1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 181:

    A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types `history' into the prompt, and sees this line of code in the latest bash history:

    This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?

    A. Performed a ping sweep of the Class C network.
    B. Performed a half open SYB scan on the network.
    C. Sent 255 ping packets to each host on the network.
    D. Sequentially sent an ICMP echo reply to the Class C network.

  • Question 182:

    Which of the following policies BEST explains the purpose of a data ownership policy?

    A. The policy should describe the roles and responsibilities between users and managers, and the management of specific data types.
    B. The policy should establish the protocol for retaining information types based on regulatory or business needs.
    C. The policy should document practices that users must adhere to in order to access data on the corporate network or Internet.
    D. The policy should outline the organization's administration of accounts for authorized users to access the appropriate data.

  • Question 183:

    A forensic analyst took an image of a workstation that was involved in an incident To BEST ensure the image is not tampered with me analyst should use:

    A. hashing
    B. backup tapes
    C. a legal hold
    D. chain of custody.

  • Question 184:

    A Chief Executive Officer (CEO) wants to implement BYOD in the environment. Which of the following options should the security analyst suggest to protect corporate data on these devices? (Choose two.)

    A. Disable VPN connectivity on the device.
    B. Disable Bluetooth on the device.
    C. Disable near-field communication on the device.
    D. Enable MDM/MAM capabilities.
    E. Enable email services on the device.
    F. Enable encryption on all devices.

  • Question 185:

    Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

    A. Co-hosted application
    B. Transitive trust
    C. Mutually exclusive access
    D. Dual authentication

  • Question 186:

    A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.

    The security administrator notices that the new application uses a port typically monopolized by a virus.

    The security administrator denies the request and suggests a new port or service be used to complete the application's task.

    Which of the following is the security administrator practicing in this example?

    A. Explicit deny
    B. Port security
    C. Access control lists
    D. Implicit deny

  • Question 187:

    During a recent audit, there were a lot of findings similar to and including the following:

    Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?

    A. Use an automated patch management solution.
    B. Remove the affected software programs from the servers.
    C. Run Microsoft Baseline Security Analyzer on all of the servers.
    D. Schedule regular vulnerability scans for all servers on the network.

  • Question 188:

    A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository Which of the following will ensure the application is valid?

    A. Ask the user to refresh the existing definition file for the antivirus software
    B. Perform a malware scan on the file in the internal repository
    C. Hash the application's installation file and compare it to the hash provided by the vendor
    D. Remove the user's system from the network to avoid collateral contamination

  • Question 189:

    During a routine review of service restarts a security analyst observes the following in a server log:

    Which of the following is the GREATEST security concern?

    A. The daemon's binary was AChanged
    B. Four consecutive days of monitoring are skipped in the tog
    C. The process identifiers for the running service change
    D. The PIDs are continuously changing

  • Question 190:

    A security analyst is reviewing IDS logs and notices the following entry:

    Which of the following attacks is occurring?

    A. Cross-site scripting
    B. Header manipulation
    C. SQL injection
    D. XML injection

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.