CompTIA CS0-001 Preparation Labs 2020

We provide real CS0-001 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CS0-001 Exam quickly & easily. The CS0-001 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CS0-001 dumps pdf and vce product and material, you can easily pass the CS0-001 exam.

Online CompTIA CS0-001 free dumps demo Below:


An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?

  • A. Packet of death
  • B. Zero-day malware
  • C. PII exfiltration
  • D. Known virus

Answer: B


An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:
CS0-001 dumps exhibit
Which of the following commands would have generated the output above?

  • A. –nmap –sV –p 80
  • B. –nmap –sP –p ALL
  • C. –nmap –sV –p 80
  • D. –nmap –sP –p ALL

Answer: A


The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:
CS0-001 dumps exhibit
Which of the following describes the reason why the discovery is failing?

  • A. The scanning tool lacks valid LDAP credentials.
  • B. The scan is returning LDAP error code 52255a.
  • C. The server running LDAP has antivirus deployed.
  • D. The connection to the LDAP server is timing out.
  • E. The LDAP server is configured on the wrong port.

Answer: A


The Chief Information Security Officer (CISO) asks a security analyst to write a new SIEM search rule to determine if any credit card numbers are being written to log files. The CISO and security analyst suspect the following log snippet contains real customer card data.
CS0-001 dumps exhibit
Which of the following expression would find potential credit card number in a format that matches the log snippet?

  • A. ˆ[0-9] (16) $
  • B. (0-9) × 16
  • C. " 1234-5678"
  • D. "04*"

Answer: A


A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.
Which of the following should be used to communicate expectations related to the execution of scans?

  • A. Vulnerability assessment report
  • B. Lessons learned documentation
  • C. SLA
  • D. MOU

Answer: C


An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?

  • A. Netflow analysis
  • B. Behavioral analysis
  • C. Vulnerability analysis
  • D. Risk analysis

Answer: A


A security analyst has determined the security team should take action based on the following log:
CS0-001 dumps exhibit
Which of the following should be used to improve the security posture of the system?

  • A. Enable login account auditing.
  • B. Limit the number of unsuccessful login attempts
  • C. Upgrade the firewalls
  • D. Increase password complexity requirements

Answer: B


An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server’s BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

  • A. Anti-malware application
  • B. Host-based IDS
  • C. TPM data sealing
  • D. File integrity monitoring

Answer: C


Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations alter returning to work awl logging in. The building security team informs the IT security team that the cleaning stall was caught using the systems after the accounting department users left for the day Which of the following steps should the IT security team take to help prevent this from happening again? (Select TWO)

  • A. Install a web monitors application to track Internet usage after hours
  • B. Configure a policy for workstation account timeout at three minutes
  • C. Configure NAC lo set time-based restrictions on the accounting group to normal business hours
  • D. Configure mandatory access controls to allow only accounting department users lo access the workstations
  • E. Set up a camera to monitor the workstations for unauthorized use

Answer: BC


A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement?

  • A. Self-service password reset
  • B. Single sign-on
  • C. Context-based authentication
  • D. Password complexity

Answer: C


A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents should include these details?

  • A. Acceptable use policy
  • B. Service level agreement
  • C. Rules of engagement
  • D. Memorandum of understanding
  • E. Master service agreement

Answer: C


A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

  • A. jailbreaking.
  • B. cracking.
  • C. hashing.
  • D. fuzzing.

Answer: A


Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization’s application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?

  • A. Newly discovered PII on a server
  • B. A vendor releases a critical patch update
  • C. A critical bug fix in the organization’s application
  • D. False positives identified in production

Answer: B


A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike Which of the
following describes what may be occurring?

  • A. Someone has logged on to the sinkhole and is using the device
  • B. The sinkhole has begun blocking suspect or malicious traffic
  • C. The sinkhole has begun rerouting unauthorized traffic
  • D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

Answer: C


A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Which of the following will reduce the number of false negatives?

