CompTIA CS0-001 CompTIA CySA+ Certification Exam Online Training
CompTIA CS0-001 Online Training
The questions for CS0-001 were last updated at Nov 11,2024.
- Exam Code: CS0-001
- Exam Name: CompTIA CySA+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 11,2024
An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server’s BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?
- A . Anti-malware application
- B . Host-based IDS
- C . TPM data sealing
- D . File integrity monitoring
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port .
Which of the following should the analyst use?
- A . Wireshark
- B . Qualys
- C . netstat
- D . nmap
- E . ping
During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review .
Which of the following is MOST likely to drive up the incident’s impact assessment?
- A . PII of company employees and customers was exfiltrated.
- B . Raw financial information about the company was accessed.
- C . Forensic review of the server required fall-back on a less efficient service.
- D . IP addresses and other network-related configurations were exfiltrated.
- E . The local root password for the affected server was compromised.
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains .
Which of the following actions is the BEST approach for the analyst to perform?
- A . Use the IP addresses to search through the event logs.
- B . Analyze the trends of the events while manually reviewing to see if any of the indicators match.
- C . Create an advanced query that includes all of the indicators, and review any of the matches.
- D . Scan for vulnerabilities with exploits known to have been used by an APT.
After completing a vulnerability scan, the following output was noted:
Which of the following vulnerabilities has been identified?
- A . PKI transfer vulnerability.
- B . Active Directory encryption vulnerability.
- C . Web application cryptography vulnerability.
- D . VPN tunnel vulnerability.
A software patch has been released to remove vulnerabilities from company’s software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly .
Which of the following tests should be performed NEXT?
- A . Fuzzing
- B . User acceptance testing
- C . Regression testing
- D . Penetration testing
Several users have reported that when attempting to save documents in team folders, the following message is received:
The File Cannot Be Copied or Moved C Service Unavailable.
Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files .
Which of the following is the MOST likely scenario causing these issues?
- A . The network is saturated, causing network congestion
- B . The file server is experiencing high CPU and memory utilization
- C . Malicious processes are running on the file server
- D . All the available space on the file server is consumed
A cybersecurity analyst is currently investigating a server outage. The analyst has discovered the following value was entered for the username: 0xbfff601a .
Which of the following attacks may be occurring?
- A . Buffer overflow attack
- B . Man-in-the-middle attack
- C . Smurf attack
- D . Format string attack
- E . Denial of service attack
A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as “root” and browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server.
For which of the following security architecture areas should the administrator recommend review and modification? (Select TWO).
- A . Log aggregation and analysis
- B . Software assurance
- C . Encryption
- D . Acceptable use policies
- E . Password complexity
- F . Network isolation and separation
The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content .
Which of the following recommendations would meet the needs of the organization?
- A . Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
- B . Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
- C . Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.
- D . Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
Latest CS0-001 Dumps Valid Version with 455 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
