CompTIA Cybersecurity Analyst (CySA+) Certification Exam - CS0-001 Exam Practice Test

A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:

Which of the following traffic patterns or data would be MOST concerning to the security analyst?

Correct Answer: A
Following the development of a company's new online application, a security analyst Is brought In to test the site's security before going live. The analyst Is given the following URL and credentials:
htt ps://app.com pany.com/Guest User ID: UserBob Password: S#7h&sh*g
After logging In, the URL changes to the following, and the system displays a screen with graphs of various data points:
https;//opp.company.corn/User/dashboard.php?view=grophs
Which of the following Is the BEST choice for a reasonable test of circumventing the site's security?

Correct Answer: A
An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future?

Correct Answer: A
The security team for a large, international organization is developing a vulnerability management program. The development staff has expressed concern that the new program will cause service interruptions and downtime as vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to address this concern?

Correct Answer: C
In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed?

Correct Answer: A
External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?

Correct Answer: C
While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a foreign domain known to have well-funded groups that specifically target the company's R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes:

Correct Answer: D
A security analyst is creating ACLs on a perimeter firewall that will deny inbound packets that are from internal addresses, reversed external addresses, and multicast addresses. Which of the following is the analyst attempting to prevent?

Correct Answer: B
Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

Correct Answer: C,D
Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

Correct Answer: A
A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

Correct Answer: A,E
Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

Correct Answer: B
Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)

Correct Answer: A,C
A malicious user taps into a network connection, and then Intercepts, sends, and receives data for other users, such as account numbers and passwords. Which of the following remediation's would prevent the attack the malicious user Is using?

Correct Answer: D
A Chief Executive Officer (CEO) wants to implement BYOD in the environment. Which of the following options should the security analyst suggest to protect corporate data on these devices? (Choose two.)

Correct Answer: B,D
A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

Correct Answer: B
Which of the following has the GREATEST impact to the data retention policies of an organization?

Correct Answer: A
A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

Correct Answer: C
Which of the following utilities could be used to resolve an IP address to a domain name, assuming the address has a PTR record?

Correct Answer: B
Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

Correct Answer: A
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

Correct Answer: D,F
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

Correct Answer: A
The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

Correct Answer: C
A company has received several reports that some or its user accounts were compromised, and Its website Is flagged as Insecure by major search engines. The security analyst reviews the relevant application logs to determine where the problem might be located:

Given the above log Information, which of the following would be the BEST recommendation for the security analyst to give?

Correct Answer: C
A security analyst has concluded that a breach occurred and data was exfilterated out of the network. Which of the following roles Is responsible for Identifying the location of the attackers and the stolen data?

Correct Answer: A
A company has a popular shopping cart website hosted geographically diverse locations. The company has started hosting static content on a content delivery network (CDN) to improve performance. The CDN provider has reported the company is occasionally sending attack traffic to other CDN-hosted targets.
Which of the following has MOST likely occurred?

Correct Answer: B
A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

Correct Answer: D
A threat intelligence analyst who works for a technology firm received this report from a vendor.
"There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector." Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

Correct Answer: C
An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

Correct Answer: A
A company has received the results of an external vulnerability scan from its approved scanning vendor. The company is required to remediate these vulnerabilities for clients within 72 hours of acknowledgement of the scan results.
Which of the following contract breaches would result if this remediation is not provided for clients within the time frame?

Correct Answer: A
The Chief Information Security Officer (CISO) has decided that all accounts with elevated privileges must use a longer, more complicated passphrase instead of a password. The CISO would like to formally document management's intent to set this control level. Which of the following is the appropriate means to achieve this?

Correct Answer: D
A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

Correct Answer: C
The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server. The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that support them. Which of the following meets the criteria?

Correct Answer: B
An organization's Internal CRM system was recently breached but was not detected by the SOC. The organization has since Implemented a number of changes to technical controls, people, and processes. Which of the following would be BEST for the organization to implement to validate the overall effectiveness of these changes?

Correct Answer: D
After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?

Correct Answer: A
A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

Correct Answer: C

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어