• Home
  • Articles
  • Latest CS0-001 Study Guides 2024 - With Test Engine PDF [Q148-Q166]

Latest CS0-001 Study Guides 2024 - With Test Engine PDF [Q148-Q166]

Share

Latest CS0-001 Study Guides 2024 - With Test Engine PDF

Get New CS0-001 Practice Test Questions Answers

NEW QUESTION # 148
During winch of the lo.low.ng NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?

  • A. Implement
  • B. Assess
  • C. Select
  • D. Categorize

Answer: C


NEW QUESTION # 149
A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

  • A. The remote host's firewall is dropping packets for port 80.
  • B. The remote host is redirecting port 80 to port 8080.
  • C. The remote host is running a service on port 8080.
  • D. The remote host is running a web server on port 80.

Answer: C


NEW QUESTION # 150
A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity
analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The
analyst notices the website is receiving millions of requests, causing the service to become unavailable.
Which of the following can be implemented to maintain the availability of the website?

  • A. Whitelisting
  • B. MAC filtering
  • C. VPN
  • D. DMZ
  • E. Honeypot

Answer: A

Explanation:
Explanation/Reference:
Explanation:


NEW QUESTION # 151
A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?

  • A. Detect and analyze the precursors and indicators; schedule a lessons learned meeting.
  • B. Remove the malware and inappropriate materials; eradicate the incident.
  • C. Perform event correlation; create a log retention policy.
  • D. Wipe hard drives, reimage the systems, and return the affected systems to ready state.

Answer: B


NEW QUESTION # 152
A company Installs ICS devices to manage the building's lighting controls. The network administrator places the controllers on a VLAN segment of the company's network After a month, senior management reports someone has been modifying the lights on the building floors after hours to spell words on the building. The security administrator Is tasked with resolving the Issue Immediately and stopping access to the ICS devices. Which of the following Is the BEST method to quickly secure the devices for controlling the lights at minimum cost to the company?

  • A. Add a different privileged account on the ICS devices.
  • B. Create a group policy to blacklist the ICS web applications on company devices.
  • C. Change the default password on the ICS devices to restrict user access.
  • D. Configure a network for separating the devices from the business network.

Answer: C


NEW QUESTION # 153
A security administrator must prioritize the latest vulnerability scan results for remediation. According to the common vulnerability scoring system, which of the following vulnerability scores Is considered to have a HIGH severity?

  • A. 0
  • B. 6.7
  • C. 7.9
  • D. 5.4

Answer: D


NEW QUESTION # 154
After running a packet analyzer on the network, a security analyst has noticed the following output:

Which of the following is occurring?

  • A. A port scan
  • B. A service discovery
  • C. A network map
  • D. A ping sweep

Answer: A

Explanation:
Explanation/Reference:
Explanation:


NEW QUESTION # 155
A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

  • A. Connecting to the host using a null session allows enumeration of share names.
  • B. There is an unknown bug in a Lotus server with no Bugtraq ID.
  • C. Trend Micro has a known exploit that must be resolved or patched.
  • D. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

Answer: A


NEW QUESTION # 156
CORRECT TEXT
The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS. If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean. If the vulnerability is valid, the analyst must remediate the finding. After reviewing the given information, select the STEP 2 tab in order to complete the simulation by selecting the correct "Validation Result" AND "Remediation Action" for each server listed using the drop down options.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.





Answer:

Explanation:
see solution below
WEB_SERVER01: VALID - IMPLEMENT SSL/TLS
WEB_SERVER02: VALID - SET SECURE ATTRIBUTE WHEN COOKIE SHOULD SENT
VIA HTTPS ONLY
WEB_SERVER03: VALID - IMPLEMENT CA SIGNED CERTIFICATE


NEW QUESTION # 157
A security analyst's company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

  • A. The implementation should have used AES instead of 3DES.
  • B. The IPSec implementation has significantly increased the amount of bandwidth needed.
  • C. The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.
  • D. RFC 3162 is known to cause significant performance problems.

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 158
A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the
authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever
technically possible. Which of the following is the BEST response?

  • A. Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and
    636 are identical.
  • B. Change all devices and servers that support it to 636, as 389 is a reserved port that requires root
    access and can expose the server to privilege escalation attacks.
  • C. Change all devices and servers that support it to 636, as encrypted services run by default on 636.
  • D. Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on
    each of the servers to match port 636.

Answer: C

Explanation:
Explanation/Reference:
Explanation:


NEW QUESTION # 159
A company discovers an unauthorized device accessing network resources through one of many network
drops in a common area used by visitors.
The company decides that it wants to quickly prevent unauthorized devices from accessing the network
but policy prevents the company from making changes on every connecting client.
Which of the following should the company implement?

  • A. Network Intrusion Prevention
  • B. Port security
  • C. Mandatory Access Control
  • D. WPA2

Answer: B


NEW QUESTION # 160
The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancement to the company's cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

  • A. PCI
  • B. NIST
  • C. OSSIM
  • D. OWASP

Answer: B

Explanation:
Explanation
Reference https://www.nist.gov/sites/default/files/documents/itl/Cybersecurity_Green-Paper_FinalVersion.pdf


NEW QUESTION # 161
The Chief Security Office (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version derails so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

  • A. Execute the ver command
  • B. Use Wireshart to export a list
  • C. Execute the nmap -p command
  • D. Use credentialed configuration

Answer: A


NEW QUESTION # 162
A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

Which of the following actions should be taken to remediate this security issue?

  • A. Set "Allowlatescanning" to 1 in the URLScan.ini configuration file.
  • B. Set "Perprocesslogging" to 1 in the URLScan.ini configuration file.
  • C. Set "Removeserverheader" to 1 in the URLScan.ini configuration file.
  • D. Set "Enablelogging" to 0 in the URLScan.ini configuration file.

Answer: C


NEW QUESTION # 163
A medical organization recently started accepting payments over the phone. The manager is concerned
about the impact of the storage of different types of data. Which of the following types of data incurs the
highest regulatory constraints?

  • A. IP
  • B. PCI
  • C. PII
  • D. PHI

Answer: B


NEW QUESTION # 164
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

  • A. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
  • B. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
  • C. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.
  • D. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.

Answer: B


NEW QUESTION # 165
An analyst has initiated an assessment of an organization's security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

  • A. Fingerprinting
  • B. DNS query log reviews
  • C. Technical control audits
  • D. Intranet portal reviews
  • E. Internet searches
  • F. Sourcing social network sites
  • G. Banner grabbing

Answer: A,F

Explanation:
Explanation/Reference:
Explanation:


NEW QUESTION # 166
......

CS0-001 Dumps and Exam Test Engine: https://examschief.vce4plus.com/CompTIA/CS0-001-valid-vce-dumps.html

Related Articles

more
CompTIA CS0-001 Certification Practice Exam