CS0-001 | 100% Guarantee CS0-001 Dumps Questions 2019
Exam Code: CS0-001 (CS0-001 Dumps), Exam Name: CompTIA CSA+ Certification Exam, Certification Provider: CompTIA Certifitcation, Free Today! Guaranteed Training- Pass CS0-001 Exam.
Check CS0-001 free dumps before getting the full version:
NEW QUESTION 1
Review the following results:
Which of the following has occurred?
- A. This is normal network traffic.
- B. 18.104.22.168 is infected with a Trojan.
- C. 172.29.0.109 is infected with a worm.
- D. 172.29.0.109 is infected with a Trojan.
NEW QUESTION 2
A security analyst is conducting traffic analysis and observes an HTTP POST to a web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?
- A. Exfiltration
- B. DoS
- C. Buffer overflow
- D. SQL injection
NEW QUESTION 3
A malicious user is reviewing the following output: root:~#ping 192.168.1.137
64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms 64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms root: ~#
Based on the above output, which of the following is the device between the malicious user and the target?
- A. Proxy
- B. Access point
- C. Switch
- D. Hub
NEW QUESTION 4
Organizational policies require vulnerability remediation on severity 7 or greater within one week. Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:
The organization has three Apache web servers:
The results of a recent vulnerability scan are shown below:
The team performs some investigation and finds a statement from Apache:
Which of the following actions should the security team perform?
- A. Ignore the false positive on 192 166 1.22
- B. Remediate 192 168. 1. 20 within 30 days.
- C. Remediate 192 168 1 22 Within 30 days
- D. investigate the false negative on 192.168.1.20
NEW QUESTION 5
A company’s asset management software has been discovering a weekly increase in non-standard software installed on end users’ machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?
- A. Netstat
- B. NIDS
- C. IPS
- D. HIDS
NEW QUESTION 6
A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types ‘history’ into the prompt, and sees this line of code in the latest bash history:
This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?
- A. Performed a ping sweep of the Class C network.
- B. Performed a half open SYB scan on the network.
- C. Sent 255 ping packets to each host on the network.
- D. Sequentially sent an ICMP echo reply to the Class C network.
NEW QUESTION 7
A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization’s internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure.
The scope of activity as described in the statement of work is an example of:
- A. session hijacking
- B. vulnerability scanning
- C. social engineering
- D. penetration testing
- E. friendly DoS
NEW QUESTION 8
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:
Which of the following mitigation techniques is MOST effective against the above attack?
- A. The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.
- B. The company should implement a network-based sinkhole to drop all traffic coming from 192.168.1.1 at their gateway router.
- C. The company should implement the following ACL at their gateway firewall:DENY IP HOST 192.168.1.1 22.214.171.124/24.
- D. The company should enable the DoS resource starvation protection feature of the gateway NIPS.
Explanation: Topic 3, Exam Set C
NEW QUESTION 9
A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company’s asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?
- A. A manual log review from data sent to syslog
- B. An OS fingerprinting scan across all hosts
- C. A packet capture of data traversing the server network
- D. A service discovery scan on the network
NEW QUESTION 10
A security analyst is reviewing the following log after enabling key-based authentication.
Given the above information, which of the following steps should be performed NEXT to secure the system?
- A. Disable anonymous SSH logins.
- B. Disable password authentication for SSH.
- C. Disable SSHv1.
- D. Disable remote root SSH logins.
NEW QUESTION 11
A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website?
- A. VPN
- B. Honeypot
- C. Whitelisting
- D. DMZ
- E. MAC filtering
NEW QUESTION 12
An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?
- A. MAC
- B. TAP
- C. NAC
- D. ACL
NEW QUESTION 13
Which of the following commands would a security analyst use to make a copy of an image for forensics use?
- A. dd
- B. wget
- C. touch
- D. rm
NEW QUESTION 14
A cybersecurity analyst is reviewing the following outputs:
Which of the following can the analyst infer from the above output?
- A. The remote host is redirecting port 80 to port 8080.
- B. The remote host is running a service on port 8080.
- C. The remote host’s firewall is dropping packets for port 80.
- D. The remote host is running a web server on port 80.
NEW QUESTION 15
A nuclear facility manager (determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrality 'be business and ICS networks The solution leqmies a very small agent lo be installed on the 1CS equipment Which of the following is the MOST important security control for the manager to invest in to protect the facility?
- A. Run a penetration lest on the installed agent.
- B. Require that the solution provider make the agent source code available for analysis.
- C. Require thorough guides for administrator and users
- D. Install the agent tor a week on a test system and monitor the activities
NEW QUESTION 16
A company has established an ongoing vulnerability management program and procured the latest technology to support it. However, the program is failing because several vulnerabilities have not been detected. Which of the following will reduce the number of false negatives?
- A. Increase scan frequency.
- B. Perform credentialed scans.
- C. Update the security incident response plan.
- D. Reconfigure scanner to brute force mechanisms.
Thanks for reading the newest CS0-001 exam dumps! We recommend you to try the PREMIUM Surepassexam CS0-001 dumps in VCE and PDF here: https://www.surepassexam.com/CS0-001-exam-dumps.html (242 Q&As Dumps)