Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Note! The CS0-001 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the CS0-002 Exam.

CS0-001 CompTIA CySA+ Certification Exam Questions and Answers

Questions 4

An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.

Which of the following is MOST likely to be a false positive?

Options:

A.

OpenSSH/OpenSSL Package Random Number Generator Weakness

B.

Apache HTTP Server Byte Range DoS

C.

GDI+ Remote Code Execution Vulnerability (MS08-052)

D.

HTTP TRACE / TRACK Methods Allowed (002-1208)

E.

SSL Certificate Expiry

Buy Now
Questions 5

An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:

CS0-001 Question 5

Which of the following commands would have generated the output above?

Options:

A.

–nmap –sV 192.168.1.13 –p 80

B.

–nmap –sP 192.168.1.0/24 –p ALL

C.

–nmap –sV 192.168.1.1 –p 80

D.

–nmap –sP 192.168.1.13 –p ALL

Buy Now
Questions 6

A logistics company’s vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:

  • SQL injection on an infrequently used web server that provides files to vendors
  • SSL/TLS not used for a website that contains promotional information

The scan also shows the following vulnerabilities on internal resources:

  • Microsoft Office Remote Code Execution on test server for a human resources system
  • TLS downgrade vulnerability on a server in a development network

In order of risk, which of the following should be patched FIRST?

Options:

A.

Microsoft Office Remote Code Execution

B.

SQL injection

C.

SSL/TLS not used

D.

TLS downgrade

Buy Now
Questions 7

Company A’s security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

CS0-001 Question 7

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

Options:

A.

Change PermitRootLogin no to #PermitRootLogin yes

B.

Change ChallengeResponseAuthentication yes to ChallangeResponseAuthentication no

C.

Change PubkeyAuthentication yes to #PubkeyAuthentication yes

D.

Change #AuthorizedKeysFile sh/.ssh/authorized_keys to AuthorizedKeysFile sh/.ssh/authorized_keys

E.

Change PassworAuthentication yes to PasswordAuthentication no

Buy Now
Questions 8

An organization recently had its strategy posted to a social media website. The document posted to the website is an exact copy of a document stored on only one server in the organization. A security analyst sees the following output from a command-line entry on the server suspected of the problem:

CS0-001 Question 8

Which of the following would be the BEST course of action?

Options:

A.

Remove the malware associated with PID 773

B.

Monitor all the established TCP connections for data exfiltration

C.

Investigate the malware associated with PID 123

D.

Block all TCP connections at the firewall

E.

Figure out which of the Firefox processes is the malware

Buy Now
Questions 9

A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with which the security analyst should comply?

Options:

A.

Security operations privacy law

B.

Export restrictions

C.

Non-disclosure agreements

D.

Incident response forms

Buy Now
Questions 10

A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

Options:

A.

Review the firewall logs.

B.

Review syslogs from critical servers.

C.

Perform fuzzing.

D.

Install a WAF in front of the application server.

Buy Now
Questions 11

Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select TWO)

Options:

A.

Root cause analysis of the incident and the impact it had on the organization

B.

Outline of the detailed reverse engineering steps for management to review

C.

Performance data from the impacted servers and endpoints to report to management

D.

Enhancements to the policies and practices that will improve business responses

E.

List of IP addresses, applications, and assets

Buy Now
Questions 12

A security analyst is making recommendations for securing access to the new forensic workstation and workspace. Which of the following security measures should the analyst recommend to protect access to forensic data?

Options:

A.

Multifactor authenticationPolarized lens protectionPhysical workspace isolation

B.

Secure ID tokenSecurity reviews of the system at least yearlyPolarized lens protection

C.

Bright lightning in all access areasSecurity reviews of the system at least yearlyMultifactor authentication

D.

Two-factor authentication into the buildingSeparation of dutiesWarning signs placed in clear view

Buy Now
Questions 13

A company installed a wireless network more than a year ago, standardizing on the same model APs in a single subnet. Recently, several users have reported timeouts and connection issues with Internet browsing. The security administrator has gathered some information about the network to try to recreate the issues with the assistance of a user. The administrator is able to ping every device on the network and confirms that the network is very slow.

