CYSA+ CS0-001 UPDATED ACTUAL Questions and CORRECT Answers
An organization has recently experienced a data breach.
A forensic analysis confirmed the attacker found a legacy
web server that had not been used in over a year and was
not regularly patched. After a
discussion with the security team, management decided
to initiate a program of network reconnaissance and pen-
etration testing. They want
to start the process by scanning the network for active
B. Nmap
hosts and open ports. Which of the following tools is
BEST suited for this job?
A. Ping
B. Nmap
C. Netstat
D. ifconfig
E. Wireshark
F. L0phtCrack
A medical organization recently started accepting pay-
ments over the phone. The manager is concerned
about the impact of the storage of different types of data.
Which of the following types of data incurs the
highest regulatory constraints? B. PCI
A. PHI
B. PCI
C. PII
D. IP
An organization wants to remediate vulnerabilities associ-
ated with its web servers. An initial vulnerability
scan has been performed, and analysts are reviewing the
results. Before starting any remediation, the
analysts want to remove false positives to avoid spending
time on issues that are not actual vulnerabilities. Which of
,the following would
be an indicator of a likely false positive?
A. Reports indicate that findings are informational.
B. Any items labeled `low' are considered informational
B. Any items labeled `low' are considered informational
only.
only.
C. The scan result version is different from the automated
asset inventory.
D. `HTTPS' entries indicate the web page is encrypted
securely.
An insurance company employs quick-response team dri-
vers that carry corporate-issued mobile devices
with the insurance company's app installed on them. De-
vices are configuration-hardened by an MDM and
kept up to date. The employees use the app to collect
insurance claim information and process payments. Re-
cently, a number of customers have filed complaints of
credit card fraud against the insurance company, which
occurred shortly after their payments were processed via B. The app does not employ TLS.
the mobile app. The cyber-incident response team has
been asked to investigate.
Which of the following is MOST likely the cause?
A. The MDM server is misconfigured.
B. The app does not employ TLS.
C. USB tethering is enabled.
D. 3G and less secure cellular technologies are not re-
stricted.
A cybersecurity consultant found common vulnerabilities
across the following services used by multiple servers
at an organization: VPN, SSH, and HTTPS. Which of the
following is the MOST likely reason for the discovered
vulnerabilities?
, A. Leaked PKI private key
B. Vulnerable version of OpenSSL
C. Common initialization vector D. Weak level of encryption entropy
D. Weak level of encryption entropy
E. Vulnerable implementation of PEAP
A recent audit included a vulnerability scan that found
critical patches released 60 days prior were not
applied to servers in the environment. The infrastructure
team was able to isolate the issue and determined it was
due to a service being disabled on the server running the
automated patch management application. Which of the
following would be the MOST eflcient way to avoid similar
audit findings in the future?
A. Implement a manual patch management application D. Set services on the patch management server to auto-
package to regain greater control over the matically run on start-up.
process.
B. Create a patch management policy that requires all
servers to be patched within 30 days of patch
release.
C. Implement service monitoring to validate that tools are
functioning properly.
D. Set services on the patch management server to auto-
matically run on start-up.
Which of the following could be directly impacted by an
unpatched vulnerability in vSphere ESXi?
A. The organization's physical routers
C. The organization's virtual infrastructure
B. The organization's mobile devices
C. The organization's virtual infrastructure
D. The organization's VPN
A security analyst performed a review of an organization's
software development life cycle. The analyst reports that
, the life cycle does not contain in a phase in which team
members evaluate and provide critical feedback on anoth-
er developer's code. Which of the following assessment
techniques is BEST for describing the analyst's report?
D. Peer review
A. Architectural evaluation
B. Waterfall
C. Whitebox testing
D. Peer review
The Chief Security Oflcer (CSO) has requested a vul-
nerability report of systems on the domain, identifying
those running outdated OSs. The automated scan reports
are not displaying OS version details, so the CSO cannot
determine risk exposure levels from vulnerable systems.
Which of the following should the cybersecurity analyst do
A. Execute the ver command
to enumerate OS information as part of the vulnerability
scanning process in the MOST eflcient manner?
A. Execute the ver command
B. Execute the nmap ¸command
C. Use Wireshark to export a list
D. Use credentialed configuration
A security analyst is creating ACLs on a perimeter firewall
that will deny inbound packets that are from
internal addresses, reversed external addresses, and mul-
ticast addresses. Which of the following is the
analyst attempting to prevent? B. Spoofing attacks
A. Broadcast storms
B. Spoofing attacks
C. DDoS attacks
D. Man-in-the-middle attacks
A server contains baseline images that are deployed to
sensitive workstations on a regular basis. The images are
An organization has recently experienced a data breach.
