Comments on the CySA CS0-002 Exam and PBQs

As an instructor for the CompTIA CySA+ CS0-002 exam, I like to receive feedback from students who have taken the test, and I collect those comments here, for other students to use a preparatory material.  I have done this previously for the CISSP exam.  This one is dedicated to the Cybersecurity Analyst certification.

First, there is a great CompTIA certification site on Reddit at  An example of a useful post follows, although this Reddit post has been taken down, supposedly “by the author” which he denies.  I suspect it may have been removed at the request of CompTIA.  Maybe too much good information?  If someone has an off-line, or off-Reddit copy, please share with me and I will include it here.

iCyberVenom – Look at my post for CySA+! I list many of the logs you’ll be expected to interpret. Learn those and you should be good. Don’t let them intimidate you…. they’re basically command line spreadsheets…look at the “columns of data”, determine what kind of data is displayed, answer the questions you’re being asked on the exam. There is no expectation for you to know every variation of every log, but you should at least know the different types of logs and what data they contain.

These are a collection of exam comments from a student of mine.  He passed.  We were using a set of CySA+ practice questions in PDF format, which I am attaching.  The PBQ example which is the last question 69 is evidently spot on.

Anon – Just a quick note to thank you again for your time last week, your CySA+ Boot Camp was a great help.  Also, I wanted to let you know that I passed my CysA+ Exam yesterday.

One thing I wanted to make you aware of, although the sample test questions that we used (not the pretest questions on the InfoSec site) were almost identical to the questions on the exam, I was very surprised when I got under an 800 when I felt like I knew almost every answer based upon the answers given in the practice questions.

 In other words, the practice questions themselves were very good, but I think that some of the answers that they gave were suspect.  Had the answers to the practice exam questions been all correct, I should have been in the high 800s.  (Bob’s Comment – During the class, as we used the practice questions, there were questions where I disagreed with the provided answer.  So memorizing answers would not help you, you need to decide for yourself based on what you learned and what you know.)

So my advice would be to use the practice questions but I would take the answers given with a grain of salt and have the students do their own research as to what the correct answers were.

There were two PBQ’s

The one simulation (PBQ) we went through that was in the practice exam was on the actual exam, and the other one, I’m pretty sure that I nailed that one as well.  (Updating various servers versions of Apache and TLS using simulated nMap output.)

In the other one the scenario was that nearly 100 employees received a phishing email. In the PBQ, the objective was to determine:  How many employees responded to the phishing email by clicking on the link in the email, how many employees’ workstations were compromised, and what the name of the malicious file is.

If you display the phishing email, and hover over the link, you can you get the domain name of the source of the phishing email. In the Email server logs you see who all received the phishing email from the domain, but otherwise that information is pretty much useless

The other server logs (SIEM, etc) will show the IP addresses of the employees that clicked on the email from the domain that you obtained from the phishing email, and which of those 7 IP addresses had a write operation and what the name of the related (malicious) file is  In the logs you have to scroll to the right to get the name of the malicious file.

I also found over 40 additional CS0-002 questions some of which were on the exam at:


These are free questions, you just have to register your email to get free access.

They do have some questions that you have to pay for, but they are probably the same questions that you already have as questions 1-40 or so in the test questions that you already have.  So that might give you some more really good questions to use in your review.





About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at


  1. James  July 29, 2022

    The answer to Question #25 is incorrect.

    A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are
    currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the
    operations team to create a policy that will automatically disable the services for all workstations in the

    Which of the following BEST describes the security analyst’s goal?
    A. To create a system baseline
    B. To reduce the attack surface
    C. To optimize system performance
    D. To improve malware detection

    Correct Answer: C

    This answer should most certainly be B. To reduce the attack surface

  2. bobwyzguy  July 29, 2022

    James – I would agree with your comment. This is always a possibility when using practice questions – sometimes the author gets it wrong.

  3. Nick Anthis  May 26, 2023

    Thank you for all these resources!

  4. Dom  February 15, 2024

    I would not use that practice test at all if you want to keep your sanity and actually pass the exam. As already pointed out in the article, I would go as far as saying , most of the answers are just wrong.


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.