CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 311:

    An organization has been conducting penetration testing to identify possible network vulnerabilities. One of the security policies states that web servers and database servers must not be co-located on the same server unless one of them runs on a non-standard. The penetration tester has received the following outputs from the latest set of scans:

    Which of the following servers is out of compliance?

    A. finServer
    B. adminServer
    C. orgServer
    D. opsServer

  • Question 312:

    An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability management process?

    A. Create a third environment between development and production that mirrors production and tests all changes before deployment to the users
    B. Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production
    C. Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment
    D. Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities

  • Question 313:

    A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim's browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company's website?

    A. Logic bomb
    B. Rootkit
    C. Privilege escalation
    D. Cross-site scripting

  • Question 314:

    A security analyst performed a review of an organization's software development life cycle. The analyst reports that the life cycle does not contain in a phase in which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

    A. Architectural evaluation
    B. Waterfall
    C. Whitebox testing
    D. Peer review

  • Question 315:

    Which of the following organizations would have to remediate embedded controller vulnerabilities?

    A. Banking institutions
    B. Public universities
    C. Regulatory agencies
    D. Hydroelectric facilities

  • Question 316:

    The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

    A. Peer code reviews
    B. Regression testing
    C. User acceptance testing
    D. Fuzzing
    E. Static code analysis

  • Question 317:

    SIMULATION

    The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.

    If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean.

    If the vulnerability is valid, the analyst must remediate the finding.

    After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

    Instructions

    STEP 1: Review the information provided in the network diagram.

    STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability.

    If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

    Correct Answer. Check the answer in explanation.

  • Question 318:

    A web developer wants to create a new web part within the company website that aggregates sales from individual team sites. A cybersecurity analyst wants to ensure security measurements are implemented during this process. Which of the following remediation actions should the analyst take to implement a vulnerability management process?

    A. Personnel training
    B. Vulnerability scan
    C. Change management
    D. Sandboxing

  • Question 319:

    A malicious user is reviewing the following output:

    root:~#ping 192.168.1.137 64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms 64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms root: ~#

    Based on the above output, which of the following is the device between the malicious user and the target?

    A. Proxy
    B. Access point
    C. Switch
    D. Hub

  • Question 320:

    A security analyst determines that several workstations are reporting traffic usage on port 3389. All workstations are running the latest OS patches according to patch reporting. The help desk manager reports some users are getting logged off of their workstations, and network access is running slower than normal. The analyst believes a zero-day threat has allowed remote attackers to gain access to the workstations. Which of the following are the BEST steps to stop the threat without impacting all services? (Choose two.)

    A. Change the public NAT IP address since APTs are common.
    B. Configure a group policy to disable RDP access.
    C. Disconnect public Internet access and review the logs on the workstations.
    D. Enforce a password change for users on the network.
    E. Reapply the latest OS patches to workstations.
    F. Route internal traffic through a proxy server.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.