Certification Practice Test Sample Questions For CompTIA (CS0-001) Cybersecurity Analyst (CySA+)
QuickStart is now offering sample questions for CompTIA (CS0-001): Cybersecurity Analyst (CySA+). Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice test to better aid in certification. 100% of the questions are real test questions; from a recent version of the CompTIA (CS0-001): Cybersecurity Analyst (CySA+) exam.
CompTIA CySA+ Certification Course + Exam Bundle
Enroll now today and get 30% off using discount code PRACTICE30 at checkout.
CompTIA PenTest+ Certification Course + Exam Bundle
Enroll now today and get 30% off using discount code at checkout.
CS0-001 Sample Exam Questions
A network server is suspected as the target of a zero-day attack by the internal cybersecurity team. The cybersecurity team can verify his using which type of analysis?
A company hires a cybersecurity consultant to help organize the internal incident response team. As per the consultant’s recommendations, it is critical to collect information about system activity and events that can possibly lead to an incident. Which of the following should the team use?
- A. Process analysis utility
-
Incorrect.
- B. Cryptographic tools
-
Incorrect.
- C. Log viewer
-
Correct!
- D. Imaging utility
-
Incorrect.
An organization asks an outside organization to perform a blind penetration test. The vulnerability of network towards data theft and modification needs to be tested with the penetration test. There is a specification in the rules of engagement to test potential vulnerabilities identified in the testing. Identify the initial step testers must take when performing the test.
- A. Information gathering
-
Correct!
- B. Brute force attack
-
Incorrect.
- C. Vulnerability scanning
-
Incorrect.
- D. Initial reporting
-
Incorrect.
There needs to be created a forensic copy of a hard disk. The incident response team is responsible for it. Which of the following steps should the team take before the copy is created?
- A. Scan the source disk for malware.
-
Incorrect.
- B. Restart the source computer.
-
Incorrect.
- C. Create a hash for the source disk.
-
Correct!
- D. Check the source disk for corrupt sectors.
-
Incorrect.
An organization has established forensic response team. A cybersecurity specialist is hired to work with the new team. They are tasked to team up and create a detailed incident response plan. At the site of incident, data needs to be collected to investigate further. The team and the specialist have to create guidelines for prioritizing data collection at the site of an incident. Can you identify the data source that must have the highest priority?
- A. CPU registers and cache
-
Correct!
- B. Temporary file systems
-
Incorrect.
- C. System memory
-
Incorrect.
- D. Hard disk
-
Incorrect.
An organization faces an internal data exfiltration attack. As a result, some amount of unpublished data got published at an external website. There was an unexpected vulnerability that got unfolded upon investigating about the potential impact of the attack: There are no restrictions in copying and redistributing material received from the publisher, bought directly or through a third party. The publisher needs protect the material from getting copied or redistributed in the future by unauthorized means. Which of the following solutions should the publisher implement?
A Company is preparing to develop an application that is planned to be used extensively throughout the organization. The developers of the application are required to look for and identify all the relevant information about security controls that must be kept in check while developing an application. Can you identify the organization that provides this information?
There is a detailed analysis run on SEIM server data, IDS collected data, and network captures. The analysis reflects unusual network traffic. An external address receives bursts of outgoing traffic late at night. The cybersecurity teams plan to develop an action plan to deal with the situation and decide to gather additional information about the activity. What would be the first step the cybersecurity team should take?
- B. Program a firewall rule to block the outgoing traffic.
-
Incorrect.
- C. Identify and locate the traffic source.
-
Correct!
- D. Deploy a NetFlow Analyzer server.
-
Incorrect.
An organization plans to manage incidents via internal resources and designates a Computer Security Incident Response Team (CSIRT) for that purpose. A laptop computer is required by the team to be repurposed as a forensic workstation. What would they install in the computer if they aim to set up the workstation in as less time as possible?
- A. Red Hat Linux
-
Incorrect.
- B. Microsoft Windows 10
-
Incorrect.
- C. Kali Linux
-
Correct!
- D. Microsoft Windows Server 2016
-
Incorrect.
