CS0-001 | CompTIA CS0-001 Training Materials 2021

It is more faster and easier to pass the CompTIA CS0-001 exam by using Approved CompTIA CompTIA CSA+ Certification Exam questuins and answers. Immediate access to the Up to the minute CS0-001 Exam and find the same core area CS0-001 questions with professionally verified answers, then PASS your exam with a high score now.

Online CS0-001 free questions and answers of New Version:

NEW QUESTION 1

A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim’s browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company’s website?

  • A. Logic bomb
  • B. Rootkit
  • C. Privilege escalation
  • D. Cross-site scripting

Answer: D

NEW QUESTION 2

An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.
Portions of the scan results are shown below:
CS0-001 dumps exhibit
Which of the following lines indicates information disclosure about the host that needs to be remediated?

  • A. Response: :DocumentsMarySmithmailingList.pdf
  • B. Finding#5144322
  • C. First Time Detected 10 Nov 2015 09:00 GMT-0600
  • D. AccessPath: http://myOrg.com/mailingList.htm
  • E. Request:GET http://myOrg.com/mailingList.aspx?content=volunteer

Answer: A

NEW QUESTION 3

A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report the applications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day. Which of the following should a security architect recommend to improve the end-user experience without lowering the security posture?

  • A. Configure directory services with a federation provider to manage accounts.
  • B. Create a group policy to extend the default system lockout period.
  • C. Configure a web browser to cache the user credentials.
  • D. Configure user accounts for self-service account management.

Answer: B

NEW QUESTION 4

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?

  • A. The workstations should be isolated from the network.
  • B. The workstations should be donated for reuse.
  • C. The workstations should be reimaged.
  • D. The workstations should be patched and scanned.

Answer: D

NEW QUESTION 5

Which of the following is MOST effective for correlation analysis by log for threat management?

  • A. PCAP
  • B. SCAP
  • C. IPS
  • D. SIEM

Answer: D

NEW QUESTION 6

A reverse engineer was analyzing malware found on a retailer’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?

  • A. POS malware
  • B. Rootkit
  • C. Key logger
  • D. Ransomware

Answer: A

NEW QUESTION 7

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

  • A. A compensating control
  • B. Altering the password policy
  • C. Creating new account management procedures
  • D. Encrypting authentication traffic

Answer: D

NEW QUESTION 8

A security analyst’s company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

  • A. The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.
  • B. RFC 3162 is known to cause significant performance problems.
  • C. The IPSec implementation has significantly increased the amount of bandwidth needed.
  • D. The implementation should have used AES instead of 3DES.

Answer: A

NEW QUESTION 9

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

  • A. The security analyst should recommend this device be place behind a WAF.
  • B. The security analyst should recommend an IDS be placed on the network segment.
  • C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
  • D. The security analyst should recommend this device be included in regular vulnerability scans.

Answer: A

NEW QUESTION 10

A newly discovered malware has a known behavior of connecting outbound to an external destination on port 27500 for the purpose of exfiltrating data. The following are four snippets taken from running netstat –an on separate Windows workstations:
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
Based on the above information, which of the following is MOST likely to be exposed to this malware?

  • A. Workstation A
  • B. Workstation B
  • C. Workstation C
  • D. Workstation D

Answer: A

NEW QUESTION 11

Which of the following could be directly impacted by an unpatched vulnerability m vSphre ESXi?

  • A. The organization's physical routers
  • B. The organization's mobile devices
  • C. The organization's virtual infrastructure
  • D. The organization's VPN

Answer: C

NEW QUESTION 12

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

  • A. Mobile devices
  • B. All endpoints
  • C. VPNs
  • D. Network infrastructure
  • E. Wired SCADA devices

Answer: A

Explanation:
Reference
http://www.corecom.com/external/livesecurity/eviltwin1.htm

NEW QUESTION 13

In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:
152.100.57.18
The organization’s servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

  • A. Malicious process
  • B. Unauthorized change
  • C. Data exfiltration
  • D. Unauthorized access

Answer: C

NEW QUESTION 14

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

  • A. Threat intelligence reports
  • B. Technical constraints
  • C. Corporate minutes
  • D. Governing regulations

Answer: A

NEW QUESTION 15

The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) was contacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporation’s quarterly tax returns. Which of the following types of testing would help prevent this from reoccurring?

