CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 341:

    An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

    A. Honeypot
    B. Jump box
    C. Sandboxing
    D. Virtualization

  • Question 342:

    A threat intelligence analyst who works for a technology firm received this report from a vendor.

    "There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is RandD data. The data

    exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector."

    Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

    A. Polymorphic malware and secure code analysis
    B. Insider threat and indicator analysis
    C. APT and behavioral analysis
    D. Ransomware and encryption

  • Question 343:

    A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?

    A. Advanced persistent threat
    B. Buffer overflow vulnerability
    C. Zero day
    D. Botnet

  • Question 344:

    In reviewing service desk requests, management has requested that the security analyst investigate the requests submitted by the new human resources manager. The requests consist of "unlocking" files that belonged to the previous human manager. The security analyst has uncovered a tool that is used to display five-level passwords. This tool is being used by several members of the service desk to unlock files. The content of these particular files is highly sensitive information pertaining to personnel. Which of the following BEST describes this scenario?

    A. Unauthorized data exfiltration
    B. Unauthorized data masking
    C. Unauthorized access
    D. Unauthorized software
    E. Unauthorized controls

  • Question 345:

    A recent vulnerability scan found four vulnerabilities on an organization's public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?

    A. A cipher that is known to be cryptographically weak.
    B. A website using a self-signed SSL certificate.
    C. A buffer overflow that allows remote code execution.
    D. An HTTP response that reveals an internal IP address.

  • Question 346:

    A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data. Which of the following types of data incurs the highest regulatory constraints?

    A. PHI
    B. PCI
    C. PII
    D. IP

  • Question 347:

    Malicious users utilized brute force to access a system. An analyst is investigating these attacks and recommends methods to management that would help secure the system. Which of the following controls should the analyst recommend? (Choose three.)

    A. Multifactor authentication
    B. Network segmentation
    C. Single sign-on
    D. Encryption
    E. Complexity policy
    F. Biometrics
    G. Obfuscation

  • Question 348:

    A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

    A. Start the change control process.
    B. Rescan to ensure the vulnerability still exists.
    C. Implement continuous monitoring.
    D. Begin the incident response process.

  • Question 349:

    Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

    A. Perform security awareness training about incident communication.
    B. Request all employees verbally commit to an NDA about the breach.
    C. Temporarily disable employee access to social media
    D. Have law enforcement meet with employees.

  • Question 350:

    An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server's BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

    A. Anti-malware application
    B. Host-based IDS
    C. TPM data sealing
    D. File integrity monitoring

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.