1 for specific request mail
CompTIA CySA+ (CS0-002) Practice Exam 1
Questions and Correct Answers | Latest Update
A cybersecurity analyst reviews the logs of a proxy server and saw the
following URL, https://www.google.com/search?q=*%40diontraining.com.
Which of the following is true about the results of this search?
A. Returns no useful results for an attacker
B. Returns all web pages containing an email address affiliated with
diontraining.com
Assignment Expert
C.Returns all web pages hosted at diontrainning.com
Guru01 - Stuvia
D. Returns all web pages containing the text diontraining.com
Ans: B. Returns all web pages containing an email address affiliated
with diontraining.com
2026
Google interprets this statement as <anything>@diontraining.com and
understands that the user is searching for email addresses since %40 is
©
the hex code for the @ symbol. The is a wild card character meaning that
any text could be substituted for the in the query. This type of search
would provide an attacker with a list of email addresses associated with
diontraining.com, which could be used as part of a spear phishing
campaign. To return all web pages hosted at diontraining.com, you
should use the "site:" modifier in the query. To return all web pages with
the text diontraining.com, enter "diontraining.com" into the Google
search bar with no modifiers to return those results.
Protected health information (PHI)
Ans: is defined as any information that identifies someone as the
subject of medical and insurance records, plus their associated hospital
and laboratory test results. This type of data is protected by the Health
Insurance Portability and Accountability Act (HIPAA).
, 2 for specific request mail
Which of the following types of data breaches would require that the US
Department of Health and Human Services and the media be notified if
more than 500 individuals are affected by a data breach?
A. Trade secret information
B. Protected health information
C. Credit card information
D. Personally identifiable information
Ans: B. Protected health information
Assignment Expert
OBJ-5.1: Protected health information (PHI) is defined as any information
Guru01 - Stuvia
that identifies someone as the subject of medical and insurance records,
plus their associated hospital and laboratory test results. This type of
data is protected by the Health Insurance Portability and Accountability
Act (HIPAA). It requires notification of the individual, the Secretary of the
2026
US Department of Health and Human Services (HHS), and the media (if
more than 500 individuals are affected) in the case of a data breach.
©
Personally identifiable information (PII) is any data that can be used to
identify, contact, or impersonate an individual. Credit card information is
protected under the PCI DSS information security standard. Trade secret
information is protected by the organization that owns those secrets.
Personally identifiable information (PII) is
Ans: any data that can be used to identify, contact, or impersonate an
individual.
Credit card information is
Ans: protected under the PCI DSS information security standard.
Trade secret information is
Ans: protected by the organization that owns those secrets.
, 3 for specific request mail
Fail to Pass Systems has suffered a data breach. Your analysis of
suspicious log activity traced the source of the data breach to an
employee in the accounting department's personally-owned smartphone
connected to the company's wireless network. The smartphone has been
isolated from the network now, but the employee refuses to allow you to
image their smartphone to complete your investigation forensically.
According to the employee, the company's BYOD policy does not require
her to give you her device, and it is an invasion of their privacy. Which of
the following phases of the incident response process is at fault for
creating this situation?
Assignment Expert
A. Detection and analysis phase
B . Containment phase
Guru01 - Stuvia
C .Preparation Phase
D. Eradication and recovery phase
2026
Ans: C .Preparation Phase
©
OBJ-5.1: As part of the preparation phase, obtaining authorization to
seize devices (including personally owned electronics) should have been
made clear and consented to by all employees. If the proper
requirements were placed into the BYOD policy before the incident
occurred, this would have prevented this situation. Either the employee
would be willing to hand over their device for imaging following the
BYOD policy, or they would never have connected their device to the
company wireless network in the first place if they were concerned with
their privacy and understood the BYOD policy. Based on the scenario
provided, the detection and analysis phase was conducted properly since
the analyst was able to identify the breach and detect the source. The
containment phase would be responsible for the segmentation and
isolation of the device which has occurred. Eradication and recovery
would involve patching, restoring, mitigating, and remediating the
CompTIA CySA+ (CS0-002) Practice Exam 1
Questions and Correct Answers | Latest Update
A cybersecurity analyst reviews the logs of a proxy server and saw the
following URL, https://www.google.com/search?q=*%40diontraining.com.
