1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 91:

    A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists. The analyst uses the following snippet of code:

    Which of the following vulnerabilities is the analyst checking for?

    A. Buffer overflow
    B. SQL injection C. Default passwords
    D. Format string attack

  • Question 92:

    A security analyst is reviewing the event logs on an air-gapped workstation. The analyst knows the system is used regularly for classified work. Additionally, the analyst knows multiple users locked themselves out and required a password reset. When reviewing the logs, the security analyst is surprised to see that these incidents were not recorded in the logs. Which of the following is the best remediation for this issue?

    A. Modify the local group policy to use advanced logging.
    B. Install third-party software to log the events remotely.
    C. Require users to log a trouble ticket when failures occur.
    D. Ensure the analyst has the correct permissions to view the logs.

  • Question 93:

    A cybersecurity analyst was asked to review several results of web vulnerability scan logs. Given the following snippet of code:

    Which of the following BEST describes the situation and recommendations to be made?

    A. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The code should include the domain name. Recommend the entry be updated with the domain name.
    B. The security analyst has discovered an embedded iframe that is hidden from users accessing the web page. This code is correct. This is a design preference, and no vulnerabilities are present.
    C. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The link is hidden and suspicious. Recommend the entry be removed from the web page.
    D. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. Recommend making the iframe visible. Fixing the code will correct the issue.

  • Question 94:

    An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company

    Which of the following technical controls would BEST accomplish this goal?

    A. DLP
    B. Encryption
    C. Data masking
    D. SPF

  • Question 95:

    Which of the following is MOST closely related to the concept of privacy?

    A. An individual's control over personal information
    B. A policy implementing strong identity management processes
    C. A system's ability to protect the confidentiality of sensitive information
    D. The implementation of confidentiality, integrity, and availability

  • Question 96:

    As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back

    up and match their gold image. If they find any inconsistencies, they must formally document the information.

    Which of the following BEST describes this test?

    A. Walk through
    B. Full interruption
    C. Simulation
    D. Parallel

  • Question 97:

    A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are MOST volatile and should be preserved? (Choose two.)

    A. Memory cache
    B. Registry file
    C. SSD storage
    D. Temporary filesystems
    E. Packet decoding
    F. Swap volume

  • Question 98:

    A company's modem response team is handling a threat that was identified on the network Security analysts have as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?

    A. Quarantine the web server
    B. Deploy virtual firewalls
    C. Capture a forensic image of the memory and disk
    D. Enable web server containerization

  • Question 99:

    An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.

    The output from a recent Apache web server scan is shown below:

    The team performs some investigation and finds this statement from Apache on 07/02/2008:

    "Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"

    Which of the following conditions would require the team to perform remediation on this finding?

    A. The organization is running version 2.2.6 and has ExtendedStatus enabled
    B. The organization is running version 2.0.59 is not using a public-server-status page
    C. The organization is running version 1.3.39 and is using a public-server-status page
    D. The organization is running version 2.0.5 and has ExtendedStatus enabled

  • Question 100:

    An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented. Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

    A. Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.
    B. Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.
    C. Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.
    D. Create three separate cloud accounts for each environment and a single core account for network services. Route all traffic through the core account.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.