EnsurePass
Exam Dumps
CS0-001 Dumps VCE and PDF
2019 CS0-001 Dumps VCE and PDF
QUESTION 61
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:
Which of the following combinations BEST describes the situation and recommendations to be made for this situation?
|
A. |
The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network. |
|
B. |
The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently. |
|
C. |
The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network. |
|
D. |
The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network. |
Correct Answer: A
QUESTION 62
A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?
|
A. |
Sponsored guest passwords must be at least ten characters in length and contain a symbol. |
|
B. |
The corporate network should have a wireless infrastructure that uses open authentication standards. |
|
C. |
Guests using the wireless network should provide valid identification when registering their wireless devices. |
|
D. |
The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server. |
Correct Answer: C
QUESTION 63
An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).
|
A. |
Drive adapters |
|
B. |
Chain of custody form |
|
C. |
Write blockers |
|
D. |
Crime tape |
|
E. |
Hashing utilities |
|
F. |
Drive imager |
Correct Answer: BC
QUESTION 64
An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?
|
A. |
MAC |
|
B. |
TAP |
|
C. |
NAC |
|
D. |
ACL |
Correct Answer: C
QUESTION 65
Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)
|
A. |
COBIT |
|
B. |
NIST |
|
C. |
ISO 27000 series |
|
D. |
ITIL |
|
E. |
OWASP |
Correct Answer: BD
QUESTION 66
Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).
|
A. |
VLANs |
|
B. |
OS |
|
C. |
Trained operators |
|
D. |
Physical access restriction |
|
E. |
Processing power |
|
F. |
Hard drive capacity |
Correct Answer: BCD
QUESTION 67
Review the following results:
Which of the following has occurred?
|
A. |
This is normal network traffic. |
|
B. |
123.120.110.212 is infected with a Trojan. |
|
C. |
172.29.0.109 is infected with a worm. |
|
D. |
172.29.0.109 is infected with a Trojan. |
Correct Answer: A
QUESTION 68
When reviewing network traffic, a security analyst detects suspicious activity:
Based on the log above, which of the following vulnerability attacks is occurring?
|
A. |
ShellShock |
|
B. |
DROWN |
|
C. |
Zeus |
|
D. |
Heartbleed |
|
E. |
POODLE |
Correct Answer: E
QUESTION 69
Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?
|
A. |
Blue team training exercises |
|
B. |
Technical control reviews |
|
C. |
White team training exercises |
|
D. |
Operational control reviews |
Correct Answer: A
QUESTION 70
An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?
|
A. |
CVSS |
|
B. |
SLA |
|
C. |
ITIL |
|
D. |
OpenVAS |
|
E. |
Qualys |
Correct Answer: A