CS0-001 Question 13

Output:

CS0-001 Question 13

Given the above results, which of the following should the administrator investigate FIRST?

Options:

A.

The AP-Workshop device

B.

The AP-Reception device

C.

The device at 192.168.1.4

D.

The AP-IT device

E.

The user’s PC

Buy Now
Questions 14

A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used to BEST protect the network in response to this alert? (Choose two.)

Options:

A.

Set up a sinkhole for that dynamic DNS domain to prevent communication.

B.

Isolate the infected endpoint to prevent the potential spread of malicious activity.

C.

Implement an internal honeypot to catch the malicious traffic and trace it.

D.

Perform a risk assessment and implement compensating controls.

E.

Ensure the IDS is active on the network segment where the endpoint resides.

Buy Now
Questions 15

A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

Options:

A.

Client-side whitelisting

B.

Server-side whitelisting

C.

Server-side blacklisting

D.

Client-side blacklisting

Buy Now
Questions 16

A threat intelligence analyst who is working on the SOC floor has been forwarded an email that was sent to one of the executives in business development. The executive mentions the email was from the Chief Executive Officer (CEO), who was requesting an emergency wire transfer. This request was unprecedented. Which of the following threats MOST accurately aligns with this behavior?

Options:

A.

Phishing

B.

Whaling

C.

Spam

D.

Ransomware

Buy Now
Questions 17

A company has a large number of users who need to access corporate resources or networks from various locations. Many users have VPN access to the network, as well as wireless internet access from BYOD approved systems tablets and smartphones. The users can also access corporate resources from an internal-facing web portal now ever all of these services require a separate set of credentials. Which of the following should the cybersecurity analyst recommend to aggregate and audit on logins while allowing the corporate directory services credentials to be shared across all of the services?

Options:

A.

SAML

B.

Kerberos

C.

SSO

D.

RADIUS

Buy Now
Questions 18

An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host 192.168.1.13 is shown below:

CS0-001 Question 18

Which of the following statements is true?

Options:

A.

Running SSH on the Telnet port will now be sent across an unencrypted port.

B.

Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability

C.

Running SSH on port 23 provides little additional security from running it on the standard port.

D.

Remote SSH connections will automatically default to the standard SSH port.

E.

The use of OpenSSH on its default secure port will supersede any other remote connection attempts.

Buy Now
Questions 19

A security administrator recently deployed a virtual honeynet. The honeynet is not protected by the company’s firewall, while all production networks are protected by a stateful firewall. Which of the following would BEST allow an external penetration tester to determine which one is the honeynet’s network?

Options:

A.

Banner grab

B.

Packet analyzer

C.

Fuzzer

D.

TCP ACK scan

Buy Now
Questions 20

An audii has revealed that the database administrator also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?

Options:

A.

Time-of-day restriction

B.

Separation of duties

C.

Principle of least privilege

D.

Role-based access control

Buy Now
Questions 21

A cyber-incident response team is responding to a network intrusion incident on a hospital network. Which of the following must the team prepare to allow the data to be used in court as evidence?

Options:

A.

Computer forensics form

B.

HIPAA response form

C.

Chain of custody form

D.

Incident form

Buy Now
Questions 22

A system analyst receives multiple alerts from the systems, reporting they cannot access the Internet. After tracking down the problem to the UTM IP address 120.136.1.1. the analyst notices the Issues occurred with the latest threat feed, which updated the UTM blocklist:

CS0-001 Question 22

Reviewing the above blocklist, which of the following Is the MOST likely reason for the unwanted behavior on the UTM?

Options:

A.

The threat feed contained a mistyped subnet mask In the list, causing the UTM to block Its own Internal traffic processing.

B.

The network's public IP was entered as part of the external threat feed, causing the UTM to block only external-bound traffic.

C.

The network's private internal address range was included in the feed, blocking internal traffic from leaving the network.

D.

