CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 351:

    Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization's workstation devices?

    A. Remove local administrator privileges.
    B. Configure a BIOS-level password on the device.
    C. Install a secondary virus protection application.
    D. Enforce a system state recovery after each device reboot.

  • Question 352:

    In order to the leverage the power of data correlation with Nessus, a cybersecurity analyst must first be able to create a table for the scan results. Given the following snippet of code:

    Which of the following output items would be correct?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 353:

    A vulnerability scan has returned the following information:

    Which of the following describes the meaning of these results?

    A. There is an unknown bug in a Lotus server with no Bugtraq ID.
    B. Connecting to the host using a null session allows enumeration of share names.
    C. Trend Micro has a known exploit that must be resolved or patched.
    D. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

  • Question 354:

    Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet. Which of the following would BEST provide this solution?

    A. File fingerprinting
    B. Decomposition of malware
    C. Risk evaluation
    D. Sandboxing

  • Question 355:

    A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company's asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

    A. A manual log review from data sent to syslog
    B. An OS fingerprinting scan across all hosts
    C. A packet capture of data traversing the server network
    D. A service discovery scan on the network

  • Question 356:

    A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

    A. Malware has infected the workstation and is beaconing out to the specific IP address of the file server.
    B. The file server is attempting to transfer malware to the workstation via SMB.
    C. An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.
    D. An attacker has gained control of the workstation and is port scanning the network.

  • Question 357:

    An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web server that had not been used in over a year and was not regularly patched. After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing. They want to start the process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?

    A. Ping
    B. Nmap
    C. Netstat
    D. ifconfig
    E. Wireshark
    F. L0phtCrack

  • Question 358:

    A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensic lab. Which of the following items would be MOST helpful to secure the PC? (Choose three.)

    A. Tamper-proof seals
    B. Faraday cage
    C. Chain of custody form
    D. Drive eraser
    E. Write blockers
    F. Network tap
    G. Multimeter

  • Question 359:

    Which of the allowing is a best practice with regard to interacting with the media during an incident?

    A. Allow any senior management level personnel with knowledge of the incident to discuss it.
    B. Designate a single port of contact and at least one backup for contact with the media.
    C. Stipulate that incidents are not to be discussed with the media at any time during the incident.
    D. Release financial information on the impact of damages caused by the incident.

  • Question 360:

    Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Choose two.)

    A. COBIT
    B. NIST
    C. ISO 27000 series
    D. ITIL
    E. COSO

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.