1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 391:

    Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client's company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

    A. Enumeration and OS fingerprinting
    B. Email harvesting and host scanning
    C. Social media profiling and phishing
    D. Network and host scanning

  • Question 392:

    The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

    A. OSSIM
    B. SDLC
    C. SANS
    D. ISO

  • Question 393:

    A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics. cloned the hard drive, and took the hard drive home for further analysis. Which of the following of the security analyst violate?

    A. Cloning procedures
    B. Chain of custody
    C. Hashing procedures
    D. Virtualization

  • Question 394:

    The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

    Which of the following should the organization consider investing in FIRST due to the potential impact of availability?

    A. Hire a managed service provider to help with vulnerability management
    B. Build a warm site in case of system outages
    C. Invest in a failover and redundant system, as necessary
    D. Hire additional staff for the IT department to assist with vulnerability management and log review

  • Question 395:

    The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.

    Which of the following actions should the analyst take?

    A. Reschedule the automated patching to occur during business hours.
    B. Monitor the web application service for abnormal bandwidth consumption.
    C. Create an incident ticket for anomalous activity.
    D. Monitor the web application for service interruptions caused from the patching.

  • Question 396:

    A systems administrator believes a user's workstation has been compromised. The workstation's performance has been lagging significantly for the past several hours. The administrator runs the task list

    / v command and receives the following output:

    Which of the following should a security analyst recognize as an indicator of compromise?

    A. dwm.exe being executed under the user context
    B. The high usage of vscode. exe * 32
    C. The abnormal behavior of paint.exe
    D. svchost.exe being executed as SYSTEM

  • Question 397:

    During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform NEXT to ensure the data integrity of the evidence?

    A. Generate hashes for each file from the hard drive.
    B. Create a chain of custody document.
    C. Determine a timeline of events using correct time synchronization.
    D. Keep the cloned hard drive in a safe place.

  • Question 398:

    An analyst receives artifacts from a recent Intrusion and is able to pull a domain, IP address, email address, and software version. When of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

    A. Infrastructure
    B. Capabilities
    C. Adversary
    D. Victims

  • Question 399:

    A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the

    future.

    Which of the following would be the BEST solution to recommend to the director?

    A. Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.
    B. Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle data. Train all human resources employees.
    C. Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.
    D. Install specific equipment to create a human resources policy that protects PII data. Train company employees on how to handle PII data. Outsource all PII to another company. Send the human resources director to training for PII handling.

  • Question 400:

    A team of network security analysts is examining network traffic to determine if sensitive data was exfitrated Upon further investigation, the analysts believe confidential data was compromised. Which of me following capattlnes would BEST defend against tnts type of sensitive data eifiitraUon?

    A. Deploy an edge firewal.
    B. Implement DLP
    C. Deploy EDR.
    D. Enaypi the hard drives

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.