  • A. Increase scan frequency.
  • B. Perform credentialed scans.
  • C. Update the security incident response plan.
  • D. Reconfigure scanner to brute force mechanisms.

Answer: B


Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.
The access records are used to identify which staff members accessed the data center in the event of equipment theft.
Which of the following MUST be prevented in order for this policy to be effective?

  • A. Password reuse
  • B. Phishing
  • C. Social engineering
  • D. Tailgating

Answer: D


A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

  • A. The security analyst should recommend this device be place behind a WAF.
  • B. The security analyst should recommend an IDS be placed on the network segment.
  • C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
  • D. The security analyst should recommend this device be included in regular vulnerability scans.

Answer: A


A red actor observes it is common practice to allow to cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Select TWO).

  • A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at 3 times as a keyboard to launch the attack (a prerecorded series of
  • B. A USU attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
  • C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
  • D. A Bluetooth peering attack called "Snarling" that allows Bluetooth connections on blocked device types if physically connected to a USB port
  • E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking

Answer: CD


A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types ‘history’ into the prompt, and sees this line of code in the latest bash history:
CS0-001 dumps exhibit
This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?

  • A. Performed a ping sweep of the Class C network.
  • B. Performed a half open SYB scan on the network.
  • C. Sent 255 ping packets to each host on the network.
  • D. Sequentially sent an ICMP echo reply to the Class C network.

Answer: A


A cybersecurity analyst is reviewing the following outputs:
CS0-001 dumps exhibit
Which of the following can the analyst infer from the above output?

  • A. The remote host is redirecting port 80 to port 8080.
  • B. The remote host is running a service on port 8080.
  • C. The remote host’s firewall is dropping packets for port 80.
  • D. The remote host is running a web server on port 80.

Answer: B


A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value?

  • A. Access control list network segmentation that prevents access to the SCADA devices inside the network.
  • B. Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices.
  • C. Implementation of a VLAN that allows all devices on the network to see all SCADA devices on the network.
  • D. SCADA systems configured with ‘SCADA SUPPORT’=ENABLE

Answer: B


The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which
to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

  • A. OSSIM
  • B. SDLC
  • C. SANS
  • D. ISO

Answer: D


A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?

  • A. Sponsored guest passwords must be at least ten characters in length and contain a symbol.
  • B. The corporate network should have a wireless infrastructure that uses open authentication standards.
  • C. Guests using the wireless network should provide valid identification when registering their wireless devices.
  • D. The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.

Answer: C


A Linux-based file encryption malware was recently discovered in the wild. Prior to running the malware on a preconfigured sandbox to analyze its behavior, a security professional executes the following command:
umount –a –t cifs,nfs
Which of the following is the main reason for executing the above command?

  • A. To ensure the malware is memory bound.
  • B. To limit the malware’s reach to the local host.
  • C. To back up critical files across the network
  • D. To test if the malware affects remote systems

Answer: B


A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company’s sensitive financial management application by default. Which of the following is the BEST course of action?

  • A. Follow the incident response plan for the introduction of new accounts
  • B. Disable the user accounts
  • C. Remove the accounts’ access privileges to the sensitive application
  • D. Monitor the outbound traffic from the application for signs of data exfiltration
  • E. Confirm the accounts are valid and ensure role-based permissions are appropriate

Answer: E


Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?

  • A. Mobile devices
  • B. All endpoints
  • C. VPNs
  • D. Network infrastructure
  • E. Wired SCADA devices

Answer: A



Following a data compromise, a cybersecurity analyst noticed the following executed query: SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

  • A. Cookie encryption
  • B. XSS attack
  • C. Parameter validation
  • D. Character blacklist
  • E. Malicious code execution
  • F. SQL injection

Answer: CF



Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A’s conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B’s network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

  • A. ACL
  • B. SIEM
  • C. MAC
  • D. NAC
  • E. SAML

Answer: D


Recommend!! Get the Full CS0-001 dumps in VCE and PDF From DumpSolutions, Welcome to Download: (New 363 Q&As Version)