CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 191:

    During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

    A. Static code analysis
    B. Peer review code
    C. Input validation
    D. Application fuzzing

  • Question 192:

    An organization subscribes to multiple third-party security intelligence feeds. It receives a notification from one of these feeds indicating a zero-day malware attack is impacting the SQL server prior to SP 2. The notification also indicates that infected systems attempt to communicate to external IP addresses on port 2718 to download additional payload. After consulting with the organization's database administrator, it is determined that there are several SQL servers that are still on SP 1, and none of the SQL servers would normally communicate over port 2718. Which of the following is the BEST mitigation step to implement until the SQL servers can be upgraded to SP 2 with minimal impact to the network?

    A. Create alert rules on the IDS for all outbound traffic on port 2718 from the IP addresses if the SQL servers running SQL SP 1
    B. On the organization's firewalls, create a new rule that blocks outbound traffic on port 2718 from the IP addresses of the servers running SQL SP 1
    C. Place all the SQL servers running SP 1 on a separate subnet On the firewalls, create a new rule blocking connections to destination addresses external to the organization's network
    D. On the SQL servers running SP 1, install vulnerability scanning software

  • Question 193:

    Which of the following tools should an analyst use to scan for web server vulnerabilities?

    A. Wireshark
    B. Qualys
    C. ArcSight
    D. SolarWinds

  • Question 194:

    An application contains the following log entries in a file named "authlog.log":

    A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?

    A. grep –e “successfully” authlog.log | awk ‘{print $2}’ | sed s/\’//g
    B. cat authlog.log | grep “2016-01-01” | echo “valid username found: $2”
    C. echo authlog.log > sed ‘s/User//’ | print “username exists: $User”
    D. cat “authlog.log” | grep “User” | cut –F’ ‘ | echo “username exists: $1”

  • Question 195:

    A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report the applications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day. Which of the following should a security architect recommend to improve the end-user experience without lowering the security posture?

    A. Configure directory services with a federation provider to manage accounts.
    B. Create a group policy to extend the default system lockout period.
    C. Configure a web browser to cache the user credentials.
    D. Configure user accounts for self-service account management.

  • Question 196:

    Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potential impacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is this considered to be?

    A. Threat intelligence
    B. Threat information
    C. Threat data
    D. Advanced persistent threats

  • Question 197:

    A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

    A. Fuzzing
    B. Behavior modeling
    C. Static code analysis
    D. Prototyping phase
    E. Requirements phase
    F. Planning phase

  • Question 198:

    A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor's laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

    A. Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.
    B. Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
    C. Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.
    D. Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
    E. Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.

  • Question 199:

    Which of the following describes why it is important for an organization's incident response team and legal department to meet and discuss communication processes during the incident response process?

    A. To comply with existing organization policies and procedures on interacting with internal and external parties
    B. To ensure all parties know their roles and effective lines of communication are established
    C. To identify which group will communicate details to law enforcement in the event of a security incident
    D. To predetermine what details should or should not be shared with internal or external parties in the event of an incident

  • Question 200:

    A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?

    A. Phishing
    B. Social engineering
    C. Man-in-the-middle
    D. Shoulder surfing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.