1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 631:

    A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data. Which of the following types of data incurs the highest regulatory constraints?

    A. PHI
    B. PCI
    C. PII
    D. IP

  • Question 632:

    During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect. Which of the following is the BEST place to acquire evidence to perform data carving?

    A. The system memory
    B. The hard drive
    C. Network packets
    D. The Windows Registry

  • Question 633:

    A development team is discussing the implementation of parameterized queries to address several software vulnerabilities. Which of the following is the most likely type of vulnerability the team is trying to remediate?

    A. SQL injection
    B. CSRF
    C. On-path attack
    D. XSS

  • Question 634:

    A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a five-minute sample is included.

    Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

    A. Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.
    B. Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.
    C. Put ACLs in place to restrict traffic destined for random or non-default application ports.
    D. Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic.

  • Question 635:

    A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss? (Select THREE).

    A. Prevent users from accessing personal email and file-sharing sites via web proxy
    B. Prevent flash drives from connecting to USB ports using Group Policy
    C. Prevent users from copying data from workstation to workstation
    D. Prevent users from using roaming profiles when changing workstations
    E. Prevent Internet access on laptops unless connected to the network in the office or via VPN
    F. Prevent users from being able to use the copy and paste functions

  • Question 636:

    A security team wants to make SaaS solutions accessible from only the corporate campus.

    Which of the following would BEST accomplish this goal?

    A. Geotagging
    B. IP restrictions
    C. Reverse proxy
    D. Single sign-on

  • Question 637:

    Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.

    The access records are used to identify which staff members accessed the data center in the event of equipment theft.

    Which of the following MUST be prevented in order for this policy to be effective?

    A. Password reuse
    B. Phishing
    C. Social engineering
    D. Tailgating

  • Question 638:

    A company's security officer needs to implement geographical IP blocks for nation-state actors from a foreign country. On which of the following should the blocks be implemented?

    A. Data loss prevention
    B. Network access control
    C. Access control list
    D. Web content filter

  • Question 639:

    A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?

    A. Work backward, restoring each backup until the server is clean
    B. Restore the previous backup and scan with a live boot anti-malware scanner
    C. Stand up a new server and restore critical data from backups D. Offload the critical data to a new server and continue operations

  • Question 640:

    A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

    A. Internal management review
    B. Control assessment
    C. Tabletop exercise
    D. Peer review

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.