comptia cs0-001 online test
CompTIA CSA+ Certification Exam
What students need to know about the cs0-001 exam
- Total 422 Questions & Answers
Question 1
Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As
conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company Bs network. The
security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from
available ports only, while Company A employees can gain access to the Company A internal network from those same
ports. Which of the following can be employed to allow this?
- A. ACL
- B. SIEM
- C. MAC
- D. NAC
- E. SAML
Answer:
D
Question 2
File integrity monitoring states the following files have been changed without a written request or approved change. The
following change has been made:
chmod 777 Rv /usr
Which of the following may be occurring?
- A. The ownership pf /usr has been changed to the current user.
- B. Administrative functions have been locked from users.
- C. Administrative commands have been made world readable/writable.
- D. The ownership of/usr has been changed to the root user.
Answer:
C
Question 3
A company has a popular shopping cart website hosted geographically diverse locations. The company has started hosting
static content on a content delivery network (CDN) to improve performance. The CDN provider has reported the company is
occasionally sending attack traffic to other CDN-hosted targets.
Which of the following has MOST likely occurred?
- A. The CDN provider has mistakenly performed a GeoIP mapping to the company.
- B. The CDN provider has misclassified the network traffic as hostile.
- C. A vulnerability scan has tuned to exclude web assets hosted by the CDN.
- D. The company has been breached, and customer PII is being exfiltrated to the CDN.
Answer:
D
Question 4
During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of
human resources has been logging in from multiple external locations, including several overseas. Further review of the
account showed access rights to a number of corporate applications, including a sensitive accounting application used for
employee bonuses. Which of the following security methods could be used to mitigate this risk?
- A. RADIUS identity management
- B. Context-based authentication
- C. Privilege escalation restrictions
- D. Elimination of self-service password resets
Answer:
B
Question 5
Given a packet capture of the following scan:
Which of the following should MOST likely be inferred on the scans output?
- A. 192.168.1.115 is hosting a web server.
- B. 192.168.1.55 is hosting a web server.
- C. 192.168.1.55 is a Linux server.
- D. 192.168.1.55 is a file server.
Answer:
D
Question 6
During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the
legitimacy of the team.
Which of the following information should be shown to the officer?
- A. Letter of engagement
- B. Scope of work
- C. Timing information
- D. Team reporting
Answer:
A
Question 7
A company office was broken into over the weekend. The office manager contacts the IT security group to provide details on
which servers were stolen. The security analyst determines one of the stolen servers contained a list of customer PII
information, and another server contained a copy of the credit card transactions processed on the Friday before the break-in.
In addition to potential security implications of information that could be gleaned from those servers and the
rebuilding/restoring of the data on the stolen systems, the analyst needs to determine any communication or notification
requirements with respect to the incident. Which of the following items is MOST important when determining what
information needs to be provided, who should be contacted, and when the communication needs to occur.
- A. Total number of records stolen
- B. Government and industry regulations
- C. Impact on the reputation of the company’s name/brand
- D. Monetary value of data stolen
Answer:
B
Question 8
A user received an invalid password response when trying to change the password. Which of the following policies could
explain why the password is invalid?
- A. Access control policy
- B. Account management policy
- C. Password policy
- D. Data ownership policy
Answer:
C
Question 9
A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several
days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this
process occurred using a service account with proper credentials. The security analyst investigated the destination IP for this
transfer and discovered that this new process is not documented in the change management log. Which of the following
would be the BEST course of action for the analyst to take?
- A. Investigate a potential incident.
- B. Verify user permissions.
- C. Run a vulnerability scan.
- D. Verify SLA with cloud provider.
Answer:
A
Question 10
A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is
convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor
experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with
their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?
- A. Invest in and implement a solution to ensure non-repudiation
- B. Force a daily password change
- C. Send an email asking users not to share their credentials
- D. Run a report on all users sharing their credentials and alert their managers of further actions
Answer:
C