The threat feed contained the IANA range reserved for experimental IP addresses, which the UTM was unable to process, causing Inbound and outbound traffic stoppage.

Buy Now
Questions 23

A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

Options:

A.

Invest in and implement a solution to ensure non-repudiation

B.

Force a daily password change

C.

Send an email asking users not to share their credentials

D.

Run a report on all users sharing their credentials and alert their managers of further actions

Buy Now
Questions 24

A cybersecurity analyst is reviewing log data and sees the output below:

CS0-001 Question 24

Which of the following technologies MOST likely generated this log?

Options:

A.

Stateful inspection firewall

B.

Network-based intrusion detection system

C.

Web application firewall

D.

Host-based intrusion detection system

Buy Now
Questions 25

A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor’s laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

Options:

A.

Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.

B.

Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.

C.

Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.

D.

Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.

E.

Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.

Buy Now
Questions 26

A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particular network segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorized access? (Choose two.)

Options:

A.

DLP system

B.

Honeypot

C.

Jump box

D.

IPS

E.

Firewall

Buy Now
Questions 27

An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

Options:

A.

CVSS

B.

SLA

C.

ITIL

D.

OpenVAS

E.

Qualys

Buy Now
Questions 28

An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali’s latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?

Options:

A.

Impersonation

B.

Privilege escalation

C.

Directory traversal

D.

Input injection

Buy Now
Questions 29

During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?

Options:

A.

Categorize

B.

Select

C.

Implement

D.

Access

Buy Now
Questions 30

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.

Which of the following represents a FINAL step in the eradication of the malware?

Options:

A.

The workstations should be isolated from the network.

B.

The workstations should be donated for reuse.

C.

The workstations should be reimaged.

D.

The workstations should be patched and scanned.

Buy Now
Questions 31

A threat intelligence analyst who works for a financial services firm received this report:

“There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called “LockMaster” by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector.”

The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).

Options:

A.

Advise the firewall engineer to implement a block on the domain

B.

Visit the domain and begin a threat assessment

C.

Produce a threat intelligence message to be disseminated to the company

D.

Advise the security architects to enable full-disk encryption to protect the MBR

E.

Advise the security analysts to add an alert in the SIEM on the string “LockMaster”

F.

Format the MBR as a precaution

Buy Now
Questions 32

A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a small number of IP addresses.

Which of the following would be the BEST action to take to support incident response?

Options:

A.

Increase the company’s bandwidth.

B.

Apply ingress filters at the routers.

C.

Install a packet capturing tool.

D.

Block all SYN packets.

Buy Now
Questions 33

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

Options:

A.

Drive adapters

B.

Chain of custody form

C.

Write blockers

D.

Crime tape

E.

Hashing utilities

F.

Drive imager

Buy Now
Questions 34

Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:

tftp –I 10.1.1.1 GET fourthquarterreport.xls

Which of the following is the BEST course of action?

Options:

A.

Continue to monitor the situation using tools to scan for known exploits.

B.

Implement an ACL on the perimeter firewall to prevent data exfiltration.

C.

Follow the incident response procedure associate with the loss of business critical data.

D.

Determine if any credit card information is contained on the server containing the financials.

Buy Now
Questions 35

A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.

Which of the following BEST describes the control being implemented?

Options:

A.

Audit remediation

B.

Defense in depth

C.

Access control

D.

Multifactor authentication

Buy Now
Questions 36

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

Options:

A.

Mobile devices

B.

All endpoints

C.

VPNs

D.

Network infrastructure

E.

Wired SCADA devices

Buy Now
Questions 37

Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated “Critical”.

The administrator observed the following about the three servers:

  • The servers are not accessible by the Internet
  • AV programs indicate the servers have had malware as recently as two weeks ago
  • The SIEM shows unusual traffic in the last 20 days
  • Integrity validation of system files indicates unauthorized modifications

Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).

Options:

A.

Servers may have been built inconsistently

B.

Servers may be generating false positives via the SIEM

C.

Servers may have been tampered with

D.

Activate the incident response plan

E.

Immediately rebuild servers from known good configurations

F.

