CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 371:

    After running a packet analyzer on the network, a security analyst has noticed the following output:

    Which of the following is occurring?

    A. A ping sweep
    B. A port scan
    C. A network map
    D. A service discovery

  • Question 372:

    An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.

    Which of the following can be inferred from this activity?

    A. 10.200.2.0/24 is infected with ransomware.
    B. 10.200.2.0/24 is not routable address space.
    C. 10.200.2.5 is a rogue endpoint.
    D. 10.200.2.5 is exfiltrating data.

  • Question 373:

    A security operations team was alerted to abnormal DNS activity coming from a user's machine. The team performed a forensic investigation and discovered a host had been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecure public Internet site. Which of the following BEST describes the attack?

    A. Phishing
    B. Pharming
    C. Cache poisoning
    D. Data exfiltration

  • Question 374:

    A security analyst is making recommendations for securing access to the new forensic workstation and workspace. Which of the following security measures should the analyst recommend to protect access to forensic data?

    A. Multifactor authentication Polarized lens protection Physical workspace isolation
    B. Secure ID token Security reviews of the system at least yearly Polarized lens protection
    C. Bright lightning in all access areas Security reviews of the system at least yearly Multifactor authentication
    D. Two-factor authentication into the building Separation of duties Warning signs placed in clear view

  • Question 375:

    An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?

    A. Netflow analysis
    B. Behavioral analysis
    C. Vulnerability analysis
    D. Risk analysis

  • Question 376:

    The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:

    Which of the following describes the reason why the discovery is failing?

    A. The scanning tool lacks valid LDAP credentials.
    B. The scan is returning LDAP error code 52255a.
    C. The server running LDAP has antivirus deployed.
    D. The connection to the LDAP server is timing out.
    E. The LDAP server is configured on the wrong port.

  • Question 377:

    A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?

    A. The administrator entered the wrong IP range for the assessment.
    B. The administrator did not wait long enough after applying the patch to run the assessment.
    C. The patch did not remediate the vulnerability.
    D. The vulnerability assessment returned false positives.

  • Question 378:

    The Chief Information Security Officer (CISO) asks a security analyst to write a new SIEM search rule to determine if any credit card numbers are being written to log files. The CISO and security analyst suspect the following log snippet contains real customer card data:

    Which of the following expressions would find potential credit card numbers in a format that matches the log snippet?

    A. ^[0-9](16)$
    B. (0-9) x 16
    C. "1234-5678"
    D. "04*"

  • Question 379:

    A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings. Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

    A. Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.
    B. Incorporate prioritization levels into the remediation process and address critical findings first.
    C. Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.
    D. Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

  • Question 380:

    On which of the following organizational resources is the lack of an enabled password or PIN a common vulnerability?

    A. VDI systems
    B. Mobile devices
    C. Enterprise server Oss
    D. VPNs
    E. VoIP phones

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.