CySA+ (CS0-002) 2026 Exam
Questions and Correct
Answers | New Update
An analyst needs to forensically examine a Windows machine that was
compromised by a threat actor.
Intelligence reports state this specific threat actor is characterized by
hiding malicious artifacts, especially with
alternate data streams. Based on this intelligence, which of the following
BEST explains alternate data
streams?
,A. A different way data can be streamlined if the user wants to use less
memory on a Windows system for
forking resources
B. A way to store data on an external drive attached to a Windows
machine that is not readily accessible to
users
C. A windows attribute that provides for forking resources and is
potentially used to hide the presence of
secret or malicious files inside the file records of a benign file
D. A Windows attribute that can be used by attackers to hide malicious
files within system memory - ANSWER ✔✔D. A Windows attribute
that can be used by attackers to hide malicious files within system
memory
An executive assistant wants to onboard a new cloud-based product to
help with business analytics and
dashboarding. Which of the following would be the BEST integration
option for this service?
A. Manually log in to the service and upload data files on a regular basis.
,B. Have the internal development team script connectivity and file
transfers to the new service.
C. Create a dedicated SFTP site and schedule transfers to ensure file
transport security.
D. Utilize the cloud product's API for supported and ongoing integrations.
- ANSWER ✔✔D. Utilize the cloud product's API for supported and
ongoing integrations
Data spillage occurred when an employee accidentally emailed a
sensitive file to an external recipient. Which
of the following controls would have MOST likely prevented this
incident?
A. SSO
B. DLP
C. WAF
D. VDI - ANSWER ✔✔B. DLP
A development team is testing a new application release. The team
needs to import existing client PHI data
records from the production environment to the test environment to test
accuracy and functionality. Which of
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2026. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, the following would BEST protect the sensitivity of this data while still
allowing the team to perform the
testing?
A. Deidentification
B. Encoding
C. Encryption
D. Watermarking - ANSWER ✔✔A. Deidentification
Which of the following are components of the intelligence cycle? (Select
TWO).
A. Collection
B. Normalization
C. Response
D. Analysis
E. Correction
F. Dissension - ANSWER ✔✔A. Collection
D. Analysis
During an investigation, a security analyst identified machines that are
infected with malware the antivirus was
Questions and Correct
Answers | New Update
An analyst needs to forensically examine a Windows machine that was
compromised by a threat actor.
Intelligence reports state this specific threat actor is characterized by
hiding malicious artifacts, especially with
alternate data streams. Based on this intelligence, which of the following
BEST explains alternate data
streams?
,A. A different way data can be streamlined if the user wants to use less
memory on a Windows system for
forking resources
B. A way to store data on an external drive attached to a Windows
machine that is not readily accessible to
users
C. A windows attribute that provides for forking resources and is
potentially used to hide the presence of
secret or malicious files inside the file records of a benign file
D. A Windows attribute that can be used by attackers to hide malicious
files within system memory - ANSWER ✔✔D. A Windows attribute
that can be used by attackers to hide malicious files within system
memory
An executive assistant wants to onboard a new cloud-based product to
help with business analytics and
dashboarding. Which of the following would be the BEST integration
option for this service?
A. Manually log in to the service and upload data files on a regular basis.
,B. Have the internal development team script connectivity and file
transfers to the new service.
C. Create a dedicated SFTP site and schedule transfers to ensure file
transport security.
D. Utilize the cloud product's API for supported and ongoing integrations.
- ANSWER ✔✔D. Utilize the cloud product's API for supported and
ongoing integrations
Data spillage occurred when an employee accidentally emailed a
sensitive file to an external recipient. Which
of the following controls would have MOST likely prevented this
incident?
A. SSO
B. DLP
C. WAF
D. VDI - ANSWER ✔✔B. DLP
A development team is testing a new application release. The team
needs to import existing client PHI data
records from the production environment to the test environment to test
accuracy and functionality. Which of
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2026. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, the following would BEST protect the sensitivity of this data while still
allowing the team to perform the
testing?
A. Deidentification
B. Encoding
C. Encryption
D. Watermarking - ANSWER ✔✔A. Deidentification
Which of the following are components of the intelligence cycle? (Select
TWO).
A. Collection
B. Normalization
C. Response
D. Analysis
E. Correction
F. Dissension - ANSWER ✔✔A. Collection
D. Analysis
During an investigation, a security analyst identified machines that are
infected with malware the antivirus was
