CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 381:

    A cybersecurity analyst is reviewing the following outputs:

    Which of the following can the analyst infer from the above output?

    A. The remote host is redirecting port 80 to port 8080.
    B. The remote host is running a service on port 8080.
    C. The remote host's firewall is dropping packets for port 80.
    D. The remote host is running a web server on port 80.

  • Question 382:

    A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as "root" and browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following security architecture areas should the administrator recommend review and modification? (Select TWO).

    A. Log aggregation and analysis
    B. Software assurance
    C. Encryption
    D. Acceptable use policies
    E. Password complexity
    F. Network isolation and separation

  • Question 383:

    A security analyst at a large financial institution is evaluating the security posture of a smaller financial company. The analyst is performing the evaluation as part of a due diligence process prior to a potential acquisition. With which of the following threats should the security analyst be MOST concerned? (Choose two.)

    A. Breach of confidentiality and market risks can occur if the potential acquisition is leaked to the press.
    B. The parent company is only going through this process to identify and steal the intellectual property of the smaller company.
    C. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
    D. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
    E. The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.
    F. The company being acquired may already be compromised and this could pose a risk to the parent company's assets.

  • Question 384:

    A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outside the company's headquarters. Which of the following presents the BEST solution to meet this goal?

    A. Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources.
    B. Open port 3389 on the firewall to the server to allow users to connect remotely.
    C. Set up a jump box for all help desk personnel to remotely access system resources.
    D. Use the company's existing web server for remote access and configure over port 8080.

  • Question 385:

    A security analyst is assisting in the redesign of a network to make it more secure. The solution should be low cost, and access to the secure segments should be easily monitored, secured, and controlled. Which of the following should be implemented?

    A. System isolation
    B. Honeyport
    C. Jump box
    D. Mandatory access control

  • Question 386:

    Joe, an analyst, has received notice that a vendor who is coming in for a presentation will require access to a server outside the network. Currently, users are only able to access remote sites through a VPN connection. Which of the following should Joe use to BEST accommodate the vendor?

    A. Allow incoming IPSec traffic into the vendor's IP address.
    B. Set up a VPN account for the vendor, allowing access to the remote site.
    C. Turn off the firewall while the vendor is in the office, allowing access to the remote site.
    D. Write a firewall rule to allow the vendor to have access to the remote site.

  • Question 387:

    Which of the following commands would a security analyst use to make a copy of an image for forensics use?

    A. dd
    B. wget
    C. touch
    D. rm

  • Question 388:

    A security analyst has been asked to scan a subnet. During the scan, the following output was generated:

    Based on the output above, which of the following is MOST likely?

    A. 192.168.100.214 is a secure FTP server
    B. 192.168.100.214 is a web server
    C. Both hosts are mail servers
    D. 192.168.100.145 is a DNS server

  • Question 389:

    A cybersecurity analyst was asked to review several results of web vulnerability scan logs. Given the following snippet of code:

    Which of the following BEST describes the situation and recommendations to be made?

    A. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The code should include the domain name. Recommend the entry be updated with the domain name.
    B. The security analyst has discovered an embedded iframe that is hidden from users accessing the web page. This code is correct. This is a design preference, and no vulnerabilities are present.
    C. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The link is hidden and suspicious. Recommend the entry be removed from the web page.
    D. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. Recommend making the iframe visible. Fixing the code will correct the issue.

  • Question 390:

    A security analyst is conducting traffic analysis and observes an HTTP POST to the company's main web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?

    A. Exfiltration
    B. DoS
    C. Buffer overflow
    D. SQL injection

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.