Certification Exam Prep Questions For CompTIA (CS0-001) Cybersecurity Analyst (CySA+)


QuickStart is now offering assessment questions for CompTIA (CS0-001): Cybersecurity Analyst (CySA+). Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take for CompTIA (CS0-001): Cybersecurity Analyst (CySA+).


Arrow
 

1

Internal cyber security suspects a network server as the target of a zero-day attack. What type of analysis should the cyber security team use to verify this?

A. Availability
Incorrect.
B. Heuristic
Correct!
C. Trend
Incorrect.
D. Packet
Incorrect.
2

A cybersecurity consultant is helping a company organize its internal incident response team. The consultant recommends that they need to be able to collect information about system events and system activity leading up to an incident. What should the team use?

A. Log viewer
Correct!
B. Cryptographic tools
Incorrect.
C. Imaging utility
Incorrect.
D. Process analysis utility
Incorrect.
3

A company contracts with an outside organization to perform a blind penetration test. The primary goal of the test is to determine how vulnerable the network is to data theft and modification. The rules of engagement include a specification to test other potential vulnerabilities discovered during testing. What is the first step that the testers should take when performing the test?

A. Vulnerability scanning
Incorrect.
B. Brute force attack
Incorrect.
C. Initial reporting
Incorrect.
D. Information gathering
Correct!
4

The incident response team needs to make forensic copy of a hard disk. What should the team do before creating the copy?

5

A company's newly established forensic response team is working with a cybersecurity specialist to create a detailed incident response plan. They need to document guidelines for prioritizing data collection at the site of an incident. Which data source should have the highest priority?

A. Temporary file systems
Incorrect.
B. System memory
Incorrect.
C. Hard disk
Incorrect.
D. CPU registers and cache
Correct!
6

An internal data exfiltration attack resulted in a small amount of unpublished material being uploaded to an external site. Investigation into the potential impact of the incident revealed an unexpected vulnerability: Any materials from the publisher. either sold directly by the publisher or through a third party, can be copied and redistributed without any restrictions. The publisher needs to prevent this from happening in the future in a way that protects the materials from unauthorized duplication or redistribution. What is the BEST solution the publisher should implement?

A. DRM
Correct!
B. DLP
Incorrect.
C. AUP
Incorrect.
D. NDA
Correct!
7

A Company is preparing to develop an application an application that will be used extensively Through the organization developers are directed to find all information they can about security controls that directly relate to scenarios used in designing the application. what organization provides this information?

A. OWASP
Incorrect.
B. CSDP
Incorrect.
C. CIS
Correct!
D. GIAC
Incorrect.
8

A detailed analyst for SEIM server data, IDS collected data, and network captures uncovers unusual network traffic. Short bursts of outgoing traffic are being sent late at night to an external address. The cybersecurity teams wants to gather additional information about the activity to plan the best course of action. What should the team do first?

9

A company designated a Computer Security Incident Response Team (CSIRT) to enable the company to manage incidents using internal resources. The team needs to repurpose a laptop computer as a forensic workstation. They need to set up the workstation as quickly as possible and at minimum cost. What should they install on the computer?

A. Kali Linux
Correct!
B. Microsoft Windows 10
Incorrect.
C. Microsoft Windows Server 2016
Incorrect.
D. Red Hat Linux
Incorrect.
10

The security team updated your vulnerability scanner with current plug-ins. The result after running a non-credentialed scan of the network shows an increase in reported vulnerabilities. A custom application running on several hosts is reported as vulnerable. The security team suspects a false positive. What action should the security team take first?

11

The incident response team determines that confidential information, including PHI was downloaded during an incident. The legal department directs that a statement be issued to potentially impacted customers that this has happened. Why is this important?

12

What are two key roles of management in an incident response process?

13

An Internet service provider (ISP) is acquiring a small regional competitor. Negotiations are ongoing. An unauthorized disclosure of information about the acquisition occurred. Additional release of information could increase the cost of the acquisition or jeopardize the deal. The ISP's security team initially suspects a social engineering exploit. It was finally identified as being from an email sent by an ISP employee. The employee's excuse was that he did not know what he could or could not say about the acquisition. What is the BEST solution that both companies should put in place to minimize the risk of additional unauthorized release of information?

A. AUP
Incorrect.
B. DLP
Incorrect.
C. ISA
Incorrect.
D. NDA
Correct!
14

A web application lets field sales personnel look up customer information. A sudden spike of data transmissions from the web site is detected. Closer investigation indicates that the traffic started after the following string was used to connect to the web site: http://frelcompany.com/showcust.php?ID=1000 OR in What type of vulnerability is being exploited?

A. Clickjacking
Incorrect.
B. SQL injection
Incorrect.
C. Maintenance hook
Correct!
D. Buffer overflow
Incorrect.
15

A company is in the process of classifying data in advance of implementing an information security vulnerability management process. A security specialist is asked to identify personally identifying information (PII) on file about employees. Which two of the following should the specialist classify as P11? (Choose two.)

