1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 881:

    Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:

    A. sniffing
    B. hardening
    C. hashing D. sandboxing

  • Question 882:

    A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in % TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

    A. DDoS
    B. APT
    C. Ransomware
    D. Software vulnerability

  • Question 883:

    A Chief Executive Officer (CEO) is concerned the company will be exposed lo data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

    A. Data masking procedures
    B. Enhanced encryption functions
    C. Regular business impact analysis functions
    D. Geographic access requirements

  • Question 884:

    Which of the following SCAP standards provides standardization for measuring and describing the severity of security-related software flaws?

    A. OVAL
    B. CVSS
    C. CVE
    D. CCE

  • Question 885:

    Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

    A. Mobile devices
    B. All endpoints
    C. VPNs
    D. Network infrastructure
    E. Wired SCADA devices

  • Question 886:

    HOTSPOT

    The developers recently deployed new code to three web servers. A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.

    If the venerability is not valid, the analyst must take the proper steps to get the scan clean.

    If the venerability is valid, the analyst must remediate the finding.

    After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

    INTRUCTIONS:

    The simulation includes 2 steps.

    Step1:Review the information provided in the network diagram and then move to the STEP 2 tab.

    STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.

    Hot Area:

  • Question 887:

    A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports. Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access?

    A. Apply a firewall application server rule.
    B. Whitelist the application server.
    C. Sandbox the application server.
    D. Enable port security.
    E. Block the unauthorized networks.

  • Question 888:

    Joe, a user, is unable to launch an application on his laptop, which he typically uses on a daily basis. Joe informs a security analyst of the issue. After an online database comparison, the security analyst checks the SIEM and notices alerts indicating certain .txt and .dll files are blocked. Which of the following tools would generate these logs?

    A. Antivirus
    B. HIPS
    C. Firewall
    D. Proxy

  • Question 889:

    An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?

    A. Netflow analysis
    B. Behavioral analysis
    C. Vulnerability analysis
    D. Risk analysis

  • Question 890:

    A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

    A. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
    B. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
    C. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
    D. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.