1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 521:

    A security analyst is reviewing the following requirements (or new time clocks that will be installed in a shipping warehouse:

    1.

    The clocks must be configured so they do not respond to ARP broadcasts.

    2.

    The server must be configured with static ARP entries for each clock.

    Which of the following types of attacks will this configuration mitigate?

    A. Spoofing
    B. Overflows
    C. Rootkits
    D. Sniffing

  • Question 522:

    A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate web server. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the web server. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BEST describes the type of threat being used?

    A. APT
    B. Zero-day attack
    C. Man-in-the-middle attack
    D. XSS

  • Question 523:

    A cybersecurity analyst develops a regular expression to find data within traffic that will alarm on a hit.

    The SIEM alarms on seeing this data in cleartext between the web server and the database server.

    Which of the following types of data would the analyst MOST likely to be concerned with, and to which type of data classification does it belong?

    A. Credit card numbers that are PCI
    B. Social security numbers that are PHI
    C. Credit card numbers that are PII
    D. Social security numbers that are PII

  • Question 524:

    A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step the company should take to ensure any future issues are remediated?

    A. Require support teams to develop a corrective control that ensures security failures are addressed once they are identified.
    B. Require support teams to develop a preventive control that ensures new systems are built with the required security configurations.
    C. Require support teams to develop a detective control that ensures they continuously assess systems for configuration errors.
    D. Require support teams to develop a managerial control that ensures systems have a documented configuration baseline.

  • Question 525:

    A vulnerability scan returned the following results for a web server that hosts multiple wiki sites:

    Apache-HTTPD-cve-2014-023: Apache HTTPD: mod_cgid denial of service CVE-2014-0231

    Due to a flaw found in mog_cgid, a server using mod_cgid to host CGI scripts could be vulnerable to a DoS attack caused by a remote attacker who is exploiting a weakness in non-standard input, causing processes to hang indefinitely.

    The security analyst has confirmed the server hosts standard CGI scripts for the wiki sites, does not have mod_cgid installed, is running Apache 2.2.22, and is not behind a WAF. The server is located in the DMZ, and the purpose of the server is to allow customers to add entries into a publicly accessible database.

    Which of the following would be the MOST efficient way to address this finding?

    A. Place the server behind a WAF to prevent DoS attacks from occurring.
    B. Document the finding as a false positive.
    C. Upgrade to the newest version of Apache.
    D. Disable the HTTP service and use only HTTPS to access the server.

  • Question 526:

    An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use?

    A. tcpdump
    B. ftp ftp.server
    C. nmap
    D. telnet ftp.server 21

  • Question 527:

    Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:

    tftp -I 10.1.1.1 GET fourthquarterreport.xls

    Which of the following is the BEST course of action?

    A. Continue to monitor the situation using tools to scan for known exploits.
    B. Implement an ACL on the perimeter firewall to prevent data exfiltration.
    C. Follow the incident response procedure associate with the loss of business critical data.
    D. Determine if any credit card information is contained on the server containing the financials.

  • Question 528:

    An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

    Which of the following should be the focus of the investigation?

    A. webserver.org-dmz.org
    B. sftp.org-dmz.org
    C. 83hht23.org-int.org
    D. ftps.bluemed.net

  • Question 529:

    In response to a potentially malicious email that was sent to the Chief Financial Officer (CFO), an analyst reviews the logs and identifies a questionable attachment using a hash comparison. The logs also indicate the attachment was already opened. Which of the following should the analyst do NEXT?

    A. Create a sinkhole to block the originating server.
    B. Utilize the EDR platform to isolate the CFO's machine.
    C. Perform malware analysis on the attachment.
    D. Reimage the CFO's laptop.

  • Question 530:

    Which of the following describes why it is important to include scope within the rules of engagement of a penetration test?

    A. To ensure the network segment being tested has been properly secured
    B. To ensure servers are not impacted and service is not degraded
    C. To ensure all systems being scanned are owned by the company
    D. To ensure sensitive hosts are not scanned

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.