CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 51:

    The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) was contacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporation's quarterly tax returns. Which of the following types of testing would help prevent this from reoccurring?

    A. Security regression testing
    B. User acceptance testing
    C. Input validation testing
    D. Static code testing

  • Question 52:

    A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

    A. APT
    B. DDoS
    C. Zero day
    D. False positive

  • Question 53:

    A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?

    A. Quarterly
    B. Yearly
    C. Bi-annually
    D. Monthly

  • Question 54:

    A company's IDP/DLP solution triggered the following alerts:

    Which of the following alerts should a security analyst investigate FIRST?

    A. A
    B. B
    C. C
    D. D
    E. E

  • Question 55:

    A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs. Given the following snippet of code:

    Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

    A. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
    B. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
    C. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
    D. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.

  • Question 56:

    During a routine review of firewall logs, an analyst identified that an IP address from the organization's server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident's impact assessment?

    A. PII of company employees and customers was exfiltrated.
    B. Raw financial information about the company was accessed.
    C. Forensic review of the server required fall-back on a less efficient service.
    D. IP addresses and other network-related configurations were exfiltrated.
    E. The local root password for the affected server was compromised.

  • Question 57:

    A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of the following is the MOST important security control for the manager to invest in to protect the facility?

    A. Run a penetration test on the installed agent.
    B. Require that the solution provider make the agent source code available for analysis.
    C. Require through guides for administrator and users.
    D. Install the agent for a week on a test system and monitor the activities.

  • Question 58:

    A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

    A. The analyst is red team. The employee is blue team. The manager is white team.
    B. The analyst is white team. The employee is red team. The manager is blue team.
    C. The analyst is red team. The employee is white team. The manager is blue team.
    D. The analyst is blue team. The employee is red team. The manager is white team.

  • Question 59:

    A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Which of the following will reduce the number of false negatives?

    A. Increase scan frequency.
    B. Perform credentialed scans.
    C. Update the security incident response plan.
    D. Reconfigure scanner to brute force mechanisms.

  • Question 60:

    A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

    A. jailbreaking.
    B. cracking.
    C. hashing.
    D. fuzzing.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.