CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 401:

    A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

    A. Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
    B. Change all devices and servers that support it to 636, as encrypted services run by default on 636.
    C. Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
    D. Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

  • Question 402:

    A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted a tools and skill sets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?

    A. Establish continuous monitoring
    B. Update vulnerability feed
    C. Perform information classification
    D. Establish corporate policy

  • Question 403:

    After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

    A. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
    B. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
    C. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
    D. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer

  • Question 404:

    A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering the vulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerable application is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code execution to gain privileged access to the system. Which of the following is the BEST course of actions to mitigate this threat?

    A. Work with the manufacturer to determine the time frame for the fix.
    B. Block the vulnerable application traffic at the firewall and disable the application services on each computer.
    C. Remove the application and replace it with a similar non-vulnerable application.
    D. Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.

  • Question 405:

    An analyst reviews a recent report of vulnerabilities on a company's financial application server. Which of the following should the analyst rate as being of the HIGHEST importance to the company's environment?

    A. Banner grabbing
    B. Remote code execution
    C. SQL injection
    D. Use of old encryption algorithms
    E. Susceptibility to XSS

  • Question 406:

    A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap. Which of the following is the correct command to accomplish this?

    A. $ nmap –PE 192.168.1.7
    B. $ ping --PE 192.168.1.7
    C. $ nmap --traceroute 192.168.1.7
    D. $ nmap –PO 192.168.1.7

  • Question 407:

    A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the information processed by the system with respect to CIA. Which of the following should provide the CIA classification for the information?

    A. The cloud provider
    B. The data owner
    C. The cybersecurity analyst
    D. The system administrator

  • Question 408:

    Organizational policies require vulnerability remediation on severity 7 or greater within one week. Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:

    The organization has three Apache web servers:

    The results of a recent vulnerability scan are shown below:

    The team performs some investigation and finds a statement from Apache:

    Which of the following actions should the security team perform?

    A. Ignore the false positive on 192.168.1.22
    B. Remediate 192.168.1.20 within 30 days
    C. Remediate 192.168.1.22 within 30 days
    D. Investigate the false negative on 192.168.1.20

  • Question 409:

    A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

    A. Invest in and implement a solution to ensure non-repudiation
    B. Force a daily password change
    C. Send an email asking users not to share their credentials
    D. Run a report on all users sharing their credentials and alert their managers of further actions

  • Question 410:

    A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

    A. Develop a minimum security baseline while restricting the type of data that can be accessed.
    B. Implement a single computer configured with USB access and monitored by sensors.
    C. Deploy a kiosk for synchronizing while using an access list of approved users.
    D. Implement a wireless network configured for mobile device access and monitored by sensors.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.