1 for specific request mail
CompTIA CySA+ CS0-002 Questions and Correct
Answers | Latest Update
A Chief Information Security Officer (CISO) is concerned developers have
too much visibility into customer data. Which of the following controls
should be implemented to BEST address these concerns?
A. Data masking
B. Data loss prevention
C. Data minimization
Assignment Expert
D. Data sovereignty
Guru01 - Stuvia
Ans: A
A Chief Information Security Officer (CISO) is concerned the development
team, which consists of contractors, has too much access to customer
2026
data. Developers use personal workstations, giving the company little to
no visibility into the development activities. Which of the following
©
would be BEST to implement to alleviate the CISO's concern?
A. DLP
B. Encryption
C. Test data
D. NDA
Ans: A
A Chief Information Security Officer (CISO) wants to upgrade an
organization's security posture by improving proactive activities
associated with attacks from internal and external threats. Which of the
following is the MOST proactive tool or technique that feeds incident
response capabilities?
, 2 for specific request mail
A. Development of a hypothesis as part of threat hunting
B. Log correlation, monitoring, and automated reporting through a SIEM
platform
C. Continuous compliance monitoring using SCAP dashboards
D. Quarterly vulnerability scanning using credentialed scans
Ans: A
A company recently experienced a break-in, whereby a number of
hardware assets were stolen through unauthorized access at the back of
Assignment Expert
the building. Which of the following would BEST prevent this type of
theft from occurring in the future?
Guru01 - Stuvia
A. Motion detection
B. Perimeter fencing
2026
C. Monitored security cameras
D. Badged entry
©
Ans: D
A company wants to establish a threat-hunting team. Which of the
following BEST describes the rationale for integrating intelligence into
hunt operation?
A. It enables the learn to prioritize the focus areas and tactics within the
company's environment.
B. It provides criticality analyses for key enterprise servers and services.
C. It allows analysts to receive routine updates on newly discovered
software vulnerabilities.
, 3 for specific request mail
D. It supports rapid response and recovery during and following an
incident.
Ans: A
A company was recently awarded several large government contracts and
wants to determine its current risk from one specific APT. Which of the
following threat modelling methodologies would be the MOST
appropriate to use during this analysis?
A. Attack vectors
Assignment Expert
B. Adversary capability
C. Diamond Model of Intrusion Analysis
Guru01 - Stuvia
D. Kill chain
E. Total attack surface
2026
Ans: B
A company's incident response team is handling a threat that was
©
identified on the network. Security analysts have determined a web
server is making multiple connections from TCP port 445 outbound to
servers inside its subnet as well as at remote sites. Which of the
following is the MOST appropriate next step in the incident response
plan?
A. Quarantine the web server.
B. Deploy virtual firewalls.
C. Capture a forensic image of the memory and disk.
D. Enable web server containerization.
Ans: A
CompTIA CySA+ CS0-002 Questions and Correct
Answers | Latest Update
A Chief Information Security Officer (CISO) is concerned developers have
too much visibility into customer data. Which of the following controls
should be implemented to BEST address these concerns?
A. Data masking
B. Data loss prevention
C. Data minimization
Assignment Expert
D. Data sovereignty
Guru01 - Stuvia
Ans: A
A Chief Information Security Officer (CISO) is concerned the development
team, which consists of contractors, has too much access to customer
2026
data. Developers use personal workstations, giving the company little to
no visibility into the development activities. Which of the following
©
would be BEST to implement to alleviate the CISO's concern?
A. DLP
B. Encryption
C. Test data
D. NDA
Ans: A
A Chief Information Security Officer (CISO) wants to upgrade an
organization's security posture by improving proactive activities
associated with attacks from internal and external threats. Which of the
following is the MOST proactive tool or technique that feeds incident
response capabilities?
, 2 for specific request mail
A. Development of a hypothesis as part of threat hunting
B. Log correlation, monitoring, and automated reporting through a SIEM
platform
C. Continuous compliance monitoring using SCAP dashboards
D. Quarterly vulnerability scanning using credentialed scans
Ans: A
A company recently experienced a break-in, whereby a number of
hardware assets were stolen through unauthorized access at the back of
Assignment Expert
the building. Which of the following would BEST prevent this type of
theft from occurring in the future?
Guru01 - Stuvia
A. Motion detection
B. Perimeter fencing
2026
C. Monitored security cameras
D. Badged entry
©
Ans: D
A company wants to establish a threat-hunting team. Which of the
following BEST describes the rationale for integrating intelligence into
hunt operation?
A. It enables the learn to prioritize the focus areas and tactics within the
company's environment.
B. It provides criticality analyses for key enterprise servers and services.
C. It allows analysts to receive routine updates on newly discovered
software vulnerabilities.
, 3 for specific request mail
D. It supports rapid response and recovery during and following an
incident.
Ans: A
A company was recently awarded several large government contracts and
wants to determine its current risk from one specific APT. Which of the
following threat modelling methodologies would be the MOST
appropriate to use during this analysis?
A. Attack vectors
Assignment Expert
B. Adversary capability
C. Diamond Model of Intrusion Analysis
Guru01 - Stuvia
D. Kill chain
E. Total attack surface
2026
Ans: B
A company's incident response team is handling a threat that was
©
identified on the network. Security analysts have determined a web
server is making multiple connections from TCP port 445 outbound to
servers inside its subnet as well as at remote sites. Which of the
following is the MOST appropriate next step in the incident response
plan?
A. Quarantine the web server.
B. Deploy virtual firewalls.
C. Capture a forensic image of the memory and disk.
D. Enable web server containerization.
Ans: A
