1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 221:

    Which of the following threat classifications would MOST likely use polymorphic code?

    A. Known threat
    B. Zero-day threat
    C. Unknown threat
    D. Advanced persistent threat

  • Question 222:

    An analyst was investigating the attack that took place on the network. A user was able to access the system without proper authentication. Which of the following will the analyst recommend, related to management approaches, in order to control access? (Choose three.)

    A. RBAC
    B. LEAP
    C. DAC
    D. PEAP
    E. MAC
    F. SCAP
    G. BCP

  • Question 223:

    An organization has recently found some of its sensitive information posted to a social media site. An investigation has identified large volumes of data leaving the network with the source traced back to host 192.168.1.13. An analyst performed a targeted Nmap scan of this host with the results shown below:

    Subsequent investigation has allowed the organization to conclude that all of the well-known, standard ports are secure. Which of the following services is the problem?

    A. winHelper
    B. ssh
    C. rpcbind
    D. timbuktu-serv1
    E. mysql

  • Question 224:

    Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

    A. Human resources
    B. Public relations
    C. Marketing
    D. Internal network operations center

  • Question 225:

    The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router. The company currently uses the same device mentioned in the threat report. Which of the following configuration changes would BEST improve the organization's security posture?

    A. Implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability
    B. Implement an IDS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability
    C. Implement an IPS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability
    D. Implement an IDS rule that contains content for the malware variant and patch the routers to protect against the vulnerability

  • Question 226:

    A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default. Which of the following is the BEST course of action?

    A. Follow the incident response plan for the introduction of new accounts
    B. Disable the user accounts
    C. Remove the accounts' access privileges to the sensitive application
    D. Monitor the outbound traffic from the application for signs of data exfiltration
    E. Confirm the accounts are valid and ensure role-based permissions are appropriate

  • Question 227:

    A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)

    A. Inappropriate data classifications
    B. SLAs with the supporting vendor
    C. Business process interruption
    D. Required sandbox testing
    E. Incomplete asset inventory

  • Question 228:

    Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".

    The administrator observed the following about the three servers:

    1.

    The servers are not accessible by the Internet

    2.

    AV programs indicate the servers have had malware as recently as two weeks ago

    3.

    The SIEM shows unusual traffic in the last 20 days

    4.

    Integrity validation of system files indicates unauthorized modifications

    Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).

    A. Servers may have been built inconsistently
    B. Servers may be generating false positives via the SIEM
    C. Servers may have been tampered with
    D. Activate the incident response plan
    E. Immediately rebuild servers from known good configurations
    F. Schedule recurring vulnerability scans on the servers

  • Question 229:

    An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?

    A. Configure a script to automatically update the scanning tool.
    B. Manually validate that the existing update is being performed.
    C. Test vulnerability remediation in a sandbox before deploying.
    D. Configure vulnerability scans to run in credentialed mode.

  • Question 230:

    A security analyst received an email with the following key: Xj3XJ3LLc

    A second security analyst received an email with following key: 3XJ3xjcLLC

    The security manager has informed the two analysts that the email they received is a key that allows access to the company's financial segment for maintenance. This is an example of:

    A. dual control
    B. private key encryption
    C. separation of duties
    D. public key encryption
    E. two-factor authentication

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.