The security team used current plug-ins to update your vulnerability scanner. An increase in reported vulnerabilities reflected upon running a non-credentialed scan of the network. There is a custom application reported as vulnerable. The application was running on several hosts. A false positive is suspected as by the security team. What do you think the security team must do first?
- B. Configure an exception for the vulnerability.
-
Incorrect.
- C. Ignore the result.
-
Incorrect.
- D. Run the scan as non-credentialed.
-
Incorrect.
Some confidential information including PHI was downloaded during an incident as identified by the incident response team. According to the legal department, the potentially impacted customers must have a statement issued to them informing about the incident. Why do you think this is important?
- A. To meet regulatory requirements about PHI
-
Correct!
- C. To provide justification for involving law enforcement
-
Incorrect.
- D. To protect the company from any legal liability
-
Incorrect.
In an incident response process, what two key roles does the management have?
- A. Coordinate the communication process.
-
Incorrect.
- B. Authorize necessary resources
-
Incorrect.
- C. Support the incident response team.
-
Correct!
- D. Prepare public statements about the incident.
-
Incorrect.
Negotiations are going on between an Internet service provider (ISP) and a small regional competitor as the ISP plans to acquire the regional competitor. A leakage of unauthorized information regarding the acquisition is witnessed. Any more information leak could increase the cost of acquisition or even affect the deal to stop from succeeding. Initially, a social engineering attack is suspected by the ISP's security team. Later, the reason was identified to be an email sent by an ISP employee. When asked from the employee, he says he was unaware of his liberty to decide what he can and cannot speak about the acquisition. In your opinion, what is the BEST solution both companies must go for in order to minimize the risk of information leakage?
An organization has a web application that allows field sales personnel access the customer information. There is an unusual surge in data transmissions from the web site. Upon further investigation it is indicated that the traffic started when website was connected using the following string: http://frelcompany.com/showcust.php?ID=1000 OR in What is the type of vulnerability being exploited?
- A. Buffer overflow
-
Incorrect.
- B. SQL injection
-
Incorrect.
- C. Clickjacking
-
Incorrect.
- D. Maintenance hook
-
Correct!
An organization plans on implementing an information security vulnerability management process and wants to classify data in advance. It is required by a security specialist to take out employees’ personally identifying information (PII) on file. Can you identify the two types of information that the specialist can classify as PII? (opt any TWO)
- A. Salary information
-
Incorrect.
- B. Father,s name
-
Correct!
- C. Salary information
-
Incorrect.
- D. Home address
-
Correct!
An organization hires a cybersecurity consultant and aims to establish a computer incident response team. Personnel from different departments are included in the team. The departments are: -Technical services -Information technology (IT) -Management -Human resources (HR) -Public relations -Legal An incident response plan containing communication plans and guidance (in case of an incident), is being developed by the team. Three important factors in terms of communication must be kept in mind. Security, reliability, and appropriateness. Identify the two most suitable items that the communication plan must include? (opt any TWO)
An organization wants to provide access to outside sales personnel for which it deploys a CRM web application in its perimeter network. Compatibility and security issues, while deployment, are dealt as the internal security team borrows support from supplier's technical team. The internal security team realizes within the process that the application has a maintenance hook. Can you identify what potential risk would be attached to a maintenance hook?
The following is executed by a cyber team member from a Linux host: ping -b -c 3 -i30 192.168.2.255 This indicates what type of environmental reconnaissance effort?
- A. Service discovery
-
Incorrect.
- B. DNS harvesting
-
Incorrect.
- C. Topology discovery
-
Correct!
- D. OS fingerprinting
-
Incorrect.
An organization hires you as a security consultant to aid in implementing an information vulnerability management process. Can you identify the first step you would recommend?
- A. Perform a vulnerability scanning.
-
Incorrect.
- B. Identify requirements.
-
Correct!
- C. Establish scanning frequency.
-
Incorrect.
- D. Configure scanning tools.
-
Incorrect.
An organization has started facing increased security exploit incidents recently. It is realized that due to an overloaded number of network resources the network has become vulnerable to exploit attempts. There was also a denial-of-service (DoS) attack that resulted in crashing a critical database server. Trend analysis is intended to be implemented so resource requirements can be managed proactively. Can you identify the first step in setting up trend analysis?
