1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 891:

    A company provides wireless connectivity to the internal network from all physical locations for company-owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?

    A. The access point is blocking access by MAC address. Disable MAC address filtering.
    B. The network is not available. Escalate the issue to network support.
    C. Expired DNS entries on users' devices. Request the affected users perform a DNS flush.
    D. The access point is a rogue device. Follow incident response procedures.

  • Question 892:

    A company's IDP/DLP solution triggered the following alerts: Which of the following alerts should a security analyst investigate FIRST?

    A. A
    B. B
    C. C
    D. D
    E. E

  • Question 893:

    A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

    Based on the output, which of the following services should be further tested for vulnerabilities?

    A. SSH
    B. HTTP
    C. SMB
    D. HTTPS

  • Question 894:

    While reviewing web server logs, a security analyst notices the following code:

    Which of the following would prevent this code from performing malicious actions?

    A. Performing web application penetration testing
    B. Requiring the application to use input validation
    C. Disabling the use of HTTP and requiring the use of HTTPS
    D. Installing a network firewall in front of the application

  • Question 895:

    A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

    A. Make a copy of the hard drive.
    B. Use write blockers.
    C. Run rm -R command to create a hash.
    D. Install it on a different machine and explore the content.

  • Question 896:

    A company recently experienced multiple DNS DDoS attacks, and the information security analyst must provide a DDoS solution to deploy in the company's datacenter Which of the following would BEST prevent future attacks?

    A. Configure a sinkhole on the router.
    B. Buy a UTM to block the number of requests.
    C. Route the queries on the DNS server to 127.0.0.1.
    D. Call the Internet service provider to block the attack.

  • Question 897:

    A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

    A. Logs may contain incorrect information.
    B. SAML logging is not supported for cloud-based authentication.
    C. Access to logs may be delayed for some time.
    D. Log data may be visible to other customers.

  • Question 898:

    As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for Mergence gathering?

    A. Update the whitelist.
    B. Develop a malware signature.
    C. Sinkhole the domains
    D. Update the Blacklist

  • Question 899:

    A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost- paymonts .conf file The output of the diff command against the known-good backup reads as follows:

    SecRule ARGS:Card "@rx ([0-9]+" "id:123456,pass,capture,proxy:https://10.0.0.128/% (matched_var),nolog,noauditlog"

    Which of the following MOST likely occurred?

    A. The file was altered to accept payments without charging the cards
    B. The file was altered to avoid logging credit card information
    C. The file was altered to verify the card numbers are valid.
    D. The file was altered to harvest credit card numbers

  • Question 900:

    During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following, should the analyst use to extract human-readable content from the partition?

    A. strings
    B. head
    C. fsstat
    D. dd

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.