Home > CompTIA Security+ Certification > Quizzes > CompTIA Cybersecurity Analyst Plus CySA+ CS0-001 Questions
CompTIA Cybersecurity Analyst Plus CySA+ CS0-001 Questions
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 40% Most missed: “An organization has recently recovered from an incident where a managed switch h…”
The exam objectives for the CompTIA CySA+ certification exam includes threat management, cyber incident response, vulnerability, and security architecture and tool sets.. The CompTIA CySA+ exam is meant to be combined with PenTest+ to bridge the gap between the CompTIA Security+ exam, which is more generalized and a step-down, and the CompTIA Advanced Security Practitioner (CASP+), which is the highest-level certification that CompTIA offers within the Cybersecurity pathway.  The CompTIA CySA+ is more affordable, in-depth and hands-on than the CEH. The CEH, however, is more well-known and... Show more
CompTIA Cybersecurity Analyst Plus CySA+ CS0-001 Questions
Time left 00:00
25 Questions

1. Which of the following is a technology used to provide Internet access to internal associates without exposing the Internet directly to the associates?
2. The primary difference in concern between remediating identified vulnerabilities found in general-purpose IT network servers and that of SCADA systems is that:
3. A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a
small number of IP addresses.
Which of the following would be the BEST action to take to support incident response?
4. An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on the system:
lsass.exe
csrss.exe
wordpad.exe
notepad.exe
Which of the following tools should the analyst utilize to determine the rogue process?
5. A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the information processed by the system
with respect to CIA. Which of the following should provide the CIA classification for the information?
6. An organization is performing vendor selection activities for penetration testing, and a security analyst is reviewing the MOA and rules of engagement, which were supplied with proposals. Which of the following should the analyst expect will be included in the documents and why?
7. During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?
8. An analyst is detecting Linux machines on a Windows network. Which of the following tools should be used to detect a computer operating system?
9. A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kit with tools to support
chip-off analysis. Which of the following tools would BEST meet this requirement?
10. Joe, a user, is unable to launch an application on his laptop, which he typically uses on a daily basis. Joe informs a security analyst of the issue. After an online database comparison, the security analyst checks the SIEM and notices alerts indicating certain .txt and .dll files are blocked. Which of the following tools would generate these logs?
11. An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security
team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the
BEST logical control to address the failure?
12. A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?
13. A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?
14. A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to
switch the port to 636 wherever technically possible. Which of the following is the BEST response?
15. Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization's workstation devices?
16. Which of the following utilities could be used to resolve an IP address to a domain name, assuming the address has a PTR record?
17. A cybersecurity analyst is currently investigating a server outage. The analyst has discovered the following value was entered for the username: 0xbfff601a. Which of the following
attacks may be occurring?
18. A cyber-incident response team is responding to a network intrusion incident on a hospital network. Which of the following must the team prepare to allow the data to be used in court as evidence?
19. Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation?
20. An alert is issued from the SIEM that indicates a large number of failed logins for the same account name on one of the application servers starting at 10:20 a.m. No other significant failed login activity is detected. Using Splunk to search for activity pertaining to that account name, a security analyst finds the account has been authenticating successfully for some time and started to fail this morning. The account is attempting to authenticate from an internal server that is running a database to an application server. No other security activity is detected on the network. The analyst discovers the account owner is a developer who no longer works for the company. Which of the following is the MOST likely reason for the failed login attempts for that account?
21. There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.
Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?
22. A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted a tools and skill sets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?
23. During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the
system?
24. A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?
25. During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate: