CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 101:

    A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment. Which of the following statements are MOST likely applicable? (Choose two.)

    A. Remediation is likely to require some form of compensating control.
    B. Microsoft's published schedule for updates and patches for Win2003SE have continued uninterrupted.
    C. Third-party vendors have addressed all of the necessary updates and patches required by Win2003SE.
    D. The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.
    E. Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.

  • Question 102:

    Given the following output from a Linux machine:

    file2cable 璱 eth0 -f file.pcap

    Which of the following BEST describes what a security analyst is trying to accomplish?

    A. The analyst is attempting to measure bandwidth utilization on interface eth0.
    B. The analyst is attempting to capture traffic on interface eth0.
    C. The analyst is attempting to replay captured data from a PCAP file.
    D. The analyst is attempting to capture traffic for a PCAP file.
    E. The analyst is attempting to use a protocol analyzer to monitor network traffic.

  • Question 103:

    An insurance company employs quick-response team drivers that carry corporate-issued mobile devices with the insurance company's app installed on them. Devices are configuration-hardened by an MDM and kept up to date. The employees use the app to collect insurance claim information and process payments. Recently, a number of customers have filed complaints of credit card fraud against the insurance company, which occurred shortly after their payments were processed via the mobile app. The cyber-incident response team has been asked to investigate. Which of the following is MOST likely the cause?

    A. The MDM server is misconfigured.
    B. The app does not employ TLS.
    C. USB tethering is enabled.
    D. 3G and less secure cellular technologies are not restricted.

  • Question 104:

    After an internal audit, it was determined that administrative logins need to use multifactor authentication or a 15-character key with complexity enabled. Which of the following policies should be updates to reflect this change? (Choose two.)

    A. Data ownership policy
    B. Password policy
    C. Data classification policy
    D. Data retention policy
    E. Acceptable use policy
    F. Account management policy

  • Question 105:

    A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform?

    A. Continue monitoring critical systems.
    B. Shut down all server interfaces.
    C. Inform management of the incident.
    D. Inform users regarding the affected systems.

  • Question 106:

    An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

    A. Log review
    B. Service discovery
    C. Packet capture
    D. DNS harvesting

  • Question 107:

    An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has received the following output from the latest scan: The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap interrogate the ports on the target in more detail. Which of the following commands should the penetration tester use NEXT?

    A. nmap 璼V 192.168.1.13 璸1417
    B. nmap 璼S 192.168.1.13 璸1417
    C. sudo nmap 璼S 192.168.1.13
    D. nmap 192.168.1.13 璿

  • Question 108:

    A technician receives a report that a user's workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running the back of the user's VoIP phone is routed directly under the rolling chair and

    has been smashed flat over time.

    Which of the following is the most likely cause of this issue?

    A. Cross-talk
    B. Electromagnetic interference
    C. Excessive collisions
    D. Split pairs

  • Question 109:

    A cybersecurity analyst is conducting packet analysis on the following:

    Which of the following is occurring in the given packet capture?

    A. ARP spoofing
    B. Broadcast storm
    C. Smurf attack
    D. Network enumeration
    E. Zero-day exploit

  • Question 110:

    A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

    A. Install agents on the endpoints to perform the scan
    B. Provide each endpoint with vulnerability scanner credentials
    C. Encrypt all of the traffic between the scanner and the endpoint
    D. Deploy scanners with administrator privileges on each endpoint

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.