1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 681:

    A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outside the company's headquarters. Which of the following presents the BEST solution to meet this goal?

    A. Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources.
    B. Open port 3389 on the firewall to the server to allow users to connect remotely.
    C. Set up a jump box for all help desk personnel to remotely access system resources.
    D. Use the company's existing web server for remote access and configure over port 8080.

  • Question 682:

    Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

    Which of the following would BEST accomplish the task assigned to the analyst?

    A. 3 [0-9]\d-2[0-9]\d-4[0-9]\d
    B. \d(3)-d(2)-\d(4)
    C. ?[3]-?[2]-?[3]
    D. \d[9] `XXX-XX-XX'

  • Question 683:

    Which of the following is a vulnerability when using Windows as a host OS for virtual machines?

    A. Windows requires frequent patching.
    B. Windows virtualized environments are typically unstable.
    C. Windows requires hundreds of open firewall ports to operate.
    D. Windows is vulnerable to the "ping of death".

  • Question 684:

    A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

    A. The security analyst should recommend this device be placed behind a WAF.
    B. The security analyst should recommend an IDS be placed on the network segment.
    C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
    D. The security analyst should recommend this device be included in regular vulnerability scans.

  • Question 685:

    An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

    A. SCADA
    B. CAN bus
    C. Modbus
    D. loT

  • Question 686:

    A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame. Which of the following is the MOST likely cause of this issue?

    A. A password-spraying attack was performed against the organization.
    B. A DDoS attack was performed against the organization.
    C. This was normal shift work activity; the SIEM's AI is learning.
    D. A credentialed external vulnerability scan was performed.

  • Question 687:

    A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?

    A. Someone has logged on to the sinkhole and is using the device.
    B. The sinkhole has begun blocking suspect or malicious traffic.
    C. The sinkhole has begun rerouting unauthorized traffic.
    D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

  • Question 688:

    Which of the following should be found within an organization's acceptable use policy?

    A. Passwords must be eight characters in length and contain at least one special character.
    B. Customer data must be handled properly, stored on company servers, and encrypted when possible
    C. Administrator accounts must be audited monthly, and inactive accounts should be removed.
    D. Consequences of violating the policy could include discipline up to and including termination.

  • Question 689:

    Which of the following BEST explains hardware root of trust?

    A. It uses the processor security extensions to protect the OS from malicious software installation.
    B. It prevents side-channel attacks that can take advantage of speculative execution vulnerabilities.
    C. It ensures the authenticity of firmware and software during the boot process until the OS is loaded.
    D. It has been implemented as a mitigation to the Spectre and Meltdown hardware vulnerabilities.

  • Question 690:

    A security analyst's daily review of system logs and SIEM showed fluctuating patterns of latency. During the analysis, the analyst discovered recent attempts of intrusion related to malware that overwrites the MBR. The facilities manager informed the analyst that a nearby construction project damaged the primary power lines, impacting the analyst's support systems. The electric company has temporarily restored power, but the area may experience temporary outages.

    Which of the following issues the analyst focus on to continue operations?

    A. Updating the ACL
    B. Conducting backups
    C. Virus scanning
    D. Additional log analysis

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.