CompTIA CS0-001 CompTIA CySA+ Certification Exam Online Training
CompTIA CS0-001 Online Training
The questions for CS0-001 were last updated at Nov 12,2024.
- Exam Code: CS0-001
- Exam Name: CompTIA CySA+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 12,2024
A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network .
Which of the following protocols needs to be denied?
- A . TCP
- B . SMTP
- C . ICMP
- D . ARP
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine .
Which of the following MOST likely happened in this situation?
- A . The analyst is not using the standard approved browser.
- B . The analyst accidently clicked a link related to the indicator.
- C . The analyst has prefetch enabled on the browser in use.
- D . The alert in unrelated to the analyst’s search.
A threat intelligence analyst who works for a technology firm received this report from a vendor.
“There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector.”
Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?
- A . Polymorphic malware and secure code analysis
- B . Insider threat and indicator analysis
- C . APT and behavioral analysis
- D . Ransomware and encryption
Which of the following principles describes how a security analyst should communicate during an incident?
- A . The communication should be limited to trusted parties only.
- B . The communication should be limited to security staff only.
- C . The communication should come from law enforcement.
- D . The communication should be limited to management only.
Review the following results:
Which of the following has occurred?
- A . This is normal network traffic.
- B . 123.120.110.212 is infected with a Trojan.
- C . 172.29.0.109 is infected with a worm.
- D . 172.29.0.109 is infected with a Trojan.
An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection .
Which of the following has occurred on the workstation?
- A . Zero-day attack
- B . Known malware attack
- C . Session hijack
- D . Cookie stealing
A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console .
Which of the following scanning topologies is BEST suited for this environment?
- A . A passive scanning engine located at the core of the network infrastructure
- B . A combination of cloud-based and server-based scanning engines
- C . A combination of server-based and agent-based scanning engines
- D . An active scanning engine installed on the enterprise console
External users are reporting that a web application is slow and frequently times out when attempting to submit information .
Which of the following software development best practices would have helped prevent this issue?
- A . Stress testing
- B . Regression testing
- C . Input validation
- D . Fuzzing
A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service .
Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?
- A . Sinkhole
- B . Block ports and services
- C . Patches
- D . Endpoint security
Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select TWO)
- A . Root cause analysis of the incident and the impact it had on the organization
- B . Outline of the detailed reverse engineering steps for management to review
- C . Performance data from the impacted servers and endpoints to report to management
- D . Enhancements to the policies and practices that will improve business responses
- E . List of IP addresses, applications, and assets
Latest CS0-001 Dumps Valid Version with 455 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
