1. Home
  2. CompTIA
  3. CS0-002

CompTIA CS0-002 Online Practice Questions and Exam Preparation

CS0-002 Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :May 30, 2026

CompTIA CS0-002 Online Questions & Answers

  • Question 981:

    A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons-learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

    A. Enabling sandboxing technology
    B. Purchasing cyber insurance
    C. Enabling application blacklisting
    D. Installing a firewall between the workstations and Internet

  • Question 982:

    Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

    A. ACL
    B. SIEM
    C. MAC
    D. NAC
    E. SAML

  • Question 983:

    A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

    A. detection and prevention capabilities to improve.
    B. which systems were exploited more frequently.
    C. possible evidence that is missing during forensic analysis.
    D. which analysts require more training.
    E. the time spent by analysts on each of the incidents.

  • Question 984:

    A technician is troubleshooting a desktop computer with low disk space. The technician reviews the following information snippets: Which of the following should the technician do to BEST resolve the issue based on the above information? (Choose two.)

    A. Delete the movies/movies directory
    B. Disable the movieDB service
    C. Enable OS auto updates
    D. Install a file integrity tool
    E. Defragment the disk

  • Question 985:

    A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

    Antivirus is installed on the remote host:

    Installation path: C:\Program Files\AVProduct\Win32\

    Product Engine: 14.12.101

    Engine Version: 3.5.71

    Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.

    The engine version is out of date. The oldest supported version from the vendor is 4.2.11.

    The analyst uses the vendor's website to confirm the oldest supported version is correct.

    Which of the following BEST describes the situation?

    A. This is a false positive, and the scanning plugin needs to be updated by the vendor.
    B. This is a true negative, and the new computers have the correct version of the software.
    C. This is a true positive, and the new computers were imaged with an old version of the software.
    D. This is a false negative, and the new computers need to be updated by the desktop team.

  • Question 986:

    Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:

    A. vulnerability scanning.
    B. threat hunting.
    C. red learning.
    D. penetration testing.

  • Question 987:

    While analyzing logs from a WAF, a cybersecurity analyst finds the following:

    "GET /form.php?id=463225%2b%2575%256e%2569%256f%256e%2b%2573%2574% 2box3133333731,1223,1224andname=andstate=IL"

    Which of the following BEST describes what the analyst has found?

    A. This is an encrypted GET HTTP request
    B. A packet is being used to bypass the WAF
    C. This is an encrypted packet
    D. This is an encoded WAF bypass

  • Question 988:

    An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization's network and identify active hosts. An analyst sees the following output from a packet capture:

    Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?

    A. flags=RA indicates the testing team is using a Christmas tree attack
    B. ttl=64 indicates the testing team is setting the time to live below the firewall's threshold
    C. 0 data bytes indicates the testing team is crafting empty ICMP packets
    D. NO FLAGS are set indicates the testing team is using hping

  • Question 989:

    A manager asks a security analyst to provide the web-browsing history of an employee. Which of the following should the analyst do first?

    A. Obtain permission to perform the search.
    B. Obtain the web-browsing history from the proxy.
    C. Obtain the employee's network ID to form the query.
    D. Download the browsing history, encrypt it, and hash it.

  • Question 990:

    A security analyst is running a routine vulnerability scan against a web farm. The farm consists of a single server acting as a load-balancing reverse proxy and offloads cryptographic processes to the backend servers. The backend servers consist of four servers that process the inquiries for the front end.

    A web service SSL query of each server responds with the same output:

    Connected (0x000003) depth=0 /0=farm.company.com/CN=farm.company.com/OU=Domain Control Validated Which of the following results BEST addresses these findings?

    A. Advise the application development team that the SSL certificates on the backend servers should be revoked and reissued to match their hostnames
    B. Notify the application development team of the findings and advise management of the results
    C. Create an exception in the vulnerability scanner, as the results and false positives and can be ignored safely
    D. Require that the application development team renews the farm certificate and includes a wildcard for the `local' domain in the certificate SAN field

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.