1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 691:

    A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities The type of vulnerability that should be disseminated FIRST is one that:

    A. enables remote code execution that is being exploited in the wild.
    B. enables data leakage but is not known to be m the environment
    C. enables lateral movement and was reported as a proof of concept
    D. affected the organization in the past but was probably contained and eradicated

  • Question 692:

    During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter:

    The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

    A. Patch and restart the unknown service.
    B. Segment and firewall the controller's network.
    C. Disable the unidentified service on the controller.
    D. Implement SNMPv3 to secure communication.
    E. Disable TCP/UDP ports 161 through 163.

  • Question 693:

    A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?

    A. Vulnerability report
    B. Memorandum of agreement
    C. Reverse-engineering incident report
    D. Lessons learned report

  • Question 694:

    Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Choose two.)

    A. COBIT
    B. NIST
    C. ISO 27000 series
    D. ITIL
    E. COSO

  • Question 695:

    Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring?

    A. Configure the DLP transport rules to provide deep content analysis.
    B. Put employees' personal email accounts on the mail server on a blocklist.
    C. Set up IPS to scan for outbound emails containing names and contact information.
    D. Use Group Policy to prevent users from copying and pasting information into emails.
    E. Move outbound emails containing names and contact information to a sandbox for further examination.

  • Question 696:

    Which of the following, BEST explains the function of TPM?

    A. To provide hardware-based security features using unique keys
    B. To ensure platform confidentiality by storing security measurements
    C. To improve management of the OS installation.
    D. To implement encryption algorithms for hard drives

  • Question 697:

    While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.

    To provide the MOST secure access model in this scenario, the jumpbox should be __________.

    A. placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
    B. placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
    C. bridged between the IT and operational technology networks to allow authenticated access.
    D. placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

  • Question 698:

    During a red team engagement, a penetration tester found a production server. Which of the following portions of the SOW should be referenced to see if the server should be part of the testing engagement?

    A. Authorization
    B. Exploitation
    C. Communication
    D. Scope

  • Question 699:

    A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network. Customers are not authorized to alter the configuration. The company deployed a software process to manage unauthorized changes to the appliance, log them, and forward them to a central repository for evaluation.

    Which of the following processes is the company using to ensure the appliance is not altered from its original configured state?

    A. CI/CD
    B. Software assurance
    C. Anti-tamper
    D. Change management

  • Question 700:

    A zero-day crypto-worm is quickly spreading through the internal network on port 25 and exploiting a software vulnerability found within the email servers.

    Which of the following countermeasures needs to be implemented as soon as possible to mitigate the worm from continuing to spread?

    A. Implement a traffic sinkhole.
    B. Block all known port/services.
    C. Isolate impacted servers.
    D. Patch affected systems.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.