1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 581:

    A server contains baseline images that are deployed to sensitive workstations on a regular basis. The images are evaluated once per month for patching and other fixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?

    A. Install and configure a file integrity monitoring tool on the server and allow updates to the images each month.
    B. Schedule vulnerability scans of the server at least once per month before the images are updated.
    C. Require the use of two-factor authentication for any administrator or user who needs to connect to the server.
    D. Install a honeypot to identify any attacks before the baseline images can be compromised.

  • Question 582:

    A security analyst has discovered trial developers have installed browsers on all development servers in the company's cloud infrastructure and are using them to browse the Internet.

    Which of the following changes should the security analyst make to BEST protect the environment?

    A. Create a security rule that blocks Internet access in the development VPC
    B. Place a jumpbox m between the developers' workstations and the development VPC
    C. Remove the administrator profile from the developer user group in identity and access management
    D. Create an alert that is triggered when a developer installs an application on a server

  • Question 583:

    After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

    A. privilege escalation.
    B. advanced persistent threat.
    C. malicious insider threat.
    D. spear phishing.

  • Question 584:

    An organization has several system that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

    A. Use SSO across all applications
    B. Perform a manual privilege review
    C. Adjust the current monitoring and logging rules
    D. Implement multifactor authentication

  • Question 585:

    NOTE: Question IP must be 192.168.192.123

    During a network reconnaissance engagement, a penetration tester was given perimeter firewall ACLs to accelerate the scanning process. The penetration tester has decided to concentrate on trying to brute force log in to destination IP address 192.168.192.132 via secure shell.

    Given a source IP address of 10.10.10.30, which of the following ACLs will permit this access?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 586:

    A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integration intelligence into hunt operations?

    A. It enables the team to prioritize the focus area and tactics within the company's environment.
    B. It provide critically analyses for key enterprise servers and services.
    C. It allow analysis to receive updates on newly discovered software vulnerabilities.
    D. It supports rapid response and recovery during and followed an incident.

  • Question 587:

    An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use.

    Which of the following is the BEST option?

    A. Require all remote employees to sign an NDA
    B. Enforce geofencmg to limit data accessibility
    C. Require users to change their passwords more frequently
    D. Update the AUP to restrict data sharing

  • Question 588:

    A Linux-based file encryption malware was recently discovered in the wild. Prior to running the malware on a preconfigured sandbox to analyze its behavior, a security professional executes the following command:

    umount -a -t cifs,nfs

    Which of the following is the main reason for executing the above command?

    A. To ensure the malware is memory bound.
    B. To limit the malware's reach to the local host.
    C. To back up critical files across the network
    D. To test if the malware affects remote systems

  • Question 589:

    A large company wants to address frequent outages on critical systems with a secure configurations program. The Chief Information Security Officer (CISO) has asked the analysts to conduct research and make recommendations for a cost-effective solution with the least amount of disruption to the business. Which of the following would be the best way to achieve these goals?

    A. Adopt the CIS security controls as a framework, apply configurations to all assets, and then notify asset owners of the change.
    B. Coordinate with asset owners to assess the impact of the CIS critical security controls, perform testing, and then implement across the enterprise.
    C. Recommend multiple security controls depending on business unit needs, and then apply configurations according to the organization's risk tolerance.
    D. Ask asset owners which configurations they would like, compile the responses, and then present all options to the CISO for approval to implement.

  • Question 590:

    A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

    Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

    A. PC1
    B. PC2
    C. Server1
    D. Server2
    E. Firewall

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.