CySA+ (CS0-002) Review Questions | Practice Test / Quiz / MCQs

Home > CompTIA Security+ Certification > Quizzes > CySA+ (CS0-002) Review Questions

CySA+ (CS0-002) Review Questions

Fast practice, instant feedback. Timer auto-submits when time’s up.

Avg score: 14% • Most missed: “What document is the basis of an incident response program?”

CompTIA Cybersecurity Analyst (CySA+) certification applies behavioral analytics to networks and devices for preventing, detecting, and combating cybersecurity threats by using security monitoring.

CompTIA CySA+ (CS0-002) Certification Exam covers these topics:

1: Threat and Vulnerability Management
2: Software and Systems Security
3: Security Operations and Monitoring
4: Incident Response
5: Compliance and Assessment

CySA+ (CS0-002) Review Questions

Time left 00:00

25 Questions

1. how can you view what USB devices have been used?

pattern match• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browserUSB Historian

2. What is the order of volitility (high to low)?

pattern matchUSB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser

3. grep -e

pattern matchA malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historian

4. Cross-Site Request Forgery (XSRF/CSRF)

• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browserpattern matchUSB Historian

5. smash the stack

pattern matchUSB HistorianOccurs when an attacker fills up the buffer with NOP (NOP slide) so that the return address may hit a NOP and continue on until it finds the attacker’s code to run• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

6. Infrastructure as a service (IaaS)

7. What's a transparent proxy

pattern match• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)Proxy where client has no idea its thereUSB Historian

8. 3 open source file analysis tools

SIFT CAINE Autopsypattern match• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historian

9. to protect against attacks, configure SIEM to look for:

USB Historianpattern match• privileged account change • privilege changes and grants • account creation and modification • employee termination • terminated account usage • account life cycle management events • separation of duty violations• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

10. Name something structured and then something unstructured that a DLP can scan

11. Name 4 vulnerability scanners

USB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)Nessus (Tenable) Qualsys – uses SaaS to run scans using on-premise and cloud appliances Nextpose (Rapid7) OpenVAS – freepattern match

12. just a massive nmap swtch card

USB Historianpattern match• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)◦ List Scan (-sL) ▪ Lists the IP addresses from the supplied target range(s) and performs a reverse-DNS query to discover any host names associated with those IPs ◦ TCP SYN ping (-PS ) ▪ Probes specific ports from the given list using a TCP SYN packet instead of an ICMP packet to conduct the ping ◦ Sparse Scanning (--scan-delay ) ▪ Issues probes with significant delays to become stealthier and avoid detection by an IDS or IPS ◦ Scan Timing (-Tn) ▪ Issues probes with using a timing pattern with n being the pattern to utilize (0 is slowest and 5 is fastest) ◦ TCP Idle Scan (-sI) ▪ Another stealth method, this scan makes it appear that another machine (a zombie) started the scan to hide the true identity of the scanning machine ◦ Fragmentation (-f or --mtu) ▪ A technique that splits the TCP header of each probe between multiple IP datagrams to make it hard for an IDS or IPS to detect • -On send to file normally • oX send to file XML • oG send to file greppable nmap port scans◦ TCP SYN (-sS) ▪ Conducts a half-open scan by sending a SYN packet to identify the port state without sending an ACK packet afterwards ◦ TCP Connect (-sT) ▪ Conducts a three-way handshake scan by sending a SYN packet to identify the port state and then sending an ACK packet once the SYN-ACK is received ◦ Null Scan (-sN) ▪ Conducts a scan by sending a packet with the header bit set to zero ◦ FIN Scan (-sF) ▪ Conducts a scan by sending an unexpected FIN packet ◦ Xmas Scan (-sX) (this will easily be detected) ▪ Conducts a scan by sending a packet with the FIN, PSH, and URG flags set to one ◦ UDP Scan (-sU) ▪ Conducts a scan by sending a UDP packet to the target and waiting for a response or timeout ◦ Port Range (-p) ▪ Conducts a scan by targeting the specified ports instead of the default of the 1,000 most commonly used ports

13. Linux lsof

USB Historianpattern matchlist of open files (inlcudes processes)• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

14. grep -c cysa example.txt

count number of occurrencespattern matchUSB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

15. What's the difference between immediate and total impact cost?

Immediate - measurement based on the direct costs incurred because of an incident, such as downtime, asset damage, penalties, and fees Total - measurement based on the costs that arise both during and following the incident, including damage to the company's reputationUSB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)pattern match

16. Stateful Inspection firewall

basic standalone, maintains info on the state of each connectionpattern match• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historian

17. NIST 800-53 High Category requirements

• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historianpattern matchHigh category requires minimum of items 1,2,4,5 1. update tools, 2. update vuln list, 4. discover what info is discoverable by adversaries, 5. run privileged scan

18. 2 windows and 4 linux service analysis tools

▪ services.msc (win) ▪ netstat (win) ▪ cron (linux) ▪ systemctl (linux) ▪ ps (linux) ▪ top (linux)• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)pattern matchUSB Historian

19. examples of physical controls

fences security guards locks bollards fire control systemspattern matchUSB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

20. What does iPerf do?

• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historianpattern matchmeasures the max bandwidth an IP network can handle

21. how many times larger is an NTP response than a request?

22. where do you look for linux logs

pattern match/var/log• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)USB Historian

23. Man in the Browser (MiTB)

USB Historian• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)attack that intercepts API calls between the browser and process DLLspattern match

24. What is the difference between an evaluation, assessment, and audit?

USB Historianpattern matchEvaluation - A less methodical process of testing that is aimed at examining outcomes or proving usefulness of Evaluation depends more on the judgement of the evaluator than on a checklist or framework Assessment - The process of testing the subject against a checklist of requirements in a highly structured way for measurement against an absolute standard Audit - A more rigid process than assessments or evaluations, in which the auditor compares the organization against a predefined baseline to identify areas that require remediation• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

25. Describe OpenID

pattern matchUSB Historianoften paired with OAuth to provide authentication. • Allows the authorization server to issue an ID token in addition to the authorization token provided by OAuth. This allows the services to know that the action was authorized and tat the user authenticated with the identity provider. • Authorization: No • Authentication: Yes • Potential security risks: ◦ redirect manipulation ◦ message confidentiality ◦ replay attacks ◦ CSRF/XSS attacks ◦ phishing • Common uses: Authentication• CPU Cache, registers, running processes (Router table registers, ARP cache, process table, kernel statistics, memory) • Network Traffic • (Temporary file systems) • Disk Drives • (Remote logging and monitoring data) • (Physical configuration, network topology) • Backups, printouts, optical media (archival media)

⚡ Recently practiced quizzes in this topic

Live quiz activity

CompTIA Security+ Certification Exam CompTIA Cybersecurity Analyst Plus CySA+ CS0-001 Questions CompTIA Security+ SY0-601 Certification Exam Terms To Know Hardening Pentest+ Physical Security Cybersecurity Assessment Test Virtualization (And Security) Overview of Security Secure Software Development

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com