Which of the following is true about the results of this search?
A. Returns no useful results for an attacker
B. Returns all web pages containing an email address affiliated with
diontraining.com
Assignment Expert
C.Returns all web pages hosted at diontrainning.com
Guru01 - Stuvia
D. Returns all web pages containing the text diontraining.com
Ans: B. Returns all web pages containing an email address affiliated
with diontraining.com
2026
Google interprets this statement as <anything>@diontraining.com and
understands that the user is searching for email addresses since %40 is
©
the hex code for the @ symbol. The is a wild card character meaning that
any text could be substituted for the in the query. This type of search
would provide an attacker with a list of email addresses associated with
diontraining.com, which could be used as part of a spear phishing
campaign. To return all web pages hosted at diontraining.com, you
should use the "site:" modifier in the query. To return all web pages with
the text diontraining.com, enter "diontraining.com" into the Google
search bar with no modifiers to return those results.
Protected health information (PHI)
Ans: is defined as any information that identifies someone as the
subject of medical and insurance records, plus their associated hospital
and laboratory test results. This type of data is protected by the Health
Insurance Portability and Accountability Act (HIPAA).
, 2 for specific request mail
Which of the following types of data breaches would require that the US
Department of Health and Human Services and the media be notified if
more than 500 individuals are affected by a data breach?
A. Trade secret information
B. Protected health information
C. Credit card information
D. Personally identifiable information
Ans: B. Protected health information
Assignment Expert
OBJ-5.1: Protected health information (PHI) is defined as any information
Guru01 - Stuvia
that identifies someone as the subject of medical and insurance records,
plus their associated hospital and laboratory test results. This type of
data is protected by the Health Insurance Portability and Accountability
Act (HIPAA). It requires notification of the individual, the Secretary of the
2026
US Department of Health and Human Services (HHS), and the media (if
more than 500 individuals are affected) in the case of a data breach.
©
Personally identifiable information (PII) is any data that can be used to
identify, contact, or impersonate an individual. Credit card information is
protected under the PCI DSS information security standard. Trade secret
information is protected by the organization that owns those secrets.
Personally identifiable information (PII) is
Ans: any data that can be used to identify, contact, or impersonate an
individual.
Credit card information is
Ans: protected under the PCI DSS information security standard.
Trade secret information is
Ans: protected by the organization that owns those secrets.
, 3 for specific request mail
Fail to Pass Systems has suffered a data breach. Your analysis of
suspicious log activity traced the source of the data breach to an
employee in the accounting department's personally-owned smartphone
connected to the company's wireless network. The smartphone has been
isolated from the network now, but the employee refuses to allow you to
image their smartphone to complete your investigation forensically.
According to the employee, the company's BYOD policy does not require
her to give you her device, and it is an invasion of their privacy. Which of
the following phases of the incident response process is at fault for
creating this situation?
Assignment Expert
A. Detection and analysis phase
B . Containment phase
Guru01 - Stuvia
C .Preparation Phase
D. Eradication and recovery phase
2026
Ans: C .Preparation Phase
©
OBJ-5.1: As part of the preparation phase, obtaining authorization to
seize devices (including personally owned electronics) should have been
made clear and consented to by all employees. If the proper
requirements were placed into the BYOD policy before the incident
occurred, this would have prevented this situation. Either the employee
would be willing to hand over their device for imaging following the
BYOD policy, or they would never have connected their device to the
company wireless network in the first place if they were concerned with
their privacy and understood the BYOD policy. Based on the scenario
provided, the detection and analysis phase was conducted properly since
the analyst was able to identify the breach and detect the source. The
containment phase would be responsible for the segmentation and
isolation of the device which has occurred. Eradication and recovery
would involve patching, restoring, mitigating, and remediating the
