CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 121:

    An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?

    A. MAC
    B. TAP
    C. NAC
    D. ACL

  • Question 122:

    An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:

    Which of the following commands would have generated the output above?

    A. 璶map 璼V 192.168.1.13 璸 80
    B. 璶map 璼P 192.168.1.0/24 璸 ALL
    C. 璶map 璼V 192.168.1.1 璸 80
    D. 璶map 璼P 192.168.1.13 璸 ALL

  • Question 123:

    An analyst has initiated an assessment of an organization's security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

    A. Fingerprinting
    B. DNS query log reviews
    C. Banner grabbing
    D. Internet searches
    E. Intranet portal reviews
    F. Sourcing social network sites
    G. Technical control audits

  • Question 124:

    A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

    A. A compensating control
    B. Altering the password policy
    C. Creating new account management procedures
    D. Encrypting authentication traffic

  • Question 125:

    Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

    A. Incident response plan
    B. Lessons learned report
    C. Reverse engineering process
    D. Chain of custody documentation

  • Question 126:

    A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?

    A. Contact the Office of Civil Rights (OCR) to report the breach
    B. Notify the Chief Privacy Officer (CPO)
    C. Activate the incident response plan
    D. Put an ACL on the gateway router

  • Question 127:

    A SIEM alert occurs with the following output:

    Which of the following BEST describes this alert?

    A. The alert is a false positive; there is a device with dual NICs
    B. The alert is valid because IP spoofing may be occurring on the network
    C. The alert is a false positive; both NICs are of the same brand
    D. The alert is valid because there may be a rogue device on the network

  • Question 128:

    HOTSPOT

    A security analyst performs various types of vulnerability scans.

    You must review the vulnerability scan results to determine the type of scan that was executed and determine if a false positive occurred for each device.

    Instructions:

    Select the drop option for whether the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

    For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a

    second time.

    Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

    The Linux Web Server, File-Print Server and Directory Server are draggable.

    If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the

    Next button to continue.

    Hot Area:

  • Question 129:

    A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

    A. The security analyst should recommend this device be placed behind a WAF.
    B. The security analyst should recommend an IDS be placed on the network segment.
    C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
    D. The security analyst should recommend this device be included in regular vulnerability scans.

  • Question 130:

    An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.

    The output from a recent Apache web server scan is shown below:

    The team performs some investigation and finds this statement from Apache on 07/02/2008:

    "Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"

    Which of the following conditions would require the team to perform remediation on this finding?

    A. The organization is running version 2.2.6 and has ExtendedStatus enabled
    B. The organization is running version 2.0.59 is not using a public-server-status page
    C. The organization is running version 1.3.39 and is using a public-server-status page
    D. The organization is running version 2.0.5 and has ExtendedStatus enabled

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.