  • A. Security regression testing
  • B. User acceptance testing
  • C. Input validation testing
  • D. Static code testing

Answer: B

NEW QUESTION 16

A cybersecurity professional wants to determine if a web server is running on a remote host with the IP address 192.168.1.100. Which of the following can be used to perform this task?

  • A. nc 192.168.1.100 -1 80
  • B. ps aux 192.168.1.100
  • C. nmap 192.168.1.100 –p 80 –A
  • D. dig www 192.168.1.100
  • E. ping –p 80 192.168.1.100

Answer: C

NEW QUESTION 17

While reviewing web server logs, a security analyst notices the following code:
CS0-001 dumps exhibit
Which of the following would prevent this code from performing malicious actions?

  • A. Performing web application penetration testing
  • B. Requiring the application to use input validation
  • C. Disabling the use of HTTP and requiring the use of HTTPS
  • D. Installing a network firewall in front of the application

Answer: C

NEW QUESTION 18

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js xerty.ini xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

  • A. Disable access to the company VPN.
  • B. Email employees instructing them not to open the invoice attachment.
  • C. Set permissions on file shares to read-only.
  • D. Add the URL included in the .js file to the company’s web proxy filter.

Answer: B

NEW QUESTION 19

A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?

  • A. Sponsored guest passwords must be at least ten characters in length and contain a symbol.
  • B. The corporate network should have a wireless infrastructure that uses open authentication standards.
  • C. Guests using the wireless network should provide valid identification when registering their wireless devices.
  • D. The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.

Answer: C

NEW QUESTION 20

The Chief Security Office (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version derails so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

  • A. Execute the ver command
  • B. Execute the nmap -p command
  • C. Use Wireshart to export a list
  • D. Use credentialed configuration

Answer: A

NEW QUESTION 21

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

  • A. Succession planning
  • B. Separation of duties
  • C. Mandatory vacation
  • D. Personnel training
  • E. Job rotation

Answer: BD

NEW QUESTION 22

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?

  • A. Trend analysis
  • B. Behavior analysis
  • C. Availability analysis
  • D. Business analysis

Answer: A

NEW QUESTION 23

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

  • A. To schedule personnel resources required for test activities
  • B. To determine frequency of team communication and reporting
  • C. To mitigate unintended impacts to operations
  • D. To avoid conflicts with real intrusions that may occur
  • E. To ensure tests have measurable impact to operations

Answer: AC

NEW QUESTION 24

A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:
CS0-001 dumps exhibit
Which of the following traffic patterns or data would be MOST concerning to the security analyst?

  • A. Ports used for SMTP traffic from 73.252.34.101
  • B. Unencrypted password sent from 103.34.243.12
  • C. Anonymous access granted by 103.34.243.12
  • D. Ports used HTTP traffic from 202.53.245.78

Answer: C

NEW QUESTION 25

Which of the following describes why it is important to include scope within the rules of engagement of a
penetration test?

  • A. To ensure the network segment being tested has been properly secured
  • B. To ensure servers are not impacted and service is not degraded
  • C. To ensure all systems being scanned are owned by the company
  • D. To ensure sensitive hosts are not scanned

Answer: C

NEW QUESTION 26

The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

  • A. Peer code reviews
  • B. Regression testing
  • C. User acceptance testing
  • D. Fuzzing
  • E. Static code analysis

Answer: C

NEW QUESTION 27

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js xerty.ini xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

  • A. Disable access to the company VPN.
  • B. Move the files from the NAS to a cloud-based storage solution.
  • C. Set permissions on file shares to read-only.
  • D. Add the URL included in the .js file to the company’s web proxy filter.

Answer: D

NEW QUESTION 28
......

P.S. Certleader now are offering 100% pass ensure CS0-001 dumps! All CS0-001 exam questions have been updated with correct answers: https://www.certleader.com/CS0-001-dumps.html (363 New Questions)