CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 231:

    Which of the following utilities could be used to resolve an IP address to a domain name, assuming the address has a PTR record?

    A. ifconfig
    B. ping
    C. arp
    D. nbtstat

  • Question 232:

    A security analyst at a small regional bank has received an alert that nation states are attempting to infiltrate financial institutions via phishing campaigns. Which of the following techniques should the analyst recommend as a proactive measure to defend against this type of threat?

    A. Honeypot
    B. Location-based NAC
    C. System isolation
    D. Mandatory access control
    E. Bastion host

  • Question 233:

    As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following types of testing is being performed?

    A. Fuzzing
    B. Regression testing
    C. Stress testing
    D. Input validation

  • Question 234:

    During a red team engagement, a penetration tester found a production server. Which of the following portions of the SOW should be referenced to see if the server should be part of the testing engagement?

    A. Authorization
    B. Exploitation
    C. Communication
    D. Scope

  • Question 235:

    Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.

    Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

    A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
    B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
    C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.
    D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

  • Question 236:

    Scan results identify critical Apache vulnerabilities on a company's web servers. A security analyst believes many of these results are false positives because the web environment mostly consists of Windows servers. Which of the following is the BEST method of verifying the scan results?

    A. Run a service discovery scan on the identified servers.
    B. Refer to the identified servers in the asset inventory.
    C. Perform a top-ports scan against the identified servers.
    D. Review logs of each host in the SIEM.

  • Question 237:

    A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response?

    A. Increase the company's bandwidth.
    B. Apply ingress filters at the routers.
    C. Install a packet capturing tool.
    D. Block all SYN packets.

  • Question 238:

    In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:

    Based on the output of the scan, which of the following is the BEST answer?

    A. Failed credentialed scan
    B. Failed compliance check
    C. Successful sensitivity level check
    D. Failed asset inventory

  • Question 239:

    The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization's email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

    A. Post of the company blog
    B. Corporate-hosted encrypted email
    C. VoIP phone call
    D. Summary sent by certified mail
    E. Externally hosted instant message

  • Question 240:

    A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?

    A. nmap
    B. tracert
    C. ping -a
    D. nslookup

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.