CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 251:

    A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value?

    A. Access control list network segmentation that prevents access to the SCADA devices inside the network.
    B. Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices.
    C. Implementation of a VLAN that allows all devices on the network to see all SCADA devices on the network.
    D. SCADA systems configured with `SCADA SUPPORT'=ENABLE

  • Question 252:

    Given a packet capture of the following scan:

    Which of the following should MOST likely be inferred on the scan's output?

    A. 192.168.1.115 is hosting a web server.
    B. 192.168.1.55 is hosting a web server.
    C. 192.168.1.55 is a Linux server.
    D. 192.168.1.55 is a file server.

  • Question 253:

    During a review of security controls, an analyst was able to connect to an external, unsecured FTP server from a workstation. The analyst was troubleshooting and reviewed the ACLs of the segment firewall the workstation is connected to:

    Based on the ACLs above, which of the following explains why the analyst was able to connect to the FTP server?

    A. FTP was explicitly allowed in Seq 8 of the ACL.
    B. FTP was allowed in Seq 10 of the ACL.
    C. FTP was allowed as being included in Seq 3 and Seq 4 of the ACL.
    D. FTP was allowed as being outbound from Seq 9 of the ACL.

  • Question 254:

    A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

    A. Succession planning
    B. Separation of duties
    C. Mandatory vacation
    D. Personnel training
    E. Job rotation

  • Question 255:

    Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.

    The access records are used to identify which staff members accessed the data center in the event of equipment theft.

    Which of the following MUST be prevented in order for this policy to be effective?

    A. Password reuse
    B. Phishing
    C. Social engineering
    D. Tailgating

  • Question 256:

    NOTE: Question IP must be 192.168.192.123

    During a network reconnaissance engagement, a penetration tester was given perimeter firewall ACLs to accelerate the scanning process. The penetration tester has decided to concentrate on trying to brute force log in to destination IP address 192.168.192.132 via secure shell.

    Given a source IP address of 10.10.10.30, which of the following ACLs will permit this access?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 257:

    A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default. Which of the following is the BEST course of action?

    A. Follow the incident response plan for the introduction of new accounts
    B. Disable the user accounts
    C. Remove the accounts' access privileges to the sensitive application
    D. Monitor the outbound traffic from the application for signs of data exfiltration
    E. Confirm the accounts are valid and ensure role-based permissions are appropriate

  • Question 258:

    An organization has recently found some of its sensitive information posted to a social media site. An investigation has identified large volumes of data leaving the network with the source traced back to host 192.168.1.13. An analyst performed a targeted Nmap scan of this host with the results shown below:

    Subsequent investigation has allowed the organization to conclude that all of the well-known, standard ports are secure. Which of the following services is the problem?

    A. winHelper
    B. ssh
    C. rpcbind
    D. timbuktu-serv1
    E. mysql

  • Question 259:

    A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in % TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

    A. DDoS
    B. APT
    C. Ransomware
    D. Software vulnerability

  • Question 260:

    Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?

    A. Cookie stealing
    B. Zero-day
    C. Directory traversal
    D. XML injection

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.