- B. Collect baseline statistics.
-
Correct!
- C. Segregate network servers on a single VLAN.
-
Incorrect.
- D. Close all open ports to the Internet.
-
Incorrect.
An organization faced an incident, which was analyzed to check for the loopholes. It was established that the following will be needed to modify or update: -Permission assignments -Router and firewall configurations -VLAN boundaries Can you identify where the IT department can get the guidelines for implementing the above mentioned elements?
- A. Lessons learned report
-
Incorrect.
- B. Incident response plan
-
Incorrect.
- C. Change control process
-
Correct!
- D. Incident summary report
-
Incorrect.
An organization has an internally developed application. It is decided to test an update on the application at its corporate office. There are remote offices with users of the application and it must be ensure that the update is available to users in remote offices on an as needed basis. A website that can be accessed by users in remote locations has the file available for download. Now it is required to be sure the integrity and authenticity of the file remains intact after download. Which technology should the company use?
- A. Encryption
-
Incorrect.
- B. Fuzzing
-
Incorrect.
- C. Mutual authentication
-
Incorrect.
- D. Hashing
-
Correct!
In an organization, both employees and customers are brought in communication using websites. Various private and public websites are hosted by the company. Attacks have been detected on some websites as they are found to be vulnerable to session hijacking. How best can session hijacking can be prevented in future?
- A. Require HTTPS for all websites.
-
Correct!
- B. Require OAuth authentication on all websites.
-
Incorrect.
- C. Require websites be hosted on servers deployed as VMs.
-
Incorrect.
- D. Require clients to support cookies.
-
Incorrect.
An organization wants to implement an information security vulnerability management process for which it hires on contract a data security specialist. The data security specialist helps with data classification. The specialist is required to classify the data as proprietary, confidential, private, or public. Can you identify the type of data that can be identified as proprietary data?
An audit carried after an incident identifies the need to update and enforce password policies. The policy mentions wew maximum and minimum age limits. The Group Policy enforces the limits for Microsoft Active Directory Domain Services (AD DS) users. Technical services is required to enforce the policy to a limited number of users. Those users who can directly log onto the network's two Linux servers. Can you identify a step that technical services must take?
- A. Edit the /etc/passwd and /etc/shadow files.
-
Correct!
- B. Run the ps command.
-
Incorrect.
- C. Edit the /etc/login.defs file
-
Incorrect.
- D. Run the change command.
-
Correct!
There is a commercial customer management application that is reported to have a problem by a user. Customer records get deleted every time it is accessed by a user. It is a web application. There is an Antivirus software installed and runs on the web server and the database server. There are no problems reported by the antivirus software. How would this type of threat be classified by the security analyst?
An organization has a new web application deployed. It is a limited release edition, as part of its user acceptance testing (UAT). The organization wants to focus on application security while monitoring, capturing, and analyzing users and web application real-world activity. What do you think the company should use?
- A. Interception proxy
-
Correct!
- B. Regression testing
-
Incorrect.
- C. WAF
-
Incorrect.
- D. Input validation
-
Correct!
An organization would like to have continuous scans as part of its information security vulnerability management process. A hired security consultant recommends using standards so the automated vulnerability management can be enabled. This would help the organization identify, separate and highlight software flaws and configuration issues. What do you think is the appropriate standard the company must use to provide this?
A known vulnerability is reported in a credentialed vulnerability scan. The vulnerability is reported on various databases. However, when a non-credentialed scan runs, the vulnerability is not reported. It is established that the configuration settings that are required to support a legacy application are causing the vulnerability. It is desired by the security team to not have vulnerability reported on future scans. At the same time the team doesn’t want the accuracy of the scans to go down. What do you think the security team must do?
- B. Run the scans as non-credentialed.
-
Incorrect.
- C. Take the database servers offline before scanning
-
Incorrect.
- D. Configure an exception for the vulnerability.
-
Correct!
Tell Us About You:
- Home
- Sample-Question CompTIA Cybersecurity Analyst (CySA+)
Sample-Question CompTIA Cybersecurity Analyst (CySA+)
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information