comptia cs0-001 practice test

CompTIA CSA+ Certification Exam


Question 1

Which of the following principles describes how a security analyst should communicate during an incident?

  • A. The communication should be limited to trusted parties only.
  • B. The communication should be limited to security staff only.
  • C. The communication should come from law enforcement.
  • D. The communication should be limited to management only.
Answer:

A

Discussions

Question 2

Which of the following has the GREATEST impact to the data retention policies of an organization?

  • A. The CIA classification matrix assigned to each piece of data
  • B. The level of sensitivity of the data established by the data owner
  • C. The regulatory requirements concerning the data set
  • D. The technical constraints of the technology used to store the data
Answer:

D

Discussions

Question 3

A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has
identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be
implemented to prevent this incident from reoccurring?

  • A. Personnel training
  • B. Separation of duties
  • C. Mandatory vacation
  • D. Backup server
Answer:

D

Discussions

Question 4

A SIEM alert occurs with the following output:

Which of the following BEST describes this alert?

  • A. The alert is a false positive; there is a device with dual NICs
  • B. The alert is valid because IP spoofing may be occurring on the network
  • C. The alert is a false positive; both NICs are of the same brand
  • D. The alert is valid because there may be a rogue device on the network
Answer:

B

Discussions

Question 5

An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web
server that had not been used in over a year and was not regularly patched. After a discussion with the security team,
management decided to initiate a program of network reconnaissance and penetration testing. They want to start the
process by scanning the network for active hosts and open ports. Which of the following tools is BEST suited for this job?

  • A. Ping
  • B. Nmap
  • C. Netstat
  • D. ifconfig
  • E. Wireshark
  • F. L0phtCrack
Answer:

B

Discussions

Question 6

A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst
logs into the web server using SSH to send the request locally. The report provides a link to
https://hrserver.internal/../../etc/passwd, and the server IP address is 10.10.10.15.
However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown
below.

Which of the following would explain this problem? (Choose two.)

  • A. The web server uses SNI to check for a domain name
  • B. Requests can only be sent remotely to the web server
  • C. The password file is write protected
  • D. The web service has not started
  • E. There is no local name resolution for hrserver internal.
Answer:

A

Discussions

Question 7

An organization has two environments: development and production. Development is where applications are developed with
unit testing. The development environment has many configuration differences from the production environment. All
applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any
application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production
applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability
management process?

  • A. Create a third environment between development and production that mirrors production and tests all changes before deployment to the users
  • B. Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production
  • C. Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment
  • D. Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities
Answer:

A

Discussions

Question 8

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to
identify the content of the traffic?

  • A. Log review
  • B. Service discovery
  • C. Packet capture
  • D. DNS harvesting
Answer:

C

Discussions

Question 9

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure
functions. Which of the following technologies meet the compatibility requirement? (Choose three.)

  • A. 3DES
  • B. AES
  • C. IDEA
  • D. PKCS
  • E. PGP
  • F. SSL/TLS
  • G. TEMPEST
Answer:

B D F

Discussions

Question 10

The security team for a large, international organization is developing a vulnerability management program. The
development staff has expressed concern that the new program will cause service interruptions and downtime as
vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to
address this concern?

  • A. Automated patch management
  • B. Change control procedures
  • C. Security regression testing
  • D. Isolation of vulnerable servers
Answer:

C

Discussions
To page 2