1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 461:

    A financial organization has offices located globally. Per the organization's policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization's data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

    A. Implement a mobile device wiping solution for use if a device is lost or stolen.
    B. Install a DLP solution to track data now
    C. Install an encryption solution on all mobile devices.
    D. Train employees to report a lost or stolen laptop to the security department immediately

  • Question 462:

    Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).

    A. Schedule
    B. Authorization
    C. List of system administrators
    D. Payment terms
    E. Business justification

  • Question 463:

    Which of the following activities is designed to handle a control failure that leads to a breach?

    A. Risk assessment
    B. Incident management
    C. Root cause analysis
    D. Vulnerability management

  • Question 464:

    A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

    A. Install agents on the endpoints to perform the scan
    B. Provide each endpoint with vulnerability scanner credentials
    C. Encrypt all of the traffic between the scanner and the endpoint
    D. Deploy scanners with administrator privileges on each endpoint

  • Question 465:

    After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

    A. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
    B. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
    C. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
    D. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer

  • Question 466:

    A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet. Which of the following solutions would meet this requirement?

    A. Establish a hosted SSO.
    B. Implement a CASB.
    C. Virtualize the server.
    D. Air gap the server.

  • Question 467:

    A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

    Which of the following processes will the security analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

    A. Chrome.exe
    B. Word.exe
    C. Explorer.exe
    D. mstsc.exe
    E. taskmgr.exe

  • Question 468:

    A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment. Which of the following would BEST indicate a running container has been compromised?

    A. A container from an approved software image has drifted
    B. An approved software orchestration container is running with root privileges
    C. A container from an approved software image has stopped responding
    D. A container from an approved software image fails to start

  • Question 469:

    A list of vulnerabilities has been reported in a company's most recent scan of a server. The security analyst must review the vulnerabilities and decide which ones should be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the following vulnerabilities should the analyst remediate FIRST?

    A. The analyst should remediate https (443/tcp) first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linux w/ mod_fastcgi.
    B. The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain a shell on this host or disable this server.
    C. The analyst should remediate imaps (993/tcp) first. The SSLv2 suite offers five strong ciphers and two weak "export class" ciphers.
    D. The analyst should remediate ftp (21/tcp) first. An outdated version of FTP is running on this port. If it is not in use, it should be disabled.

  • Question 470:

    A Chief Information Security Officer (CISO) needs to ensure that a laptop image remains unchanged and can be verified before authorizing the deployment of the image to 4000 laptops. Which of the following tools would be appropriate to use in this case?

    A. MSBA
    B. SHA1sum
    C. FIM
    D. DLP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.