CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 131:

    A Linux-based file encryption malware was recently discovered in the wild. Prior to running the malware on a preconfigured sandbox to analyze its behavior, a security professional executes the following command:

    umount –a –t cifs,nfs

    Which of the following is the main reason for executing the above command?

    A. To ensure the malware is memory bound.
    B. To limit the malware's reach to the local host.
    C. To back up critical files across the network
    D. To test if the malware affects remote systems

  • Question 132:

    The service desk has received several calls from the remote workforce group stating they have experienced degradation in services The security analyst discovers all the remote laptops have become infected with a known virus that was introduced by a known application weakness. Which of the following is the BEST course of action to ensure the remote workers do not experience this issue in the future?

    A. Communicate to the remote workers that company laptops are for work purposes only.
    B. Configure the devices to access the Internet through the corporate network only.
    C. Ensure devices receive software updates and definitions upon connecting to the internal network.
    D. Develop and configure a whitelist on each laptop for authored, business-related websites only.

  • Question 133:

    A suite of three production servers that were originally configured identically underwent the same vulnerability scans. However, recent results revealed the three servers has different critical vulnerabilities. The servers are not accessible by the Internet, and AV programs have not detected any malware. The servers' syslog files do not show any unusual traffic since they were installed and are physically isolated in an off-site datacenter. Checksum testing of random executables does not reveal tampering. Which of the following scenarios is MOST likely?

    A. Servers have not been scanned with the latest vulnerability signature
    B. Servers have been attacked by outsiders using zero-day vulnerabilities
    C. Servers were made by different manufacturers
    D. Servers have received different levels of attention during previous patch management events

  • Question 134:

    A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:

    Which of the following traffic patterns or data would be MOST concerning to the security analyst?

    A. Port used for SMTP traffic from 73.252.34.101
    B. Unencrypted password sent from 103.34.243.12
    C. Anonymous access granted by 103.34.243.12
    D. Ports used for HTTP traffic from 202.53.245.78

  • Question 135:

    An analyst is conducting a log review and identifies the following snippet in one of the logs:

    Which of the following MOST likely caused this activity?

    A. SQL injection
    B. Privilege escalation
    C. Forgotten password
    D. Brute force

  • Question 136:

    A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website?

    A. VPN
    B. Honeypot
    C. Whitelisting
    D. DMZ
    E. MAC filtering

  • Question 137:

    An organization has a policy prohibiting remote administration of servers where web services are running. One of the Nmap scans is shown here:

    Given the organization's policy, which of the following services should be disabled on this server?

    A. rpcbind
    B. netbios-ssn
    C. mysql
    D. ssh
    E. telnet

  • Question 138:

    Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:

    tftp –I 10.1.1.1 GET fourthquarterreport.xls

    Which of the following is the BEST course of action?

    A. Continue to monitor the situation using tools to scan for known exploits.
    B. Implement an ACL on the perimeter firewall to prevent data exfiltration.
    C. Follow the incident response procedure associate with the loss of business critical data.
    D. Determine if any credit card information is contained on the server containing the financials.

  • Question 139:

    A threat intelligence analyst who works for a financial services firm received this report:

    "There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector."

    The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).

    A. Advise the firewall engineer to implement a block on the domain
    B. Visit the domain and begin a threat assessment
    C. Produce a threat intelligence message to be disseminated to the company
    D. Advise the security architects to enable full-disk encryption to protect the MBR
    E. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"
    F. Format the MBR as a precaution

  • Question 140:

    A company installed a wireless network more than a year ago, standardizing on the same model APs in a single subnet. Recently, several users have reported timeouts and connection issues with Internet browsing. The security administrator has gathered some information about the network to try to recreate the issues with the assistance of a user. The administrator is able to ping every device on the network and confirms that the network is very slow.

    Output:

    Given the above results, which of the following should the administrator investigate FIRST?

    A. The AP-Workshop device
    B. The AP-Reception device
    C. The device at 192.168.1.4
    D. The AP-IT device
    E. The user's PC

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.