CompTIA CySA+ (CS0-002) Free Practice Exam Questions

338 real CompTIA CySA+ (CS0-002) exam questions with answers and AI explanations. CompTIA certification prep — page 3 of 34.

  1. Question 24: During a review of SIEM alerts, a security analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring tool about files from…
  2. Question 25: Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
  3. Question 27: An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation…
  4. Question 28: Which of the following threat classifications would MOST likely use polymorphic code?
  5. Question 29: Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical busines…
  6. Question 30: A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines…
  7. Question 31: A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for…
  8. Question 33: A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database…
  9. Question 34: A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST…
  10. Question 35: A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can iden…