Schedule recurring vulnerability scans on the servers

Buy Now
Questions 38

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

Options:

A.

OSSIM

B.

SDLC

C.

SANS

D.

ISO

Buy Now
Questions 39

During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

Options:

A.

Static code analysis

B.

Peer review code

C.

Input validation

D.

Application fuzzing

Buy Now
Questions 40

Which of the following has the GREATEST impact to the data retention policies of an organization?

Options:

A.

The CIA classification matrix assigned to each piece of data

B.

The level of sensitivity of the data established by the data owner

C.

The regulatory requirements concerning the data set

D.

The technical constraints of the technology used to store the data

Buy Now
Questions 41

Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?

Options:

A.

Endpoints

B.

VPN concentrators

C.

Virtual hosts

D.

SIEM

E.

Layer 2 switches

Buy Now
Questions 42

The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:

CS0-001 Question 42

Which of the following describes the reason why the discovery is failing?

Options:

A.

The scanning tool lacks valid LDAP credentials.

B.

The scan is returning LDAP error code 52255a.

C.

The server running LDAP has antivirus deployed.

D.

The connection to the LDAP server is timing out.

E.

The LDAP server is configured on the wrong port.

Buy Now
Questions 43

When reviewing network traffic, a security analyst detects suspicious activity:

CS0-001 Question 43

Based on the log above, which of the following vulnerability attacks is occurring?

Options:

A.

ShellShock

B.

DROWN

C.

Zeus

D.

Heartbleed

E.

POODLE

Buy Now
Questions 44

A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?

Options:

A.

Reserved MACs

B.

Host IPs

C.

DNS routing tables

D.

Gateway settings

Buy Now
Questions 45

A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and the internal perimeter of the environment. During which of the following processes is this type of information normally gathered?

Options:

A.

Timing

B.

Scoping

C.

Authorization

D.

Enumeration

Buy Now
Questions 46

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

Options:

A.

Develop a minimum security baseline while restricting the type of data that can be accessed.

B.

Implement a single computer configured with USB access and monitored by sensors.

C.

Deploy a kiosk for synchronizing while using an access list of approved users.

D.

Implement a wireless network configured for mobile device access and monitored by sensors.

Buy Now
Questions 47

A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

CS0-001 Question 47

Which of the following actions should be taken to remediate this security issue?

Options:

A.

Set “Allowlatescanning” to 1 in the URLScan.ini configuration file.

B.

Set “Removeserverheader” to 1 in the URLScan.ini configuration file.

C.

Set “Enablelogging” to 0 in the URLScan.ini configuration file.

D.

Set “Perprocesslogging” to 1 in the URLScan.ini configuration file.

Buy Now
Questions 48

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

Options:

A.

Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.

B.

Change all devices and servers that support it to 636, as encrypted services run by default on 636.

C.

Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

D.

Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

Buy Now
Questions 49

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

Options:

A.

To schedule personnel resources required for test activities

B.

To determine frequency of team communication and reporting

C.

To mitigate unintended impacts to operations

D.

To avoid conflicts with real intrusions that may occur

E.

To ensure tests have measurable impact to operations

Buy Now
Questions 50

An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server’s BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

Options:

A.

Anti-malware application

B.

Host-based IDS

C.

TPM data sealing

D.

File integrity monitoring

Buy Now
Questions 51

A security professional is analyzing the results of a network utilization report. The report includes the following information:

CS0-001 Question 51

Which of the following servers needs further investigation?

Options:

A.

hr.dbprod.01

B.

R&D.file.srvr.01

C.

mrktg.file.srvr.02

D.

web.srvr.03

Buy Now
Questions 52

You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.

Instructions:

The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

CS0-001 Question 52

CS0-001 Question 52

Options:

Buy Now
Questions 53

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

Options:

A.

Zero-day attack

B.

Known malware attack

C.

Session hijack

D.

Cookie stealing

Buy Now
Questions 54

File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:

chmod 777 –Rv /usr

Which of the following may be occurring?

Options:

A.

The ownership pf /usr has been changed to the current user.

B.