A forensic analysis confirmed the attacker found a legacy
web server that had not been used in over a year and was
not regularly patched. After a
discussion with the security team, management decided
to initiate a program of network reconnaissance and pen-
etration testing. They want
to start the process by scanning the network for active
B. Nmap
hosts and open ports. Which of the following tools is
BEST suited for this job?
A. Ping
B. Nmap
C. Netstat
D. ifconfig
E. Wireshark
F. L0phtCrack
A medical organization recently started accepting pay-
ments over the phone. The manager is concerned
about the impact of the storage of different types of data.
Which of the following types of data incurs the
highest regulatory constraints? B. PCI
A. PHI
B. PCI
C. PII
D. IP
An organization wants to remediate vulnerabilities associ-
ated with its web servers. An initial vulnerability
scan has been performed, and analysts are reviewing the
results. Before starting any remediation, the
analysts want to remove false positives to avoid spending
time on issues that are not actual vulnerabilities. Which of
,the following would
be an indicator of a likely false positive?
A. Reports indicate that findings are informational.
B. Any items labeled `low' are considered informational
B. Any items labeled `low' are considered informational
only.
only.
C. The scan result version is different from the automated
asset inventory.
D. `HTTPS' entries indicate the web page is encrypted
securely.
An insurance company employs quick-response team dri-
vers that carry corporate-issued mobile devices
with the insurance company's app installed on them. De-
vices are configuration-hardened by an MDM and
kept up to date. The employees use the app to collect
insurance claim information and process payments. Re-
cently, a number of customers have filed complaints of
credit card fraud against the insurance company, which
occurred shortly after their payments were processed via B. The app does not employ TLS.
the mobile app. The cyber-incident response team has
been asked to investigate.
Which of the following is MOST likely the cause?
A. The MDM server is misconfigured.
B. The app does not employ TLS.
C. USB tethering is enabled.
D. 3G and less secure cellular technologies are not re-
stricted.
A cybersecurity consultant found common vulnerabilities
across the following services used by multiple servers
at an organization: VPN, SSH, and HTTPS. Which of the
following is the MOST likely reason for the discovered
vulnerabilities?
, A. Leaked PKI private key
B. Vulnerable version of OpenSSL
C. Common initialization vector D. Weak level of encryption entropy
D. Weak level of encryption entropy
E. Vulnerable implementation of PEAP
A recent audit included a vulnerability scan that found
critical patches released 60 days prior were not
applied to servers in the environment. The infrastructure
team was able to isolate the issue and determined it was
due to a service being disabled on the server running the
automated patch management application. Which of the
following would be the MOST eflcient way to avoid similar
audit findings in the future?
A. Implement a manual patch management application D. Set services on the patch management server to auto-
package to regain greater control over the matically run on start-up.
process.
B. Create a patch management policy that requires all
servers to be patched within 30 days of patch
release.
C. Implement service monitoring to validate that tools are
functioning properly.
D. Set services on the patch management server to auto-
matically run on start-up.
Which of the following could be directly impacted by an
unpatched vulnerability in vSphere ESXi?
A. The organization's physical routers
C. The organization's virtual infrastructure
B. The organization's mobile devices
C. The organization's virtual infrastructure
D. The organization's VPN
A security analyst performed a review of an organization's
software development life cycle. The analyst reports that
, the life cycle does not contain in a phase in which team
members evaluate and provide critical feedback on anoth-
er developer's code. Which of the following assessment
techniques is BEST for describing the analyst's report?
D. Peer review
A. Architectural evaluation
B. Waterfall
C. Whitebox testing
D. Peer review
The Chief Security Oflcer (CSO) has requested a vul-
nerability report of systems on the domain, identifying
those running outdated OSs. The automated scan reports
are not displaying OS version details, so the CSO cannot
determine risk exposure levels from vulnerable systems.
Which of the following should the cybersecurity analyst do
A. Execute the ver command
to enumerate OS information as part of the vulnerability
scanning process in the MOST eflcient manner?
A. Execute the ver command
B. Execute the nmap ¸command
C. Use Wireshark to export a list
D. Use credentialed configuration
A security analyst is creating ACLs on a perimeter firewall
that will deny inbound packets that are from
internal addresses, reversed external addresses, and mul-
ticast addresses. Which of the following is the
analyst attempting to prevent? B. Spoofing attacks
A. Broadcast storms
B. Spoofing attacks
C. DDoS attacks
D. Man-in-the-middle attacks
A server contains baseline images that are deployed to
sensitive workstations on a regular basis. The images are
