CompTIA Cybersecurity Analyst (CySA+) Certification Exam (CS0-001) Free Practice Test

Question 1

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

A. Behavior modeling

B. Planning phase

C. Fuzzing

D. Static code analysis

E. Requirements phase

F. Prototyping phase

Correct Answer: C,F

Question 2

Which of the following is a technology used to provide Internet access to internal associates without exposing the Internet directly to the associates?

A. Fuzzer

B. Intrusion prevention system

C. Web proxy

D. Vulnerability scanner

Correct Answer: C

Question 3

An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host 192.168.1.13 is shown below:

Which of the following statements is true?

A. Running SSH on the Telnet port will now be sent across an unencrypted port.

B. Running SSH on port 23 provides little additional security from running it on the standard port.

C. The use of OpenSSH on its default secure port will supersede any other remote connection attempts.

D. Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability

E. Remote SSH connections will automatically default to the standard SSH port.

Correct Answer: B

Question 4

Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client's company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

A. Email harvesting and host scanning

B. Social media profiling and phishing

C. Network and host scanning

D. Enumeration and OS fingerprinting

Correct Answer: B

Question 5

Given a packet capture of the following scan:

Which of the following should MOST likely be inferred on the scan's output?

A. 192.168.1.115 is hosting a web server.

B. 192.168.1.55 is hosting a web server.

C. 192.168.1.55 is a Linux server.

D. 192.168.1.55 is a file server.

Correct Answer: D

Question 6

A security analyst Is trying to capture network traffic In a web server that is suspected of using the DNS service for exfiltrating Information out of the network. The server usually transfers several gigabytes of data per day. and the analyst wants the size of the capture to be as reduced as possible. Which of the following commands should the analyst use to achieve such goals?

A. tcpdump port 53 -i eth0 -w evidencel.pcap

B. tcpdump -i echo -w evidencel.pcap

C. tcpdump tcp port 53 -i eth0 -w evidencel.pcap

D. tcpdump udp port 53 -i eth0 -w evidencel.pcap

Correct Answer: A

Question 7

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

A. Cookie stealing

B. Session hijack

C. Known malware attack

D. Zero-day attack

Correct Answer: D

Question 8

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.
During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.
Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

A. Spoofing

B. Transitive access

C. Replay

D. Man-in-the-middle

Correct Answer: D

Question 9

A cyber-incident response team is responding to a network intrusion incident on a hospital network. Which of the following must the team prepare to allow the data to be used in court as evidence?

A. Computer forensics form

B. HIPAA response form

C. Incident form

D. Chain of custody form

Correct Answer: D

Question 10

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as "root" and browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following security architecture areas should the administrator recommend review and modification? (Select TWO).

A. Encryption

B. Password complexity

C. Acceptable use policies

D. Network isolation and separation

E. Log aggregation and analysis

F. Software assurance

Correct Answer: C,E

Question 11

The development team currently consists of three developers who each specialize in a specific programming language:
Developer 1 - C++/C#
Developer 2 - Python
Developer 3 - Assembly
Which of the following SDLC best practices would be challenging to implement with the current available staff?

A. Stress testing

B. Fuzzing

C. Peer review

D. Regression testing

Correct Answer: C

Welcome to TestSimulate

CompTIA Cybersecurity Analyst (CySA+) Certification (CS0-001) Free Practice Test