CompTIA CS0-001 CompTIA CySA+ Certification Exam Online Training
CompTIA CS0-001 Online Training
The questions for CS0-001 were last updated at Nov 07,2024.
- Exam Code: CS0-001
- Exam Name: CompTIA CySA+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 07,2024
A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs .
Which of the following threats has the security analyst uncovered?
- A . DDoS
- B . APT
- C . Ransomware
- D . Software vulnerability
Which of the following policies BEST explains the purpose of a data ownership policy?
- A . The policy should describe the roles and responsibilities between users and managers, and the management of specific data types.
- B . The policy should establish the protocol for retaining information types based on regulatory or business needs.
- C . The policy should document practices that users must adhere to in order to access data on the corporate network or Internet.
- D . The policy should outline the organization’s administration of accounts for authorized users to access the appropriate data.
Which of the following BEST describes the offensive participants in a tabletop exercise?
- A . Red team
- B . Blue team
- C . System administrators
- D . Security analysts
- E . Operations team
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users.
The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js
xerty.ini
xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices .
Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?
- A . Disable access to the company VPN.
- B . Email employees instructing them not to open the invoice attachment.
- C . Set permissions on file shares to read-only.
- D . Add the URL included in the .js file to the company’s web proxy filter.
A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible .
Which of the following is the BEST response?
- A . Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
- B . Change all devices and servers that support it to 636, as encrypted services run by default on 636.
- C . Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
- D . Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company’s sensitive financial management application by default .
Which of the following is the BEST course of action?
- A . Follow the incident response plan for the introduction of new accounts
- B . Disable the user accounts
- C . Remove the accounts’ access privileges to the sensitive application
- D . Monitor the outbound traffic from the application for signs of data exfiltration
- E . Confirm the accounts are valid and ensure role-based permissions are appropriate
An analyst has initiated an assessment of an organization’s security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally .
Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)
- A . Fingerprinting
- B . DNS query log reviews
- C . Banner grabbing
- D . Internet searches
- E . Intranet portal reviews
- F . Sourcing social network sites
- G . Technical control audits
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:
Which of the following combinations BEST describes the situation and recommendations to be made for this situation?
- A . The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
- B . The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
- C . The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
- D . The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.
A security analyst is reviewing IDS logs and notices the following entry:
Which of the following attacks is occurring?
- A . Cross-site scripting
- B . Header manipulation
- C . SQL injection
- D . XML injection
A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable .
Which of the following can be implemented to maintain the availability of the website?
- A . VPN
- B . Honeypot
- C . Whitelisting
- D . DMZ
- E . MAC filtering
Latest CS0-001 Dumps Valid Version with 455 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