A. Birthdate
Correct!
B. Home address
Correct!
C. Salary information
Incorrect.
D. Salary information
Incorrect.
16

A company works with a cybersecurity consultant to establish a computer incident response team. The team includes members from different departments in the company, including: * Technical services * Information technology (IT) * Management * Human resources (HR) * Public relations • Legal The team is developing an incident response plan that includes communication plans and guidelines in case of an incident. The team needs to ensure secure, reliable, and appropriate communications. Which two items should be included in the communication plan? (Choose two.)

17

A company deploys a CRM web application in its perimeter network to provide access to outside sales personnel. The internal security team works with the supplier's technical support to resolve compatibility and security issues during deployment. During this process, the internal security team learns that the application has a maintenance hook. What is the potential risk of a maintenance hook

18

A member of the cyber team executes the following from a Linux host: ping -b -c 3 -i30 192.168.2.255 What type of environmental reconnaissance effort does this indicate?

A. Topology discovery
Correct!
B. OS fingerprinting
Incorrect.
C. DNS harvesting
Incorrect.
D. Service discovery
Incorrect.
19

A security consultant helps a company to implement an information vulnerability management process. What is the first step in the process that the security consultant should recommend?

20

A company determines that recent incidents were due to network resources being overloaded which made them more vulnerable to exploit attempts. This included crashing a critical database server through a denial-of-service (DoS) attack. The company decides to implement trend analysis to manage resource requirements proactively. What is the first step in setting up trend analysis?

21

Analysis of a recent incident exposed a need to modify or update the following: * Permission assignments * Router and firewall configurations * VLAN boundaries Where should the information technology (IT) department find guidelines for how best to implement these?

22

A company tests an update to an internally developed application at its corporate office. The update must be made available to remote offices for download on an as needed basis. The file is made available from a website accessible to remote offices. The company needs to ensure the integrity and authenticity of the file after download. Which technology should the company use?

A. Mutual authentication
Incorrect.
B. Fuzzing
Incorrect.
C. Hashing
Correct!
D. Encryption
Incorrect.
23

A company uses websites for communication with both employees and customers. The company hosts multiple private and public websites. Some websites have been found vulnerable to session hijacking after attacks are detected. What is the BEST way to prevent session hijacking in the future?

24

1. A company contracts a data security specialist to help with data classification for implementing an information security vulnerability management process. The specialist is tasked with identifying data as confidential, proprietary, private, or public. What kind of data should be identified as proprietary data?

25

A post-incident audit described the need to update and enforce password policies. New maximum age and minimum age limits are specified in the policy. The limits are enforced for Microsoft Active Directory Domain Services (AD DS) users through Group Policy. Technical services needs to enforce the policy for a small number of users who are able to directly log onto the network's two Linux servers. What should technical services do?

26

Users report a problem with a commercial customer management application. Any time a user accesses a customer record, even to just view the record, it is deleted from the database. The application runs as a web application. Antivirus software running on the web server and the database server does not report any problems. How should the security analyst classify the threat?

A. PHI
Incorrect.
B. Zero-day
Correct!
C. APT
Incorrect.
D. Known
Incorrect.
27

A company deploys a new web application in a limited release as part of its user acceptance testing (UAT). The company needs to monitor, capture, and analyze real-world activity between users and the web application with a focus on application security. What should the company use?

A. Regression testing
Incorrect.
B. WAF
Incorrect.
C. Input validation
Correct!
D. Interception proxy
Correct!
28

A company's internal network uses only layer 3 switches. The network is configured as multiple physical subnets and makes extensive used for VLANs. A recent incident raised concerns about how the network is configured. A cybersecurity consultant makes recommendations to minimize the future risk to three critical servers. The servers should be configured: * As part of the same IP subnet. * Segmented from the rest of the network. * So all traffic to or from the servers must go through a firewall. * To prevent the servers from communicating directly with each other. The servers are currently configured as part of a VLAN with other servers and network clients. What network configuration should be used?

A. Separate VLAN
Incorrect.
B. Private VLAN
Correct!
C. Network sandbox
Incorrect.
D. New IP subnet
Incorrect.
29

A company wants to employ continuous scans as part of its information security vulnerability management process. A security consultant recommends using standards to enable the automated vulnerability management that can enumerate software flaws and configuration issues. Which standard should the company use to provide this?

A. SCADA
Incorrect.
B. SABSA
Incorrect.
C. SCAP
Correct!
D. SIEM
Incorrect.
30

A credentialed vulnerability scan reports a known vulnerability on multiple databases. The vulnerability is not reported when a non-credentialed scan runs. The vulnerability is due to configuration settings required to support a legacy application. The security team does not want the vulnerability to be reported on future scans. The team needs to ensure that this does not otherwise impair the accuracy of the scans. What should the security team do?

PDP Url

(CS0-001) Sample-Question CompTIA Cybersecurity Analyst (CySA+)


Self-Paced

Learning Style

Beginner

Difficulty

1 Hour

Course Duration

Certificate

See Sample

Buy Individually
About Individual Course:
  • Individual course plan gives you access to this course
$109.00
$109.00
/ Each

Outline

More Information

More Information
Lab Access No
Learning Style Self-Paced Learning
Difficulty Beginner
Course Duration 1 Hour
Language English

Reviews

Write Your Own Review
Only registered users can write reviews. Please Sign in or create an account

Contact A Learning Consultant


click here