1 for specific request mail
B.4 CompTIA CySA+ CS0-002 Certification Practice
Exam Questions and Correct Answers | Latest Update
Some Remote Access Trojans (RATs) install a web server to allow access
to the infected machine. Others use a custom application that is run on
the remote machine, such as ProRAT. Once infected with this custom
application, which other types of infections are possible with this tool
installed? (Select two.)
Answer
Assignment Expert
Rootkit
Network enumeration
Guru01 - Stuvia
DDoS attack
Ransomware
2026
SYN attack
Ans: Rootkit
©
Ransomware
Which of the following BEST describes a phishing attack?
Answer
This attack is used to intercept communications between an authorized
user and the web server.
A user is tricked into believing that a legitimate website is requesting
their login information.
An attacker alters the XSS to run a Trojan horse with the victim's web
browser.
, 2 for specific request mail
In this attack, attackers use various weaknesses to hack into seemingly
secure passwords.
Ans: A user is tricked into believing that a legitimate website is
requesting their login information.
Tom, a security analyst, is notified by Karen, an employee, that her work
iPad has some setting changes and a new app that she didn't download.
What is the first step Tom should take?
Answer
Assignment Expert
Look through the event log for suspicious events.
Ask Karen to turn off the device.
Guru01 - Stuvia
Search online for any new known malware threats that match the
indicators of compromise (IOCs).
Run an antivirus software scan on Karen's device and scan the entire
2026
network.
©
Ans: Run an antivirus software scan on Karen's device and scan the
entire network.
Which of the following tools can be used to create botnets?
Answer
Shark, PlugBot, and Poison Ivy
Poison Ivy, Targa, and LOIC
Trin00, Targa, and Jolt2
Jolt2, PlugBot, and Shark
Ans: Shark, PlugBot, and Poison Ivy
, 3 for specific request mail
You have configured your pfsense firewall to block URLs using DNS. You
have selected the block lists that work best for your company's needs.
You have tested on your machine and traffic to those sites in the list are
blocked as expected. As you walk through your office several months
later, you notice that a user is on a site that is supposed to be blocked.
What might explain this?
Answer
The DNS cache on the user's local machine contains the information for
that site.
Assignment Expert
The service has stopped and is no longer functioning.
Guru01 - Stuvia
Your firewall allows DNS requests to outside DNS servers.
The user has hacked your firewall to allow their traffic through.
Ans: Your firewall allows DNS requests to outside DNS servers.
2026
Which of the following is the process of obfuscating data by changing it
©
into random characters?
Answer
Data privacy
Data masking
Encryption
Tokenization
Ans: Data masking
Which type of breach happens when an attacker removes or transfers
data from your system to another?
Answer
, 4 for specific request mail
Insider data breach
Data integrity and availability
Data exfiltration
Accidental data breach
Ans: Data exfiltration
You have been asked to perform a penetration test for a company to see
if any sensitive information can be captured by a potential hacker. You
have used Wireshark to capture a series of packets. Using the tcp
Assignment Expert
contains Invoice filter, you have found one packet. Using the captured
information shown, which of the following is the name of the company
Guru01 - Stuvia
requesting payment?
Answer
Lowes
2026
Wood Specialist
©
ACME, Inc.
The Home Depot
Ans: ACME, Inc.
Where should VM administration occur?
Answer
On the virtual machine
On the hypervisor
On the hypervisor and virtual machine
On the host machine
B.4 CompTIA CySA+ CS0-002 Certification Practice
Exam Questions and Correct Answers | Latest Update
Some Remote Access Trojans (RATs) install a web server to allow access
to the infected machine. Others use a custom application that is run on
the remote machine, such as ProRAT. Once infected with this custom
application, which other types of infections are possible with this tool
installed? (Select two.)
Answer
Assignment Expert
Rootkit
Network enumeration
Guru01 - Stuvia
DDoS attack
Ransomware
2026
SYN attack
Ans: Rootkit
©
Ransomware
Which of the following BEST describes a phishing attack?
Answer
This attack is used to intercept communications between an authorized
user and the web server.
A user is tricked into believing that a legitimate website is requesting
their login information.
An attacker alters the XSS to run a Trojan horse with the victim's web
browser.
, 2 for specific request mail
In this attack, attackers use various weaknesses to hack into seemingly
secure passwords.
Ans: A user is tricked into believing that a legitimate website is
requesting their login information.
Tom, a security analyst, is notified by Karen, an employee, that her work
iPad has some setting changes and a new app that she didn't download.
What is the first step Tom should take?
Answer
Assignment Expert
Look through the event log for suspicious events.
Ask Karen to turn off the device.
Guru01 - Stuvia
Search online for any new known malware threats that match the
indicators of compromise (IOCs).
Run an antivirus software scan on Karen's device and scan the entire
2026
network.
©
Ans: Run an antivirus software scan on Karen's device and scan the
entire network.
Which of the following tools can be used to create botnets?
Answer
Shark, PlugBot, and Poison Ivy
Poison Ivy, Targa, and LOIC
Trin00, Targa, and Jolt2
Jolt2, PlugBot, and Shark
Ans: Shark, PlugBot, and Poison Ivy
, 3 for specific request mail
You have configured your pfsense firewall to block URLs using DNS. You
have selected the block lists that work best for your company's needs.
You have tested on your machine and traffic to those sites in the list are
blocked as expected. As you walk through your office several months
later, you notice that a user is on a site that is supposed to be blocked.
What might explain this?
Answer
The DNS cache on the user's local machine contains the information for
that site.
Assignment Expert
The service has stopped and is no longer functioning.
Guru01 - Stuvia
Your firewall allows DNS requests to outside DNS servers.
The user has hacked your firewall to allow their traffic through.
Ans: Your firewall allows DNS requests to outside DNS servers.
2026
Which of the following is the process of obfuscating data by changing it
©
into random characters?
Answer
Data privacy
Data masking
Encryption
Tokenization
Ans: Data masking
Which type of breach happens when an attacker removes or transfers
data from your system to another?
Answer
, 4 for specific request mail
Insider data breach
Data integrity and availability
Data exfiltration
Accidental data breach
Ans: Data exfiltration
You have been asked to perform a penetration test for a company to see
if any sensitive information can be captured by a potential hacker. You
have used Wireshark to capture a series of packets. Using the tcp
Assignment Expert
contains Invoice filter, you have found one packet. Using the captured
information shown, which of the following is the name of the company
Guru01 - Stuvia
requesting payment?
Answer
Lowes
2026
Wood Specialist
©
ACME, Inc.
The Home Depot
Ans: ACME, Inc.
Where should VM administration occur?
Answer
On the virtual machine
On the hypervisor
On the hypervisor and virtual machine
On the host machine
