1 for specific request mail
Percipio (Skillsoft) CompTIA Cybersecurity Analyst
(CySA+) CS0-002 Questions and Correct Answers |
Latest Update
Which one of the following objectives is not one of the three main
objectives that information security professionals must achieve to
protect their organizations against cybersecurity threats?
A. Integrity
B. Nonrepudiation
Assignment Expert
C. Availability
D. Confidentiality
Guru01 - Stuvia
Ans: Answer: B - Nonrepudiation
The three primary objectives of cybersecurity professionals are
2026
confidentiality, integrity, and availability.
Tommy is assessing the security of several database servers in his
©
datacenter and realizes that one of them is missing a critical Oracle
security patch. What type of situation has Tommy detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat
Ans: Answer: B - Vulnerability
In this scenario, Tommy identified a deficiency in the security of his web
server that renders it vulnerable to attack. This is a security
vulnerability. Tommy has not yet identified a specific risk because he has
, 2 for specific request mail
not identified a threat (such as a hacker) that might exploit this
vulnerability.
Ben is preparing to conduct a cybersecurity risk assessment for his
organization. If he chooses to follow the standard process proposed by
NIST, which one of the following steps would come first?
A. Determine likelihood
B. Determine impact
C. Identify threats
Assignment Expert
D. Identify vulnerabilities
Guru01 - Stuvia
Ans: Answer: C - Identify threats
The NIST risk assessment process says that organizations should identify
threats before identifying vulnerabilities or determining the likelihood
and impact of risks.
2026
Cindy is conducting a cybersecurity risk assessment and is considering
©
the impact that a failure of her city's power grid might have on the
organization. What type of threat is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Ans: Answer: D - Environmental
Widespread infrastructure failures, such as those affecting the power grid
or telecommunications circuits, are considered man-made disasters and
fall under the category of environmental threats.
, 3 for specific request mail
Which one of the following categories of threat requires that
cybersecurity analysts consider the capability, intent, and targeting of
the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Ans: Answer: A - Adversarial
Assignment Expert
Adversarial threat analysis requires examining the capability of the threat
Guru01 - Stuvia
source, the intent of the threat source, and the likelihood that the threat
will target the organization.
Vincent is responding to a security incident that compromised one of his
organization's web servers. He does not believe that the attackers
2026
modified or stole any information, but they did disrupt access to the
organization's website. What cybersecurity objective did this attack
©
violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
Ans: Answer: D - Availability
In an availability attack, the attacker disrupts access to information or a
service by legitimate users. In this attack, the attacker disrupted access
to the organization's website, violating the principle of availability.
, 4 for specific request mail
Which one of the following is an example of an operational security
control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests
Ans: Answer: D - Penetration tests
Assignment Expert
Penetration tests are an example of an operational security control.
Encryption software, network firewalls, and antivirus software are all
Guru01 - Stuvia
examples of technical security controls.
Paul recently completed a risk assessment and determined that his
network was vulnerable to hackers connecting to open ports on servers.
He implemented a network firewall to reduce the likelihood of a
2026
successful attack. What risk management strategy did Paul choose to
pursue?
©
A. Risk mitigation
B. Risk avoidance
C. Risk transference
D. Risk acceptance
Ans: Answer: A - Risk mitigation
Any action that an organization takes to reduce the likelihood or impact
of a risk is an example of risk mitigation. In this case, Paul chose to
implement a technical control—a network firewall—to mitigate the
likelihood of a successful attack.
Percipio (Skillsoft) CompTIA Cybersecurity Analyst
(CySA+) CS0-002 Questions and Correct Answers |
Latest Update
Which one of the following objectives is not one of the three main
objectives that information security professionals must achieve to
protect their organizations against cybersecurity threats?
A. Integrity
B. Nonrepudiation
Assignment Expert
C. Availability
D. Confidentiality
Guru01 - Stuvia
Ans: Answer: B - Nonrepudiation
The three primary objectives of cybersecurity professionals are
2026
confidentiality, integrity, and availability.
Tommy is assessing the security of several database servers in his
©
datacenter and realizes that one of them is missing a critical Oracle
security patch. What type of situation has Tommy detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat
Ans: Answer: B - Vulnerability
In this scenario, Tommy identified a deficiency in the security of his web
server that renders it vulnerable to attack. This is a security
vulnerability. Tommy has not yet identified a specific risk because he has
, 2 for specific request mail
not identified a threat (such as a hacker) that might exploit this
vulnerability.
Ben is preparing to conduct a cybersecurity risk assessment for his
organization. If he chooses to follow the standard process proposed by
NIST, which one of the following steps would come first?
A. Determine likelihood
B. Determine impact
C. Identify threats
Assignment Expert
D. Identify vulnerabilities
Guru01 - Stuvia
Ans: Answer: C - Identify threats
The NIST risk assessment process says that organizations should identify
threats before identifying vulnerabilities or determining the likelihood
and impact of risks.
2026
Cindy is conducting a cybersecurity risk assessment and is considering
©
the impact that a failure of her city's power grid might have on the
organization. What type of threat is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Ans: Answer: D - Environmental
Widespread infrastructure failures, such as those affecting the power grid
or telecommunications circuits, are considered man-made disasters and
fall under the category of environmental threats.
, 3 for specific request mail
Which one of the following categories of threat requires that
cybersecurity analysts consider the capability, intent, and targeting of
the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Ans: Answer: A - Adversarial
Assignment Expert
Adversarial threat analysis requires examining the capability of the threat
Guru01 - Stuvia
source, the intent of the threat source, and the likelihood that the threat
will target the organization.
Vincent is responding to a security incident that compromised one of his
organization's web servers. He does not believe that the attackers
2026
modified or stole any information, but they did disrupt access to the
organization's website. What cybersecurity objective did this attack
©
violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
Ans: Answer: D - Availability
In an availability attack, the attacker disrupts access to information or a
service by legitimate users. In this attack, the attacker disrupted access
to the organization's website, violating the principle of availability.
, 4 for specific request mail
Which one of the following is an example of an operational security
control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests
Ans: Answer: D - Penetration tests
Assignment Expert
Penetration tests are an example of an operational security control.
Encryption software, network firewalls, and antivirus software are all
Guru01 - Stuvia
examples of technical security controls.
Paul recently completed a risk assessment and determined that his
network was vulnerable to hackers connecting to open ports on servers.
He implemented a network firewall to reduce the likelihood of a
2026
successful attack. What risk management strategy did Paul choose to
pursue?
©
A. Risk mitigation
B. Risk avoidance
C. Risk transference
D. Risk acceptance
Ans: Answer: A - Risk mitigation
Any action that an organization takes to reduce the likelihood or impact
of a risk is an example of risk mitigation. In this case, Paul chose to
implement a technical control—a network firewall—to mitigate the
likelihood of a successful attack.
