1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 571:

    The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

    Locky.js xerty.ini xerty.lib

    Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

    A. Disable access to the company VPN.
    B. Move the files from the NAS to a cloud-based storage solution.
    C. Set permissions on file shares to read-only.
    D. Add the URL included in the .js file to the company's web proxy filter.

  • Question 572:

    A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings. Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

    A. Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.
    B. Incorporate prioritization levels into the remediation process and address critical findings first.
    C. Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.
    D. Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

  • Question 573:

    A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization's internal and external network infrastructure. As part of the project, a team of external

    contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication

    weaknesses in the infrastructure.

    The scope of activity as described in the statement of work is an example of:

    A. session hijacking
    B. vulnerability scanning
    C. social engineering
    D. penetration testing
    E. friendly DoS

  • Question 574:

    Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?

    A. Encryption
    B. Data loss prevention
    C. Data masking
    D. Digital rights management
    E. Access control

  • Question 575:

    A security analyst needs to obtain the footprint of the network. The footprint must identify the following information:

    1.

    TCP and UDP services running on a targeted system

    2.

    Types of operating systems and versions

    3.

    Specific applications and versions

    Which of the following tools should the analyst use to obtain the data?

    A. Prowler
    B. Nmap
    C. Reaver
    D. ZAP

  • Question 576:

    A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month. The affected servers are virtual machines

    Which of the following is the BEST course of action?

    A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report
    B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
    C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate
    D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.

  • Question 577:

    A security analyst is monitoring authentication exchanges over the company's wireless network. A sample of the Wireshark output is shown below:

    Which of the following would improve the security posture of the wireless network?

    A. Using PEAP instead of LEAP
    B. Using SSL 2.0 instead of TLSv1.1
    C. using aspx instead of .jsp
    D. Using UDP instead of TCP

  • Question 578:

    During a company's most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following:

    The development team used a new software language that was not supported by the security team's automated assessment tools.

    During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected. The current IPS did not have effective

    signatures and policies in place to detect and prevent runtime attacks on the new application.

    To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

    A. Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed
    B. Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically
    C. Contact the human resources department to hire new security team members who are already familiar with the new language
    D. Run the software on isolated systems so when they are compromised, the attacker cannot pivot to adjacent systems
    E. Instruct only the development team to document the remediation steps for this vulnerability
    F. Outsource development and hosting of the applications in the new language to a third-party vendor so the risk is transferred to that provider

  • Question 579:

    A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities?

    A. Update the IPS and IDS with the latest rule sets from the provider.
    B. Create an automated script to update the IPS and IDS rule sets.
    C. Use an automated subscription to select threat feeds for IDS.
    D. Implement an automated malware solution on the IPS.

  • Question 580:

    An organization has a strict policy that if elevated permissions are needed, users should always run commands under their own account, with temporary administrator privileges if necessary. A security analyst is reviewing syslog entries and sees the following:

    Which of the following entries should cause the analyst the MOST concern?

    A. 2 2020-01-10T19:33:41.002z webserver su 201 32001 = BOM ' su vi httpd.conf' failed for joe
    B. 2 2020-01-10T20:36:36.0010z financeserver su 201 32001 = BOM ' sudo vi users.txt success
    C. 2020-01-10T19:33:48.002z webserver sudo 201 32001 = BOM ' su vi syslog.conf failed for jos
    D. 2020-01-10T19:34..002z financeserver su 201 32001 = BOM ' su vi success
    E. 2020-01-10T19:33:48.002z webserver sudo 201 32001 = BOM ' su vi httpd.conf' success

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.