Administrative functions have been locked from users.

C.

Administrative commands have been made world readable/writable.

D.

The ownership of/usr has been changed to the root user.

Buy Now
Questions 55

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company’s asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

Options:

A.

A manual log review from data sent to syslog

B.

An OS fingerprinting scan across all hosts

C.

A packet capture of data traversing the server network

D.

A service discovery scan on the network

Buy Now
Questions 56

A vulnerability scan has returned the following information:

CS0-001 Question 56

Which of the following describes the meaning of these results?

Options:

A.

There is an unknown bug in a Lotus server with no Bugtraq ID.

B.

Connecting to the host using a null session allows enumeration of share names.

C.

Trend Micro has a known exploit that must be resolved or patched.

D.

No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

Buy Now
Questions 57

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.

The security administrator notices that the new application uses a port typically monopolized by a virus.

The security administrator denies the request and suggests a new port or service be used to complete the application’s task.

Which of the following is the security administrator practicing in this example?

Options:

A.

Explicit deny

B.

Port security

C.

Access control lists

D.

Implicit deny

Buy Now
Questions 58

After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company’s computer.

CS0-001 Question 58

Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

Options:

A.

DENY TCP ANY HOST 10.38.219.20 EQ 3389

B.

DENY IP HOST 10.38.219.20 ANY EQ 25

C.

DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389

D.

DENY TCP ANY HOST 192.168.1.10 EQ 25

Buy Now
Questions 59

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

Options:

A.

Fuzzing

B.

Behavior modeling

C.

Static code analysis

D.

Prototyping phase

E.

Requirements phase

F.

Planning phase

Buy Now
Questions 60

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

Options:

A.

Start the change control process.

B.

Rescan to ensure the vulnerability still exists.

C.

Implement continuous monitoring.

D.

Begin the incident response process.

Buy Now
Questions 61

When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?

Options:

A.

Bluejacking

B.

ARP cache poisoning

C.

Phishing

D.

DoS

Buy Now
Questions 62

During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident’s impact assessment?

Options:

A.

PII of company employees and customers was exfiltrated.

B.

Raw financial information about the company was accessed.

C.

Forensic review of the server required fall-back on a less efficient service.

D.

IP addresses and other network-related configurations were exfiltrated.

E.

The local root password for the affected server was compromised.

Buy Now
Questions 63

Organizational policies require vulnerability remediation on severity 7 or greater within one week. Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:

The organization has three Apache web servers:

CS0-001 Question 63

The results of a recent vulnerability scan are shown below:

CS0-001 Question 63

The team performs some investigation and finds a statement from Apache:

CS0-001 Question 63

Which of the following actions should the security team perform?

Options:

A.

Ignore the false positive on 192.168.1.22

B.

Remediate 192.168.1.20 within 30 days

C.

Remediate 192.168.1.22 within 30 days

D.

Investigate the false negative on 192.168.1.20

Buy Now
Questions 64

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.

During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.

Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

Options:

A.

Transitive access

B.

Spoofing

C.

Man-in-the-middle

D.

Replay

Buy Now
Questions 65

A reverse engineer was analyzing malware found on a retailer’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?

Options:

A.

POS malware

B.

Rootkit

C.

Key logger

D.

Ransomware

Buy Now
Questions 66

A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?

Options:

A.

Draft a new MOU to include response incentive fees.

B.

Reengineer the BPA to meet the organization’s needs.

C.

Modify the SLA to support organizational requirements.

D.

Implement an MOA to improve vendor responsiveness.

Buy Now
Questions 67

While reviewing web server logs, a security analyst notices the following code:

CS0-001 Question 67

Which of the following would prevent this code from performing malicious actions?

Options:

A.

Performing web application penetration testing

B.

Requiring the application to use input validation

C.

Disabling the use of HTTP and requiring the use of HTTPS

D.

Installing a network firewall in front of the application

Buy Now
Exam Code: CS0-001
Exam Name: CompTIA CySA+ Certification Exam
Last Update: Nov 27, 2023
Questions: 455
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Dec 2024