CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 261:

    A security engineer has been asked to reduce the attack surface on an organization's production environment. To limit access, direct VPN access to all systems must be terminated, and users must utilize multifactor authentication to access a constrained VPN connection and then pivot to other production systems form a bastion host. The MOST appropriate way to implement the stated requirement is through the use of a:

    A. sinkhole.
    B. multitenant platform.
    C. single-tenant platform.
    D. jump box

  • Question 262:

    A company has monthly scheduled windows for patching servers and applying configuration changes. Out-of-window changes can be done, but they are discouraged unless absolutely necessary. The systems administrator is reviewing the weekly vulnerability scan report that was just released. Which of the following vulnerabilities should the administrator fix without waiting for the next scheduled change window?

    A. The administrator should fix dns (53/tcp). BIND `NAMED' is an open-source DNS server from ISC.org. The BIND-based NAMED server (or DNS servers) allow remote users to query for version and type information.
    B. The administrator should fix smtp (25/tcp). The remote SMTP server is insufficiently protected against relaying. This means spammers might be able to use the company's mail server to send their emails to the world.
    C. The administrator should fix http (80/tcp). An information leak occurs on Apache web servers with the UserDir module enabled, allowing an attacker to enumerate accounts by requesting access to home directories and monitoring the response.
    D. The administrator should fix http (80/tcp). The `greeting.cgi' script is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon.
    E. The administrator should fix general/tcp. The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall a company is using, an attacker may use this flaw to bypass its rules.

  • Question 263:

    Which of the following BEST describes the offensive participants in a tabletop exercise?

    A. Red team
    B. Blue team
    C. System administrators
    D. Security analysts
    E. Operations team

  • Question 264:

    A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

    Which of the following describes the output of this scan?

    A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.
    B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.
    C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.
    D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

  • Question 265:

    While reviewing proxy logs, the security analyst noticed a suspicious traffic pattern. Several internal hosts were observed communicating with an external IP address over port 80 constantly. An incident was declared, and an investigation was launched. After interviewing the affected users, the analyst determined the activity started right after deploying a new graphic design suite. Based on this information, which of the following actions would be the appropriate NEXT step in the investigation?

    A. Update all antivirus and anti-malware products, as well as all other host-based security software on the servers the affected users authenticate to.
    B. Perform a network scan and identify rogue devices that may be generating the observed traffic. Remove those devices from the network.
    C. Identify what the destination IP address is and who owns it, and look at running processes on the affected hosts to determine if the activity is malicious or not.
    D. Ask desktop support personnel to reimage all affected workstations and reinstall the graphic design suite. Run a virus scan to identify if any viruses are present.

  • Question 266:

    A zero-day crypto-worm is quickly spreading through the internal network on port 25 and exploiting a software vulnerability found within the email servers. Which of the following countermeasures needs to be implemented as soon as possible to mitigate the worm from continuing to spread?

    A. Implement a traffic sinkhole.
    B. Block all known port/services.
    C. Isolate impacted servers.
    D. Patch affected systems.

  • Question 267:

    When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:

    wmic /node: HRDepartment1 computersystem get username

    Which of the following combinations describes what occurred, and what action should be taken in this situation?

    A. A rogue user has queried for users logged in remotely. Disable local access to network shares.
    B. A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
    C. A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
    D. A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.

  • Question 268:

    A security analyst is preparing for the company's upcoming audit. Upon review of the company's latest vulnerability scan, the security analyst finds the following open issues:

    Which of the following vulnerabilities should be prioritized for remediation FIRST?

    A. ICMP timestamp request remote date disclosure
    B. Anonymous FTP enabled
    C. Unsupported web server detection
    D. Microsoft Windows SMB service enumeration via \srvsvc

  • Question 269:

    A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

    A. Web application firewall
    B. Network firewall
    C. Web proxy
    D. Intrusion prevention system

  • Question 270:

    Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

    A. Blue team training exercises
    B. Technical control reviews
    C. White team training exercises
    D. Operational control reviews

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.