1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 801:

    SIMULATION

    Part2: AppServ4

    You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not. The company's hardening guidelines indicate the following:

    1. TLS 1.2 is the only version of TLS running.

    2. Apache 2.4.18 or greater should be used.

    3. Only default ports should be used.

    INSTRUCTIONS

    Using the supplied data, record the status of compliance with the company's guidelines for each server. The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

    Hot Area:

  • Question 802:

    The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

    A. Peer code reviews
    B. Regression testing
    C. User acceptance testing
    D. Fuzzing
    E. Static code analysis

  • Question 803:

    During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user:

    Which of the following commands should the analyst investigate FIRST?

    A. Line 1
    B. Line 2
    C. Line 3
    D. Line 4
    E. Line 5
    F. Line 6

  • Question 804:

    Ensuring that all areas of security have the proper controls is a primary reason why organizations use:

    A. frameworks.
    B. directors and officers.
    C. incident response plans.
    D. engineering rigor.

  • Question 805:

    An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds. Which of the following can be inferred from this activity?

    A. 10.200.2.0/24 is infected with ransomware.
    B. 10.200.2.0/24 is not routable address space.
    C. 10.200.2.5 is a rogue endpoint.
    D. 10.200.2.5 is exfiltrating data.

  • Question 806:

    A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations.

    Which of the following steps in the intelligence cycle is the security analyst performing?

    A. Analysis and production
    B. Processing and exploitation
    C. Dissemination and evaluation
    D. Data collection
    E. Planning and direction

  • Question 807:

    A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap. Which of the following is the correct command to accomplish this?

    A. $ nmap ""PE 192.168.1.7
    B. $ ping --PE 192.168.1.7
    C. $ nmap --traceroute 192.168.1.7
    D. $ nmap ""PO 192.168.1.7

  • Question 808:

    A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of the following would be the BEST course of action for the analyst to take?

    A. Investigate a potential incident.
    B. Verify user permissions.
    C. Run a vulnerability scan.
    D. Verify SLA with cloud provider.

  • Question 809:

    A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

    A. Disable the appropriate settings in the administrative template of the Group Policy.
    B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.
    C. Modify the registry keys that correlate with the access settings for the System32 directory.
    D. Remove the user's permissions from the various system executables.

  • Question 810:

    An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

    A. Wireshark
    B. Qualys
    C. netstat
    D. nmap
    E. ping

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.