CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 221:

    A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

    A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
    B. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
    C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
    D. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port
    E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking

  • Question 222:

    During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of human resources has been logging in from multiple external locations, including several overseas. Further review of the account showed access rights to a number of corporate applications, including a sensitive accounting application used for employee bonuses. Which of the following security methods could be used to mitigate this risk?

    A. RADIUS identity management
    B. Context-based authentication
    C. Privilege escalation restrictions
    D. Elimination of self-service password resets

  • Question 223:

    After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company's computer.

    Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

    A. DENY TCP ANY HOST 10.38.219.20 EQ 3389
    B. DENY IP HOST 10.38.219.20 ANY EQ 25
    C. DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389
    D. DENY TCP ANY HOST 192.168.1.10 EQ 25

  • Question 224:

    As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

    A. Timing of the scan
    B. Contents of the executive summary report
    C. Excluded hosts
    D. Maintenance windows
    E. IPS configuration
    F. Incident response policies

  • Question 225:

    An organization is performing vendor selection activities for penetration testing, and a security analyst is reviewing the MOA and rules of engagement, which were supplied with proposals. Which of the following should the analyst expect will be included in the documents and why?

    A. The scope of the penetration test should be included in the MOA to ensure penetration testing is conducted against only specifically authorized network resources.
    B. The MOA should address the client SLA in relation to reporting results to regulatory authorities, including issuing banks for organizations that process cardholder data.
    C. The rules of engagement should include detailed results of the penetration scan, including all findings, as well as designation of whether vulnerabilities identified during the scanning phases are found to be exploitable during the penetration test.
    D. The exploitation standards should be addressed in the rules of engagement to ensure both parties are aware of the depth of exploitation that will be attempted by penetration testers.

  • Question 226:

    A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had been compromised. Upon investigating the incident, the cybersecurity analyst found that a brute

    force attack was launched against the company.

    Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?

    A. Prohibit password reuse using a GPO.
    B. Deploy multifactor authentication.
    C. Require security awareness training.
    D. Implement DLP solution.

  • Question 227:

    Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day. Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)

    A. Install a web monitor application to track Internet usage after hours.
    B. Configure a policy for workstation account timeout at three minutes.
    C. Configure NAC to set time-based restrictions on the accounting group to normal business hours.
    D. Configure mandatory access controls to allow only accounting department users to access the workstations.
    E. Set up a camera to monitor the workstations for unauthorized use.

  • Question 228:

    After reviewing security logs, it is noticed that sensitive data is being transferred over an insecure network. Which of the following would a cybersecurity analyst BEST recommend that the organization implement?

    A. Use a VPN
    B. Update the data classification matrix.
    C. Segment the networks.
    D. Use FIM.
    E. Use a digital watermark.

  • Question 229:

    An analyst received a forensically sound copy of an employee's hard drive. The employee's manager suspects inappropriate images may have been deleted from the hard drive. Which of the following could help the analyst recover the deleted evidence?

    A. File hashing utility
    B. File timestamps
    C. File carving tool
    D. File analysis tool

  • Question 230:

    An investigation showed a worm was introduced from an engineer's laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to company policy and technical controls. Which of the following would be the MOST secure control implement?

    A. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
    B. Implement role-based group policies on the management network for client access.
    C. Utilize a jump box that is only allowed to connect to clients from the management network.
    D. Deploy a company-wide approved engineering workstation for management access.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.