Search
CompTIA CySA+ is a hot one of CompTIA certifications. CompTIA CySA+ applies behavioral analytics to networks to improve the overall state of security through identifying and combating malware and advanced persistent threats (APTs), resulting in an enhanced threat visibility across a broad attack surface. CS0-001 and CS0-002 exams are related tests for CompTIA CySA+ certification. CS0-001 exam English language will be retired on October 21, 2020. Let me show you the differences between CompTIA CS0-001 and CS0-002 exams.
CompTIA CySA+ CS0-001 exam verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization.
CompTIA CySA+ CS0-002 exam verifies that successful candidates have the knowledge and skills required to leverage intelligence and threat detection techniques, analyze and interpret data, identify and address vulnerabilities, suggest preventative measures, and effectively respond to and recover from incidents.
| CS0-001 Exam Topics | CS0-002 Exam Topics |
1.0 Threat Management 27% 2.0 Vulnerability Management 26% 3.0 Cyber Incident Response 23% 4.0 Security Architecture and Tool Sets 24% |
1.0 Threat and Vulnerability Management 22% 2.0 Software and Systems Security 18% 3.0 Security Operations and Monitoring 25% 4.0 Incident Response 22% 5.0 Compliance and Assessment 13% |
CompTIA CySA+ CS0-002 Real Exam Questions
1.A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?
A. Development of a hypothesis as part of threat hunting
B. Log correlation, monitoring, and automated reporting through a SIEM platform
C. Continuous compliance monitoring using SCAP dashboards
D. Quarterly vulnerability scanning using credentialed scans
Answer: A
2.While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.To provide the MOST secure access model in this scenario, the jumpbox should be __________.
A. placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
B. placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
C. bridged between the IT and operational technology networks to allow authenticated access.
D. placed on the IT side of the network, authenticated, and tunneled into the ICS environment.
Answer: A
