CompTIA CS0-001 CompTIA CySA+ Certification Exam Online Training
CompTIA CS0-001 Online Training
The questions for CS0-001 were last updated at Nov 10,2024.
- Exam Code: CS0-001
- Exam Name: CompTIA CySA+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 10,2024
A security analyst received a compromised workstation. The workstation’s hard drive may contain evidence of criminal activities .
Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?
- A . Make a copy of the hard drive.
- B . Use write blockers.
- C . Run rm CR command to create a hash.
- D . Install it on a different machine and explore the content.
When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?
- A . Bluejacking
- B . ARP cache poisoning
- C . Phishing
- D . DoS
A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords .
Which of the following should the analyst implement?
- A . Self-service password reset
- B . Single sign-on
- C . Context-based authentication
- D . Password complexity
After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company’s computer.
Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?
- A . DENY TCP ANY HOST 10.38.219.20 EQ 3389
- B . DENY IP HOST 10.38.219.20 ANY EQ 25
- C . DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389
- D . DENY TCP ANY HOST 192.168.1.10 EQ 25
An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities .
Which of the following would be an indicator of a likely false positive?
- A . Reports show the scanner compliance plug-in is out-of-date.
- B . Any items labeled ‘low’ are considered informational only.
- C . The scan result version is different from the automated asset inventory.
- D . ‘HTTPS’ entries indicate the web page is encrypted securely.
A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded .
Which of the following should the security analyst recommend to add additional security to this device?
- A . The security analyst should recommend this device be placed behind a WAF.
- B . The security analyst should recommend an IDS be placed on the network segment.
- C . The security analyst should recommend this device regularly export the web logs to a SIEM system.
- D . The security analyst should recommend this device be included in regular vulnerability scans.
An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions .
Which of the following technologies meet the compatibility requirement? (Select three.)
- A . 3DES
- B . AES
- C . IDEA
- D . PKCS
- E . PGP
- F . SSL/TLS
- G . TEMPEST
In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues .
Which of the following is the BEST way to proceed?
- A . Attempt to identify all false positives and exceptions, and then resolve all remaining items.
- B . Hold off on additional scanning until the current list of vulnerabilities have been resolved.
- C . Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
- D . Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.
A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices .
Which of the following is MOST likely to be incorporated in the AUP?
- A . Sponsored guest passwords must be at least ten characters in length and contain a symbol.
- B . The corporate network should have a wireless infrastructure that uses open authentication standards.
- C . Guests using the wireless network should provide valid identification when registering their wireless devices.
- D . The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.
A security analyst has created an image of a drive from an incident .
Which of the following describes what the analyst should do NEXT?
- A . The analyst should create a backup of the drive and then hash the drive.
- B . The analyst should begin analyzing the image and begin to report findings.
- C . The analyst should create a hash of the image and compare it to the original drive’s hash.
- D . The analyst should create a chain of custody document and notify stakeholders.
Latest CS0-001 Dumps Valid Version with 455 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
