode them and read the data stored in them. This is

a security concern because lime-based cookies are often used for session management, which means they store information about the user's identity and preferences on a web application. If an attacker can decode the lime-based cookies,

they can impersonate the user or access their sensitive information. Reference: : https://www.dcode.fr/lime-encryption :

https://www.techopedia.com/definition/1529/session-cookie

Questions 6

Which of the following is a reason to take a DevSecOps approach to a software assurance program?

A. To find and fix security vulnerabilities earlier in the development process

B. To speed up user acceptance testing in order to deliver the code to production faster

C. To separate continuous integration from continuous development in the SDLC

D. To increase the number of security-related bug fixes worked on by developers

Buy Now

Correct Answer: A

Questions 7

Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?

A. Multifactor authentication

B. Manual access reviews

C. Endpoint detection and response

D. Role-based access control

Buy Now

Correct Answer: D

RBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.

Questions 8

A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:

A. a tabletop exercise

B. a business impact analysis

C. a PCI assessment

D. an application stress test.

Buy Now

Correct Answer: B

Questions 9

After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company's computer.

Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

A. DENY TCP ANY HOST 10.38.219.20 EQ 3389

B. DENY IP HOST 10.38.219.20 ANY EQ 25

C. DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389

D. DENY TCP ANY HOST 192.168.1.10 EQ 25

Buy Now

Correct Answer: A

Questions 10

A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)

B. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs

C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack

D. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port

E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking

Buy Now

Correct Answer: CD

Questions 11

Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

A. 3 [0-9]\d-2[0-9]\d-4[0-9]\d

B. \d(3)-d(2)-\d(4)

C. ?[3]-?[2]-?[3]

D. \d[9] `XXX-XX-XX'

Buy Now

Correct Answer: B

Questions 12

A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensic lab. Which of the following items would be MOST helpful to secure the PC? (Choose three.)

A. Tamper-proof seals

B. Faraday cage

C. Chain of custody form

D. Drive eraser

E. Write blockers

F. Network tap

G. Multimeter

Buy Now

Correct Answer: ABC

Questions 13

A security analyst is reviewing the following requirements (or new time clocks that will be installed in a shipping warehouse:

1.

The clocks must be configured so they do not respond to ARP broadcasts.

2.

The server must be configured with static ARP entries for each clock.

Which of the following types of attacks will this configuration mitigate?

A. Spoofing

B. Overflows

C. Rootkits

D. Sniffing

Buy Now

Correct Answer: A

Exam Code: CS0-002
Exam Name: CompTIA Cybersecurity Analyst (CySA+)
Last Update: May 28, 2026
Questions: 1059

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.