CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 291:

    A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user's account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

    A. The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.
    B. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
    C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.
    D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

  • Question 292:

    A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?

    A. Attackers are running reconnaissance on company resources.
    B. An outside command and control system is attempting to reach an infected system.
    C. An insider is trying to exfiltrate information to a remote network.
    D. Malware is running on a company system.

  • Question 293:

    A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

    A. Access control policy
    B. Account management policy
    C. Password policy
    D. Data ownership policy

  • Question 294:

    Which of the following is MOST effective for correlation analysis by log for threat management?

    A. PCAP
    B. SCAP
    C. IPS
    D. SIEM

  • Question 295:

    The Chief Information Security Officer (CISO) has asked the security analyst to examine abnormally high processor utilization on a key server. The output below is from the company's research and development (RandD) server.

    Which of the following actions should the security analyst take FIRST?

    A. Initiate an investigation
    B. Isolate the RandD server
    C. Reimage the server
    D. Determine availability

  • Question 296:

    An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

    A. Drive adapters
    B. Chain of custody form
    C. Write blockers
    D. Crime tape
    E. Hashing utilities
    F. Drive imager

  • Question 297:

    During the forensic a phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. The attacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potential remediation?

    A. Session hijacking; network intrusion detection sensors
    B. Cross-site scripting; increased encryption key sizes
    C. Man-in-the-middle; well-controlled storage of private keys
    D. Rootkit; controlled storage of public keys

  • Question 298:

    A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of the following would be the BEST course of action for the analyst to take?

    A. Investigate a potential incident.
    B. Verify user permissions.
    C. Run a vulnerability scan.
    D. Verify SLA with cloud provider.

  • Question 299:

    A Chief Executive Officer (CEO) wants to implement BYOD in the environment. Which of the following options should the security analyst suggest to protect corporate data on these devices? (Choose two.)

    A. Disable VPN connectivity on the device.
    B. Disable Bluetooth on the device.
    C. Disable near-field communication on the device.
    D. Enable MDM/MAM capabilities.
    E. Enable email services on the device.
    F. Enable encryption on all devices.

  • Question 300:

    A corporation has implemented an 802.1X wireless network using self-signed certificates. Which of the following represents a risk to wireless users?

    A. Buffer overflow attacks
    B. Cross-site scripting attacks
    C. Man-in-the-middle attacks
    D. Denial of service attacks

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.