1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 401:

    A security analyst needs to acquire an image of a whole partition from a server in order to perform a forensic analysis. The server must be available while this is being performed. Which of the following procedures will acquire the image and ensure server availability?

    A. Unplug the server's hard drive and then plug it into a forensic station to perform the full disk-cloning procedure.
    B. Store the evidence that is collected on the server's hard drive until it can be transferred to a NAS.
    C. Run robocopy to copy the partition contents to a USB drive
    D. Run dd to send the output through the network using netcat to a remote station.

  • Question 402:

    An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

    A. A simulated breach scenario involving the incident response team
    B. Completion of annual information security awareness training by all employees
    C. Tabletop activities involving business continuity team members
    D. Completion of lessons-learned documentation by the computer security incident response team
    E. External and internal penetration testing by a third party

  • Question 403:

    A company requests a security assessment of its network. Permission is given, but no details are provided. It is discovered that the company has a web presence, and the company's IP address is 70.182.11.4. Which of the following Nmap commands would reveal common open ports and their versions?

    A. nmap - oV
    B. nmap -vO
    C. nmap -sv

  • Question 404:

    A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

    A. jailbreaking.
    B. cracking.
    C. hashing.
    D. fuzzing.

  • Question 405:

    Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?

    A. H-ISAC
    B. Dental forums
    C. Open threat exchange
    D. Dark web chatter

  • Question 406:

    A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

    Which of the following should the analyst review to find out how the data was exfilltrated?

    A. Monday's logs
    B. Tuesday's logs
    C. Wednesday's logs
    D. Thursday's logs

  • Question 407:

    A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?

    A. Wipe hard drives, reimage the systems, and return the affected systems to ready state.
    B. Detect and analyze the precursors and indicators; schedule a lessons learned meeting.
    C. Remove the malware and inappropriate materials; eradicate the incident.
    D. Perform event correlation; create a log retention policy.

  • Question 408:

    A company has monthly scheduled windows for patching servers and applying configuration changes. Out-of-window changes can be done, but they are discouraged unless absolutely necessary. The systems administrator is reviewing the weekly vulnerability scan report that was just released. Which of the following vulnerabilities should the administrator fix without waiting for the next scheduled change window?

    A. The administrator should fix dns (53/tcp). BIND `NAMED' is an open-source DNS server from ISC.org. The BIND-based NAMED server (or DNS servers) allow remote users to query for version and type information.
    B. The administrator should fix smtp (25/tcp). The remote SMTP server is insufficiently protected against relaying. This means spammers might be able to use the company's mail server to send their emails to the world.
    C. The administrator should fix http (80/tcp). An information leak occurs on Apache web servers with the UserDir module enabled, allowing an attacker to enumerate accounts by requesting access to home directories and monitoring the response.
    D. The administrator should fix http (80/tcp). The `greeting.cgi' script is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon.
    E. The administrator should fix general/tcp. The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall a company is using, an attacker may use this flaw to bypass its rules.

  • Question 409:

    A small electronics company decides to use a contractor to assist with the development of a new FPGA- based device. Several of the development phases will occur off-site at the contractor's labs.

    Which of the following is the main concern a security analyst should have with this arrangement?

    A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
    B. Moving the FPGAs between development sites will lessen the time that is available for security testing.
    C. Development phases occurring at multiple sites may produce change management issues.
    D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

  • Question 410:

    Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)

    A. COBIT
    B. NIST
    C. ISO 27000 series
    D. ITIL
    E. OWASP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.