CompTIA CSA+ Certification Exam v7.0 (CS0-001)

Page:    1 / 5   
Total 75 questions

After completing a vulnerability scan, the following output was noted:


Which of the following vulnerabilities has been identified?

  • A. PKI transfer vulnerability.
  • B. Active Directory encryption vulnerability.
  • C. Web application cryptography vulnerability.
  • D. VPN tunnel vulnerability.


Answer : A

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

  • A. The analyst is not using the standard approved browser.
  • B. The analyst accidently clicked a link related to the indicator.
  • C. The analyst has prefetch enabled on the browser in use.
  • D. The alert in unrelated to the analyst’s search.


Answer : C

An analyst has initiated an assessment of an organizations security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

  • A. Fingerprinting
  • B. DNS query log reviews
  • C. Banner grabbing
  • D. Internet searches
  • E. Intranet portal reviews
  • F. Sourcing social network sites
  • G. Technical control audits


Answer : A,F

A cybersecurity analyst is completing an organizations vulnerability report and wants it to reflect assets accurately. Which of the following items should be in the report?

  • A. Processor utilization
  • B. Virtual hosts
  • C. Organizational governance
  • D. Log disposition
  • E. Asset isolation


Answer : B

A security analyst is reviewing IDS logs and notices the following entry:


Which of the following attacks is occurring?

  • A. Cross-site scripting
  • B. Header manipulation
  • C. SQL injection
  • D. XML injection


Answer : C

After running a packet analyzer on the network, a security analyst has noticed the following output:


Which of the following is occurring?

  • A. A ping sweep
  • B. A port scan
  • C. A network map
  • D. A service discovery


Answer : B

A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:


Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

  • A. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
  • B. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
  • C. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
  • D. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.


Answer : A

A cybersecurity analyst has received the laptop of a user who recently left the company.
The analyst types history into the prompt, and sees this line of code in the latest bash history:


This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?

  • A. Performed a ping sweep of the Class C network.
  • B. Performed a half open SYB scan on the network.
  • C. Sent 255 ping packets to each host on the network.
  • D. Sequentially sent an ICMP echo reply to the Class C network.


Answer : A

Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Select two.)

  • A. Patching
  • B. NIDS
  • C. Segmentation
  • D. Disabling unused services
  • E. Firewalling


Answer : C,D

External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?

  • A. Stress testing
  • B. Regression testing
  • C. Input validation
  • D. Fuzzing


Answer : A

A cybersecurity analyst is currently investigating a server outage. The analyst has discovered the following value was entered for the username: 0xbfff601a. Which of the following attacks may be occurring?

  • A. Buffer overflow attack
  • B. Man-in-the-middle attack
  • C. Smurf attack
  • D. Format string attack
  • E. Denial of service attack


Answer : D

A security analyst suspects that a workstation may be beaconing to a command and control server. You must inspect the logs from the companys web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.




Answer :

Explanation:
DENY TCP 192.168.1.5 7999 67.8.9.224 8080

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, and procedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?

  • A. Conduct a risk assessment.
  • B. Develop a data retention policy.
  • C. Execute vulnerability scanning.
  • D. Identify assets.


Answer : D

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

  • A. Zero-day attack
  • B. Known malware attack
  • C. Session hijack
  • D. Cookie stealing


Answer : A

A cybersecurity analyst has several SIEM event logs to review for possible APT activity.
The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?

  • A. Use the IP addresses to search through the event logs.
  • B. Analyze the trends of the events while manually reviewing to see if any of the indicators match.
  • C. Create an advanced query that includes all of the indicators, and review any of the matches.
  • D. Scan for vulnerabilities with exploits known to have been used by an APT.


Answer : B

Page:    1 / 5   
Total 75 questions