CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 201:

    Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".

    The administrator observed the following about the three servers:

    The servers are not accessible by the Internet AV programs indicate the servers have had malware as recently as two weeks ago The SIEM shows unusual traffic in the last 20 days Integrity validation of system files indicates unauthorized modifications

    Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).

    A. Servers may have been built inconsistently
    B. Servers may be generating false positives via the SIEM
    C. Servers may have been tampered with
    D. Activate the incident response plan
    E. Immediately rebuild servers from known good configurations
    F. Schedule recurring vulnerability scans on the servers

  • Question 202:

    A company provides wireless connectivity to the internal network from all physical locations for company-owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?

    A. The access point is blocking access by MAC address. Disable MAC address filtering.
    B. The network is not available. Escalate the issue to network support.
    C. Expired DNS entries on users' devices. Request the affected users perform a DNS flush.
    D. The access point is a rogue device. Follow incident response procedures.

  • Question 203:

    A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?

    A. Draft a new MOU to include response incentive fees.
    B. Reengineer the BPA to meet the organization's needs.
    C. Modify the SLA to support organizational requirements.
    D. Implement an MOA to improve vendor responsiveness.

  • Question 204:

    Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

    A. Mobile devices
    B. All endpoints
    C. VPNs
    D. Network infrastructure
    E. Wired SCADA devices

  • Question 205:

    An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host 192.168.1.13 is shown below:

    Which of the following statements is true?

    A. Running SSH on the Telnet port will now be sent across an unencrypted port.
    B. Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability
    C. Running SSH on port 23 provides little additional security from running it on the standard port.
    D. Remote SSH connections will automatically default to the standard SSH port.
    E. The use of OpenSSH on its default secure port will supersede any other remote connection attempts.

  • Question 206:

    A security analyst is creating ACLs on a perimeter firewall that will deny inbound packets that are from internal addresses, reversed external addresses, and multicast addresses. Which of the following is the analyst attempting to prevent?

    A. Broadcast storms
    B. Spoofing attacks
    C. DDoS attacks
    D. Man-in-the-middle attacks

  • Question 207:

    A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?

    A. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
    B. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
    C. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
    D. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.

  • Question 208:

    A recently issued audit report highlighted exceptions related to end-user handling of sensitive data and access credentials. A security manager is addressing the findings. Which of the following activities should be implemented?

    A. Update the password policy
    B. Increase training requirements
    C. Deploy a single sign-on platform
    D. Deploy Group Policy Objects

  • Question 209:

    A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service. Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?

    A. Sinkhole
    B. Block ports and services
    C. Patches
    D. Endpoint security

  • Question 210:

    After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

    A. privilege escalation.
    B. advanced persistent threat.
    C. malicious insider threat.
    D. spear phishing.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.