1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 491:

    While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user. Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins.

    Which of the following are the BEST actions the analyst can take to stop any further compromise? (Choose two.)

    A. Add a rule on the affected system to block access to port TCP/22.
    B. Reset the passwords for all accounts on the affected system.
    C. Add a rule on the perimeter firewall to block the source IP address.
    D. Configure /etc/sshd_config to deny root logins and restart the SSHD service.
    E. Configure /etc/passwd to deny root logins and restart the SSHD service.
    F. Add a rule on the network IPS to block SSH user sessions.

  • Question 492:

    Which of the following utilities could be used to resolve an IP address to a domain name, assuming the address has a PTR record?

    A. ifconfig
    B. ping
    C. arp
    D. nbtstat

  • Question 493:

    A security analyst is reviewing a suspected phishing campaign that has targeted an organisation. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working. The analyst runs the following command:

    > dig domain._domainkey.comptia.orq TXT

    Which of the following email protection technologies is the analyst MOST likely validating?

    A. SPF
    B. DNSSEC
    C. DMARC
    D. DKIM

  • Question 494:

    The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?

    A. Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
    B. Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
    C. Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.
    D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

  • Question 495:

    A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

    A. A TXT record on the name server for SPF
    B. DNSSEC keys to secure replication
    C. Domain Keys identified Man
    D. A sandbox to check incoming mad

  • Question 496:

    The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server. The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that support them. Which of the following meets the criteria?

    A. OWASP
    B. SANS
    C. PHP
    D. Ajax

  • Question 497:

    A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

    A. SLA for system uptime.
    B. DLP procedures.
    C. logging and monitoring capabilities.
    D. data protection capabilities.

  • Question 498:

    A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the MOST appropriate product category for this purpose?

    A. SCAP
    B. SOAR
    C. UEBA
    D. WAF

  • Question 499:

    A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform?

    A. Continue monitoring critical systems.
    B. Shut down all server interfaces.
    C. Inform management of the incident.
    D. Inform users regarding the affected systems.

  • Question 500:

    A system administrator has reviewed the following output: Which of the following can a system administrator infer from the above output?

    A. The company email server is running a non-standard port.
    B. The company email server has been compromised.
    C. The company is running a vulnerable SSH server.
    D. The company web server has been compromised.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.