CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 241:

    Given the following access log:

    Which of the following accurately describes what this log displays?

    A. A vulnerability in jQuery
    B. Application integration with an externally hosted database
    C. A vulnerability scan performed from the Internet
    D. A vulnerability in Javascript

  • Question 242:

    Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?

    A. Endpoints
    B. VPN concentrators
    C. Virtual hosts
    D. SIEM
    E. Layer 2 switches

  • Question 243:

    A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

    A. TCP
    B. SMTP
    C. ICMP
    D. ARP

  • Question 244:

    A security analyst positively identified the threat, vulnerability, and remediation. The analyst is ready to implement the corrective control. Which of the following would be the MOST inhibiting to applying the fix?

    A. Requiring a firewall reboot.
    B. Resetting all administrator passwords.
    C. Business process interruption.
    D. Full desktop backups.

  • Question 245:

    A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used to BEST protect the network in response to this alert? (Choose two.)

    A. Set up a sinkhole for that dynamic DNS domain to prevent communication.
    B. Isolate the infected endpoint to prevent the potential spread of malicious activity.
    C. Implement an internal honeypot to catch the malicious traffic and trace it.
    D. Perform a risk assessment and implement compensating controls.
    E. Ensure the IDS is active on the network segment where the endpoint resides.

  • Question 246:

    Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

    Which of the following would BEST accomplish the task assigned to the analyst?

    A. 3 [0-9]\d-2[0-9]\d-4[0-9]\d
    B. \d(3)-d(2)-\d(4)
    C. ?[3]-?[2]-?[3]
    D. \d[9] `XXX-XX-XX'

  • Question 247:

    A server contains baseline images that are deployed to sensitive workstations on a regular basis. The images are evaluated once per month for patching and other fixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?

    A. Install and configure a file integrity monitoring tool on the server and allow updates to the images each month.
    B. Schedule vulnerability scans of the server at least once per month before the images are updated.
    C. Require the use of two-factor authentication for any administrator or user who needs to connect to the server.
    D. Install a honeypot to identify any attacks before the baseline images can be compromised.

  • Question 248:

    A newly discovered malware has a known behavior of connecting outbound to an external destination on port 27500 for the purposes of exfiltrating data. The following are four snippets taken from running netstat 璦n on separate Windows workstations:

    Based on the above information, which of the following is MOST likely to be exposed to this malware?

    A. Workstation A
    B. Workstation B
    C. Workstation C
    D. Workstation D

  • Question 249:

    An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

    A. Reports indicate that findings are informational.
    B. Any items labeled `low' are considered informational only.
    C. The scan result version is different from the automated asset inventory.
    D. `HTTPS' entries indicate the web page is encrypted securely.

  • Question 250:

    A security analyst notices PII has been copied from the customer database to an anonymous FTP server in the DMZ. Firewall logs indicate the customer database has not been accessed from anonymous FTP server. Which of the following departments should make a decision about pursuing further investigation? (Choose two.)

    A. Human resources
    B. Public relations
    C. Legal
    D. Executive management
    E. IT management

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.