getcertified4sure.com

CS0-001 Exam

Approved CS0-001 Free Demo 2021




Master the CS0-001 CompTIA CSA+ Certification Exam content and be ready for exam day success quickly with this Examcollection CS0-001 vce. We guarantee it!We make it a reality and give you real CS0-001 questions in our CompTIA CS0-001 braindumps.Latest 100% VALID CompTIA CS0-001 Exam Questions Dumps at below page. You can use our CompTIA CS0-001 braindumps and pass your exam.

NEW QUESTION 1

A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service. Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?

  • A. Sinkhole
  • B. Block ports and services
  • C. Patches
  • D. Endpoint security

Answer: A

Explanation:
reference
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891

NEW QUESTION 2

An organization has recently experienced a data breach A forensic analysis. On formed the attacker found a legacy web server that had not been used in over a year and was not regularly patched After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing They want to start the process by scanning the network for active hosts and open pods Which of the following tools is BEST suited for this job?

  • A. Ping
  • B. Nmap
  • C. Netstal
  • D. ifconfig
  • E. Wireshark
  • F. L0phtCrack

Answer: B

NEW QUESTION 3

An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

  • A. Wireshark
  • B. Qualys
  • C. netstat
  • D. nmap
  • E. ping

Answer: D

NEW QUESTION 4

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)

  • A. 3DES
  • B. AES
  • C. IDEA
  • D. PKCS
  • E. PGP
  • F. SSL/TLS
  • G. TEMPEST

Answer: BDF

NEW QUESTION 5

The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:
CS0-001 dumps exhibit
Which of the following describes the reason why the discovery is failing?

  • A. The scanning tool lacks valid LDAP credentials.
  • B. The scan is returning LDAP error code 52255a.
  • C. The server running LDAP has antivirus deployed.
  • D. The connection to the LDAP server is timing out.
  • E. The LDAP server is configured on the wrong port.

Answer: A

NEW QUESTION 6

During a recent audit, there were a lot of findings similar to and including the following:
CS0-001 dumps exhibit
Which of the following would be the BEST way to remediate these finding and minimize similar findings in the future?

  • A. Use an automated patch management solution
  • B. Remove the affected software programs from the servers
  • C. Run Microsoft Baseline Security Analyzer on all of the servers
  • D. Schedule regular vulnerability scans for all servers on the network

Answer: A

NEW QUESTION 7

A cybersecurity analyst is hired lo review lite security measures implemented within the domain controllers of a company Upon review, me cybersecurity analyst notices a brute force attack can be launched against domain controllers that run on a Windows platform The first remediation step implemented by the cybersecurity analyst Is to make the account passwords more complex Which of the following Is the NEXI remediation step the cybersecurity analyst needs to implement?

  • A. Disable the ability to store a LAN manager hash.
  • B. Deploy a vulnerability scanner tool.
  • C. Install a different antivirus software.
  • D. Perform more frequent port scanning.
  • E. Move administrator accounts to a new security group.

Answer: E

NEW QUESTION 8

You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit
CS0-001 dumps exhibit

NEW QUESTION 9

Which of the following organizations would have to remediate embedded controller vulnerabilities?

  • A. Banking institutions
  • B. Public universities
  • C. Regulatory agencies
  • D. Hydroelectric facilities

Answer: D

NEW QUESTION 10

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A’s conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B’s network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

  • A. ACL
  • B. SIEM
  • C. MAC
  • D. NAC
  • E. SAML

Answer: D

NEW QUESTION 11

A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

  • A. APT
  • B. DDoS
  • C. Zero day
  • D. False positive

Answer: C

NEW QUESTION 12

A security administrator recently deployed a virtual honeynet. The honeynet is not protected by the company’s firewall, while all production networks are protected by a stateful firewall. Which of the following would BESTallow an external penetration tester to determine which one is the honeynet’s network?

  • A. Banner grab
  • B. Packet analyzer
  • C. Fuzzer
  • D. TCP ACK scan

Answer: D

NEW QUESTION 13

A security analyst is assisting with a computer crime investigator and has been asked to secure a PC and deliver it to the forensics lab. Which of the following items would be MOST helpful to secure the PC (Select THREE)

  • A. Tamper-proof seals
  • B. Fataday cage
  • C. Chan of custody form
  • D. Drive eraser
  • E. Write blocks
  • F. Network tap
  • G. Millimeter

Answer: ABC

NEW QUESTION 14

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which of the following scanning topologies is BEST suited for this environment?

