CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 181:

    Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, and how it was remediated, in addition to incident response effectiveness and any identified gaps needing improvement?

    A. Forensic analysis report
    B. Chain of custody report
    C. Trends analysis report
    D. Lessons learned report

  • Question 182:

    A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.

    Which of the following is MOST likely causing the issue?

    A. A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.
    B. Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.
    C. A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.
    D. Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.

  • Question 183:

    An analyst suspects a large database that contains customer information and credit card data was exfiltrated to a known hacker group in a foreign country. Which of the following incident response steps should the analyst take FIRST?

    A. Immediately notify law enforcement, as they may be able to help track down the hacker group before customer information is disseminated.
    B. Draft and publish a notice on the company's website about the incident, as PCI regulations require immediate disclosure in the case of a breach of PII or card data.
    C. Isolate the server, restore the database to a time before the vulnerability occurred, and ensure the database is encrypted.
    D. Document and verify all evidence and immediately notify the company's Chief Information Security Officer (CISO) to better understand the next steps.

  • Question 184:

    A cybersecurity consultant found common vulnerabilities across the following services used by multiple servers at an organization: VPN, SSH, and HTTPS. Which of the following is the MOST likely reason for the discovered vulnerabilities?

    A. Leaked PKI private key
    B. Vulnerable version of OpenSSL
    C. Common initialization vector
    D. Weak level of encryption entropy
    E. Vulnerable implementation of PEAP

  • Question 185:

    The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?

    A. The security analysts should not respond to internal audit requests during an active investigation
    B. The security analysts should report the suspected breach to regulators when an incident occurs
    C. The security analysts should interview system operators and report their findings to the internal auditors
    D. The security analysts should limit communication to trusted parties conducting the investigation

  • Question 186:

    A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and

    the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.

    Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)

    A. Cardholder data
    B. Intellectual property
    C. Personal health information
    D. Employee records
    E. Corporate financial data

  • Question 187:

    When reviewing network traffic, a security analyst detects suspicious activity:

    Based on the log above, which of the following vulnerability attacks is occurring?

    A. ShellShock
    B. DROWN
    C. Zeus
    D. Heartbleed
    E. POODLE

  • Question 188:

    A company has a popular shopping cart website hosted geographically diverse locations. The company has started hosting static content on a content delivery network (CDN) to improve performance. The CDN provider has reported the company is occasionally sending attack traffic to other CDN-hosted targets.

    Which of the following has MOST likely occurred?

    A. The CDN provider has mistakenly performed a GeoIP mapping to the company.
    B. The CDN provider has misclassified the network traffic as hostile.
    C. A vulnerability scan has tuned to exclude web assets hosted by the CDN.
    D. The company has been breached, and customer PII is being exfiltrated to the CDN.

  • Question 189:

    The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

    A. Execute the ver command
    B. Execute the nmap -p command
    C. Use Wireshark to export a list
    D. Use credentialed configuration

  • Question 190:

    A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization's internal and external network infrastructure. As part of the project, a team of external

    contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication

    weaknesses in the infrastructure.

    The scope of activity as described in the statement of work is an example of:

    A. session hijacking
    B. vulnerability scanning
    C. social engineering
    D. penetration testing
    E. friendly DoS

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.