CySA+ (CS0-002) Review Questions | Practice Test / Quiz / MCQs

Home > CompTIA Security+ Certification > Quizzes > CySA+ (CS0-002) Review Questions

CySA+ (CS0-002) Review Questions

Fast practice, instant feedback. Timer auto-submits when time’s up.

Avg score: 14% • Most missed: “What document is the basis of an incident response program?”

CompTIA Cybersecurity Analyst (CySA+) certification applies behavioral analytics to networks and devices for preventing, detecting, and combating cybersecurity threats by using security monitoring.

CompTIA CySA+ (CS0-002) Certification Exam covers these topics:

1: Threat and Vulnerability Management
2: Software and Systems Security
3: Security Operations and Monitoring
4: Incident Response
5: Compliance and Assessment

CySA+ (CS0-002) Review Questions

Time left 00:00

25 Questions

1. What is the difference between verification and validation?

automated behavior based monitoring of authentication and authorization systems1. Forward proxy (at the host) 3. Reverse proxy (at the cloud edge) 3. APIdeploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

2. What can help detect Kerberos attacks?

1. Forward proxy (at the host) 3. Reverse proxy (at the cloud edge) 3. APIautomated behavior based monitoring of authentication and authorization systemsVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)deploy services into cloud environments.

3. Service Orchestration

deploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systems1. Forward proxy (at the host) 3. Reverse proxy (at the cloud edge) 3. API

4. What 3 ways can a CASB be set up?

5. What is Open Indicators of Compromise (OpenOIC) and who created it?

Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)XML based, alternative to STIX created by Mandiantdeploy services into cloud environments.automated behavior based monitoring of authentication and authorization systems

6. What are the 3 components of a SOAR?

1. Threat and Vulnerability management ▪ threat management tools ▪ vulnerability scanners ▪ workflow, reporting, collaboration tools that support above 2. Security Incident Response – tools that manage incidents from start to finish 3. Security Operations and Automation ▪ orchestration and workflow tools ▪ reporting ▪ policy management ▪ process managementVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systemsdeploy services into cloud environments.

7. What's the difference between immediate and total impact cost?

automated behavior based monitoring of authentication and authorization systemsdeploy services into cloud environments.Immediate - measurement based on the direct costs incurred because of an incident, such as downtime, asset damage, penalties, and fees Total - measurement based on the costs that arise both during and following the incident, including damage to the company's reputationVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

8. 3 components of the NIST Cybersecurity framework

automated behavior based monitoring of authentication and authorization systemsFramework core Framework implementation tiers Framework profilesVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)deploy services into cloud environments.

9. 3 open source file analysis tools

deploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)SIFT CAINE Autopsyautomated behavior based monitoring of authentication and authorization systems

10. What indicators does a jpg have in it's header and footer

xFF\xD8 in header xFF\xD9 in footerautomated behavior based monitoring of authentication and authorization systemsdeploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

11. Describe OpenID

often paired with OAuth to provide authentication. • Allows the authorization server to issue an ID token in addition to the authorization token provided by OAuth. This allows the services to know that the action was authorized and tat the user authenticated with the identity provider. • Authorization: No • Authentication: Yes • Potential security risks: ◦ redirect manipulation ◦ message confidentiality ◦ replay attacks ◦ CSRF/XSS attacks ◦ phishing • Common uses: Authenticationautomated behavior based monitoring of authentication and authorization systemsVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)deploy services into cloud environments.

12. Dynamic port range

13. Modbus

deploy services into cloud environments.a communication protocol that gives control servers and SCADA hosts the ability to query and change the configuration of each PLCautomated behavior based monitoring of authentication and authorization systemsVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

14. what is a compensating control

deploy services into cloud environments.automated behavior based monitoring of authentication and authorization systemsfix something to mitigate what you can't fixVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

15. heap overflows

Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)deploy services into cloud environments.automated behavior based monitoring of authentication and authorization systemstarget heap, which stores objects (dynamically sized variables) created by code and must be managed by application developers

16. How do you provide depth in integrity?

automated behavior based monitoring of authentication and authorization systemsVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)file integrity checks or system validation toolsdeploy services into cloud environments.

17. What are the NIST Recoverability effort categories of downtime?

Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)Regular – time to recovery is predictable with existing resources Supplemented – time to recovery is predictable with additional resources Extended - time to recovery is unpredictable. Additional resources / outside help needed Not recoverable – (e.g. sensitive data exfiltrated and posted publicly)deploy services into cloud environments.automated behavior based monitoring of authentication and authorization systems

18. What is the difference between ICS and SCADA

ICS is one plant, SCADA is for many plantsdeploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systems

19. Software as a Service (SaaS)

automated behavior based monitoring of authentication and authorization systemscomplete application is provided. Everything typically through web browser. Almost all responsibility with the cloud provider (Gmail, etc) consumers responsible for application security, account provisions and authorizationsdeploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

20. Where do Document Object Model (DOM) attacks occur?

within a database maintained by the user’s browser. They are never seen by the remote web server, example.com/index.htm#default=alert document.cookie)Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systemsdeploy services into cloud environments.

21. According to PCI-DSS, who can run internal vulnerability scans ?

deploy services into cloud environments.Any qualified personnelVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systems

22. CVSS Score levels

0.0 None 0.1-3.9 Low 4.0-6.9 Medium 7.0-8.9 High 9.0-10 Criticalautomated behavior based monitoring of authentication and authorization systemsdeploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

23. Privilege Access Management (PAM)

PAM changes the password, gives the scanner credentials, and then the scanner contacts the PAM after the scan and the privileges are taken away.deploy services into cloud environments.automated behavior based monitoring of authentication and authorization systemsVerification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)

24. name 4 web application security scanners

25. icacls (WIN)

deploy services into cloud environments.Verification - A compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or that a product or system meets its design goals Validation - The process of determining whether the security system is fit for purpose (meets the needs of the client). Fit for purpose, in the ITIL framework, is known as utility (meets the designed needs of the software or service)automated behavior based monitoring of authentication and authorization systemsA command-line tool for showing and modifying file permissions

⚡ Recently practiced quizzes in this topic

Live quiz activity

CompTIA Security+ Certification Exam CompTIA Cybersecurity Analyst Plus CySA+ CS0-001 Questions CompTIA Security+ SY0-601 Certification Exam Terms To Know Hardening Pentest+ Physical Security Cybersecurity Assessment Test Virtualization (And Security) Overview of Security Secure Software Development

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com