  • A. A passive scanning engine located at the core of the network infrastructure
  • B. A combination of cloud-based and server-based scanning engines
  • C. A combination of server-based and agent-based scanning engines
  • D. An active scanning engine installed on the enterprise console

Answer: D

NEW QUESTION 15

A cybersecurity analyst develops a regular expression to find data within traffic that will alarm on a hit.
CS0-001 dumps exhibit
The SIEM alarms on seeing this data in cleartext between the web server and the database server.
CS0-001 dumps exhibit
Which of the following types of data would the analyst MOST likely to be concerned with, and to which type of data classification does it belong?

  • A. Credit card numbers that are PCI
  • B. Social security numbers that are PHI
  • C. Credit card numbers that are PII
  • D. Social security numbers that are PII

Answer: A

NEW QUESTION 16

Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select TWO)

  • A. Root cause analysis of the incident and the impact it had on the organization
  • B. Outline of the detailed reverse engineering steps for management to review
  • C. Performance data from the impacted servers and endpoints to report to management
  • D. Enhancements to the policies and practices that will improve business responses
  • E. List of IP addresses, applications, and assets

Answer: AD

NEW QUESTION 17

A company’s asset management software has been discovering a weekly increase in non-standard software installed on end users’ machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?

  • A. Netstat
  • B. NIDS
  • C. IPS
  • D. HIDS

Answer: A

NEW QUESTION 18

There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.
Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

  • A. Asset inventory of all critical devices
  • B. Vulnerability scanning frequency that does not interrupt workflow
  • C. Daily automated reports of exploited devices
  • D. Scanning of all types of data regardless of sensitivity levels

Answer: B

NEW QUESTION 19

A cybersecurity analyst is completing an organization’s vulnerability report and wants it to reflect assets accurately. Which of the following items should be in the report?

  • A. Processor utilization
  • B. Virtual hosts
  • C. Organizational governance
  • D. Log disposition
  • E. Asset isolation

Answer: B

NEW QUESTION 20

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

  • A. Succession planning
  • B. Separation of duties
  • C. Mandatory vacation
  • D. Personnel training
  • E. Job rotation

Answer: BD

NEW QUESTION 21

AChief Information Security Officer (CISO) wants to standardize the company’s security program so it can be objectively assessed as part of an upcoming audit requested by management.
Which of the following would holistically assist in this effort?

  • A. ITIL
  • B. NIST
  • C. Scrum
  • D. AUP
  • E. Nessus

Answer: B

NEW QUESTION 22

A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.
Which of the following should be used to communicate expectations related to the execution of scans?

  • A. Vulnerability assessment report
  • B. Lessons learned documentation
  • C. SLA
  • D. MOU

Answer: C

NEW QUESTION 23

After implementing and running an automated patching tool, a security administrator ran a vulnerability scan that reported no missing patches found. Which of the following BEST describes why this tool was used?

  • A. To create a chain of evidence to demonstrate when the servers were patched.
  • B. To harden the servers against new attacks.
  • C. To provide validation that the remediation was active.
  • D. To generate log data for unreleased patches.

Answer: B

NEW QUESTION 24

The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

  • A. Peer code reviews
  • B. Regression testing
  • C. User acceptance testing
  • D. Fuzzing
  • E. Static code analysis

Answer: C

NEW QUESTION 25

A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?

  • A. nmap
  • B. tracert
  • C. ping –a
  • D. nslookup

Answer: A

Explanation:
Reference
https://serverfault.com/questions/10590/how-to-get-a-list-of-all-ip-addresses-and-ideally-device-names-on-a-lan

NEW QUESTION 26

Which of the following is MOST effective for correlation analysis by log for threat management?

  • A. PCAP
  • B. SCAP
  • C. IPS
  • D. SIEM

Answer: D

NEW QUESTION 27
......

Recommend!! Get the Full CS0-001 dumps in VCE and PDF From Certifytools, Welcome to Download: https://www.certifytools.com/CS0-001-exam.html (New 363 Q&As Version)