1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 651:

    A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement?

    A. Self-service password reset
    B. Single sign-on
    C. Context-based authentication
    D. Password complexity

  • Question 652:

    A cybersecurity analyst is currently auditing a new Active Directory server for compliance. The analyst uses Nessus to do the initial scan, and Nessus reports the following:

    Which of the following critical vulnerabilities has the analyst discovered?

    A. Known backdoor
    B. Zero-day
    C. Path disclosure
    D. User enumeration

  • Question 653:

    The Chief Information Security Officer (CISO) has asked the security analyst to examine abnormally high processor utilization on a key server. The output below is from the company's research and development (RandD) server.

    Which of the following actions should the security analyst take FIRST?

    A. Initiate an investigation
    B. Isolate the RandD server
    C. Reimage the server
    D. Determine availability

  • Question 654:

    A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?

    A. Create a full disk image of the server's hard drive to look for the file containing the malware.
    B. Run a manual antivirus scan on the machine to look for known malicious software.
    C. Take a memory snapshot of the machine to capture volatile information stored in memory.
    D. Start packet capturing to look for traffic that could be indicative of command and control from the miner.

  • Question 655:

    An analyst received an alert regarding an application spawning a suspicious command shell process. Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:

    Which of the following was the suspicious event able to accomplish?

    A. Impair defenses.
    B. Establish persistence.
    C. Bypass file access controls.
    D. Implement beaconing.

  • Question 656:

    Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely prevented this incident?

    A. SSO
    B. DLP
    C. WAF
    D. VDI

  • Question 657:

    As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?

    A. Organizational policies
    B. Vendor requirements and contracts
    C. Service-level agreements
    D. Legal requirements

  • Question 658:

    A threat intelligence analyst who works for a technology firm received this report from a vendor.

    "There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is RandD data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector."

    Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

    A. Polymorphic malware and secure code analysis
    B. Insider threat and indicator analysis
    C. APT and behavioral analysis
    D. Ransomware and encryption

  • Question 659:

    A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output.

    Which of the following commands should the administrator run NEXT to further analyze the compromised system?

    A. strace /proc/1301
    B. rpm -V openash-server
    C. /bin/la -1 /proc/1301/exe
    D. kill -9 1301

  • Question 660:

    Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night.

    Which of the following actions should the analyst take NEXT?

    A. Disable the privileged account.
    B. Initiate the incident response plan.
    C. Report the discrepancy to human resources.
    D. Review the activity with the user.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.