CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 21:

    An analyst is examining a system that is suspected of being involved in an intrusion. The analyst uses the command `cat/etc/passwd' and receives the following partial output:

    Based on the above output, which of the following should the analyst investigate further?

    A. User `daemon' should not have a home directory of /usr/sbin
    B. User `root' should not have a home directory of /root
    C. User `news' should not have a default shell of /bin/bash
    D. User `mail' should not have a default shell of /usr/sbin/nologin

  • Question 22:

    A cybersecurity analyst is reviewing log data and sees the output below:

    Which of the following technologies MOST likely generated this log?

    A. Stateful inspection firewall
    B. Network-based intrusion detection system
    C. Web application firewall
    D. Host-based intrusion detection system

  • Question 23:

    A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior. Which of the following malware analysis approaches is this?

    A. White box testing
    B. Fuzzing
    C. Sandboxing
    D. Static code analysis

  • Question 24:

    Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:

    File access auditing is turned off.

    When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.

    All processes running appear to be legitimate processes for this user and machine.

    Network traffic spikes when the space is cleared on the laptop.

    No browser is open.

    Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

    A. Delete the temporary files, run an Nmap scan, and utilize Burp Suite.
    B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.
    C. Perform a hard power down of the laptop, take a dd image, and analyze with FTK.
    D. Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.

  • Question 25:

    A system administrator has reviewed the following output:

    Which of the following can a system administrator infer from the above output?

    A. The company email server is running a non-standard port.
    B. The company email server has been compromised.
    C. The company is running a vulnerable SSH server.
    D. The company web server has been compromised.

  • Question 26:

    HOTSPOT

    Malware is suspected on a server in the environment. The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers

    may be malware. Servers 1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which hosts this malware.

    Instructions:

    If any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the

    Next button to continue.

    Hot Area:

  • Question 27:

    A Chief Information Security Officer (CISO) wants to standardize the company's security program so it can be objectively assessed as part of an upcoming audit requested by management. Which of the following would holistically assist in this effort?

    A. ITIL
    B. NIST
    C. Scrum
    D. AUP
    E. Nessus

  • Question 28:

    Which of the following systems or services is MOST likely to exhibit issues stemming from the Heartbleed vulnerability (Choose two.)

    A. SSH daemons
    B. Web servers
    C. Modbus devices
    D. TLS VPN services
    E. IPSec VPN concentrators
    F. SMB service

  • Question 29:

    In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:

    The organization's servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

    A. Malicious process
    B. Unauthorized change
    C. Data exfiltration
    D. Unauthorized access

  • Question 30:

    While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:

    A. organizational control.
    B. service-level agreement.
    C. rules of engagement.
    D. risk appetite

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.