Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CySA+
  4. CS0-001 - CompTIA CySA+ Certification Exam
Note! Following CS0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CS0-002

CS0-001 Exam Dumps - CompTIA CySA+ Certification Exam

Go to page:
Question # 25

During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the legitimacy of the team.

Which of the following information should be shown to the officer?

A.

Letter of engagement

B.

Scope of work

C.

Timing information

D.

Team reporting

Full Access
Question # 26

A logistics company’s vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:

  • SQL injection on an infrequently used web server that provides files to vendors
  • SSL/TLS not used for a website that contains promotional information

The scan also shows the following vulnerabilities on internal resources:

  • Microsoft Office Remote Code Execution on test server for a human resources system
  • TLS downgrade vulnerability on a server in a development network

In order of risk, which of the following should be patched FIRST?

A.

Microsoft Office Remote Code Execution

B.

SQL injection

C.

SSL/TLS not used

D.

TLS downgrade

Full Access
Question # 27

An organization wants to perform network scans to Identify active hosts and vulnerabilities. Management places the highest priority on scans that mimic how an attack would progress. Iftime and resources allow, subsequent scans can be performed using different techniques and methods. Which of the following scan types and sequences would BEST suit the organization's requirements?

A.

Norvcredentialed scans followed by credentialed scans

B.

Credentialed scans followed by compliance scans

C.

Compliance scans followed by credentialed scans

D.

Compliance scans followed by non-credentialed scans

Full Access
Question # 28

The following IDS log was discovered by a company’s cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

A.

SQL injection attack

B.

Cross-site scripting attack

C.

Buffer overflow attack

D.

Online password crack attack

Full Access
Question # 29

Which of the following tools should an analyst use to scan for web server vulnerabilities?

A.

Wireshark

B.

Quslys

C.

ArcSight

D.

SolarWinds

Full Access
Question # 30

A security analyst has been asked to scan a subnet. During the scan, the following output was generated:

Based on the output above, which of the following is MOST likely?

A.

192.168.100.214 is a secure FTP server

B.

192.168.100.214 is a web server

C.

Both hosts are mail servers

D.

192.168.100.145 is a DNS server

Full Access
Question # 31

Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

A.

Reverse engineering

B.

Fuzzing

C.

Penetration testing

D.

Network mapping

Full Access
Question # 32

In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed?

A.

Attempt to identify all false positives and exceptions, and then resolve all remaining items.

B.

Hold off on additional scanning until the current list of vulnerabilities have been resolved.

C.

Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.

D.

Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps