CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 391:

    During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter:

    The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

    A. Patch and restart the unknown service.
    B. Segment and firewall the controller's network.
    C. Disable the unidentified service on the controller.
    D. Implement SNMPv3 to secure communication.
    E. Disable TCP/UDP ports 161 through 163.

  • Question 392:

    A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate web server. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the web server. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BEST describes the type of threat being used?

    A. APT
    B. Zero-day attack
    C. Man-in-the-middle attack
    D. XSS

  • Question 393:

    A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with which the security analyst should comply?

    A. Security operations privacy law
    B. Export restrictions
    C. Non-disclosure agreements
    D. Incident response forms

  • Question 394:

    A company's computer was recently infected with ransomware. After encrypting all documents, the malware logs a random AES-128 encryption key and associated unique identifier onto a compromised remote website. A ransomware code snippet is shown below:

    Based on the information from the code snippet, which of the following is the BEST way for a cybersecurity professional to monitor for the same malware in the future?

    A. Configure the company proxy server to deny connections to www.malwaresite.com.
    B. Reconfigure the enterprise antivirus to push more frequent to the clients.
    C. Write an ACL to block the IP address of www.malwaresite.com at the gateway firewall.
    D. Use an IDS custom signature to create an alert for connections to www.malwaresite.com.

  • Question 395:

    The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?

    A. Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
    B. Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
    C. Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.
    D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

  • Question 396:

    Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization's application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?

    A. Newly discovered PII on a server
    B. A vendor releases a critical patch update
    C. A critical bug fix in the organization's application
    D. False positives identified in production

  • Question 397:

    An employee at an insurance company is processing claims that include patient addresses, clinic visits, diagnosis information, and prescription. While forwarding documentation to the supervisor, the employee accidentally sends the data to a personal email address outside of the company due to a typo. Which of the following types of data has been compromised?

    A. PCI
    B. Proprietary information
    C. Intellectual property
    D. PHI

  • Question 398:

    A list of vulnerabilities has been reported in a company's most recent scan of a server. The security analyst must review the vulnerabilities and decide which ones should be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the following vulnerabilities should the analyst remediate FIRST?

    A. The analyst should remediate https (443/tcp) first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linux w/ mod_fastcgi.
    B. The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain a shell on this host or disable this server.
    C. The analyst should remediate imaps (993/tcp) first. The SSLv2 suite offers five strong ciphers and two weak "export class" ciphers.
    D. The analyst should remediate ftp (21/tcp) first. An outdated version of FTP is running on this port. If it is not in use, it should be disabled.

  • Question 399:

    After implementing and running an automated patching tool, a security administrator ran a vulnerability scan that reported no missing patches found. Which of the following BEST describes why this tool was used?

    A. To create a chain of evidence to demonstrate when the servers were patched.
    B. To harden the servers against new attacks.
    C. To provide validation that the remediation was active.
    D. To generate log data for unreleased patches.

  • Question 400:

    Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

    A. ACL
    B. SIEM
    C. MAC
    D. NAC
    E. SAML

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.