Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores
Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid CS0-001 Exam's Question and Answers 1 from Pass4suresvce.com. 1
NO.1 A security analyst was asked to join an outage call to a critical web application. The web middleware support team determined (he wet) server w running and having no trouble processing requests, however, some investigation has revealed firewall denies to the web server that began around 1 00 a m that morning. An emergency change was made to enable the access, but management has asked tor a root cause determination. Which of the following would be the BEST next step? A. Use a port scan to determine all listening pons on the web server. B. Install a packet analyze, near the web server to capture sample traffic to find anomalies. C. Search the logging sewers for any rule changes. D. Block alt traffic lo the web server with an ACL. NO.2 An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below: Which of the following commands would have generated the output above? A. -nmap -sp 192.168.1.0/24 -p ALL B. -nmap -sp 192.168.1.13 -p ALL C. -nmap -sv 192.168.1.13 -p 80 D. -nmap -sv 192.168.1.1 -p 80 NO.3 The development team cur.en.ly consists of lh.ee developers who each specialize in a specific programming language: Developer 1 - C++/C# Developer 2 - Python Developer 3 - Assembly Which of the following SDLC best practices would be challenging lo implement with the current available staff? A. Fuzzing B. Stress testing C. Regression testing D. Peer review Get Latest & Valid CS0-001 Exam's Question and Answers 2 from Pass4suresvce.com. 2
NO.4 A recently issued audit report highlight exception related to end-user handling of sensitive data access and credentials. A security manager is addressing the findings. Which of the following activities should be implemented? A. Update the password policy B. Deploy Group Policy Objects C. Increase training requirements D. Deploy a single sign-on platform NO.5 Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted? A. VPNs B. Network infrastructure C. All endpoints D. Wired SCADA devices E. Mobile devices Answer: E Explanation Reference http://www.corecom.com/external/livesecurity/eviltwin1.htm NO.6 Which of the following loots should a cybersecurity analyst use to verify the integrity of a forensic image before and alter an investigation? A. dd B. shaisum C. strings D. file E. grip Answer: B NO.7 A cybersecurity analyst is conducting packet analysis on the following: Which of the following is occurring in the given packet capture? A. Broadcast storm Get Latest & Valid CS0-001 Exam's Question and Answers 3 from Pass4suresvce.com. 3
B. Zero-day exploit C. Smurf attack D. Network enumeration E. ARP spoofing NO.8 A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer? A. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance. B. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation. C. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody. D. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse. NO.9 A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application? A. Altering the password policy B. A compensating control C. Encrypting authentication traffic D. Creating new account management procedures NO.10 A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST? A. Notify the Chief Privacy Officer (CPO) B. Activate the incident response plan C. Contact the Office of Civil Rights (OCR) to report the breach D. Put an ACL on the gateway router NO.11 Company A suspects an employee has been exfiltration PII via a USB thumb drive. An analyst is asked with attempting to locate the information on the drive. The PII question includes the following: Get Latest & Valid CS0-001 Exam's Question and Answers 4 from Pass4suresvce.com. 4
Which of the following would BEST accomplish the task assigned to the analyst? A. \d(9] 'XXX-XX-XXX' B.? 3]-? 21-?[3] C. 3{0-9}\d-210-9]\d-4[0-9]\d D. \d<3)-\dl2 -\d(4) NO.12 While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a foreign domain known to have well-funded groups that specifically target the company's R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes: A. corporate espionage. B. an APT. C. DNS harvesting. D. a zero-day exploit. Answer: B NO.13 Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A. Tailgating B. Phishing C. Password reuse D. Social engineering Answer: A NO.14 The following IDS log was discovered by a company's cybersecurity analyst: Which of the following was launched against the company based on the IDS log? Get Latest & Valid CS0-001 Exam's Question and Answers 5 from Pass4suresvce.com. 5
A. Buffer overflow attack B. SQL injection attack C. Cross-site scripting attack D. Online password crack attack Answer: A NO.15 The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation? A. Analyze the forensic image B. Activate the escalation checklist C. Perform evidence acquisition D. Implement the incident response plan Explanation Reference https://staff.washington.edu/dittrich/misc/forensics/ NO.16 A vulnerability scan has returned the following information: Which of the following describes the meaning of these results? A. Connecting to the host using a null session allows enumeration of share names. B. No CVE is present, so it is a false positive caused by Lotus running on a Windows server. C. Trend Micro has a known exploit that must be resolved or patched. D. There is an unknown bug in a Lotus server with no Bugtraq ID. Answer: A Get Latest & Valid CS0-001 Exam's Question and Answers 6 from Pass4suresvce.com. 6