1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 341:

    An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

    A. Honeypot
    B. Jump box
    C. Sandboxing
    D. Virtualization

  • Question 342:

    Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization's workstation devices?

    A. Remove local administrator privileges.
    B. Configure a BIOS-level password on the device.
    C. Install a secondary virus protection application.
    D. Enforce a system state recovery after each device reboot.

  • Question 343:

    A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?

    A. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
    B. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
    C. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
    D. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.

  • Question 344:

    An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

    A. Resetting the phone to factory settings
    B. Rebooting the phone and installing the latest security updates
    C. Documenting the respective chain of custody
    D. Uninstalling any potentially unwanted programs
    E. Performing a memory dump of the mobile device for analysis
    F. Unlocking the device by blowing the eFuse

  • Question 345:

    An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following:

    The source of the breach is linked to an IP located in a foreign country. The breach is isolated to the research and development servers. The hash values of the data before and after the breach are unchanged. The affected servers were

    regularly patched, and a recent scan showed no vulnerabilities.

    Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)

    A. The confidentiality of the data is unaffected.
    B. The threat is an APT.
    C. The source IP of the threat has been spoofed.
    D. The integrity of the data is unaffected.
    E. The threat is an insider.

  • Question 346:

    In SIEM software, a security analysis selected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers.

    Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

    A. Fully segregate the affected servers physically in a network segment, apart from the production network.
    B. Collect the network traffic during the day to understand if the same activity is also occurring during business hours
    C. Check the hash signatures, comparing them with malware databases to verify if the files are infected.
    D. Collect all the files that have changed and compare them with the previous baseline

  • Question 347:

    During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

    A. Static code analysis
    B. Peer review code
    C. Input validation
    D. Application fuzzing

  • Question 348:

    A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Which of the following will reduce the number of false negatives?

    A. Increase scan frequency.
    B. Perform credentialed scans.
    C. Update the security incident response plan.
    D. Reconfigure scanner to brute force mechanisms.

  • Question 349:

    A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showing susceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which of the following vulnerability management processes should be implemented?

    A. Frequent server scanning
    B. Automated report generation
    C. Group policy modification
    D. Regular patch application

  • Question 350:

    A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with which the security analyst should comply?

    A. Security operations privacy law
    B. Export restrictions
    C. Non-disclosure agreements
    D. Incident response forms

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.