Enhance your career with CS0-001 PDF Dumps - True CompTIA Exam Questions
New (2023) Download free CS0-001 PDF for CompTIA Practice Tests
NEW QUESTION # 155
An analyst reviews a recent report of vulnerabilities on a company's financial application server. Which of
the following should the analyst rate as being of the HIGHEST importance to the company's environment?
- A. SQL injection
- B. Susceptibility to XSS
- C. Banner grabbing
- D. Use of old encryption algorithms
- E. Remote code execution
Answer: E
NEW QUESTION # 156
A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded.
Which of the following should the security analyst recommend to add additional security to this device?
- A. The security analyst should recommend an IDS be placed on the network segment.
- B. The security analyst should recommend this device be included in regular vulnerability scans.
- C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
- D. The security analyst should recommend this device be place behind a WAF.
Answer: D
NEW QUESTION # 157
External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?
- A. Regression testing
- B. Input validation
- C. Stress testing
- D. Fuzzing
Answer: C
NEW QUESTION # 158
In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an
SQL statement that will provide how long a vulnerability has been present on the network.
Given the following output table:
Which of the following SQL statements would provide the resulted output needed for this correlation?
- A. SELECT IP, PORT, PlugIn, ScanDate FROM MyResults SET PluginID='1000'
- B. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID='1000'
- C. SELECT Port, ScanDate, IP, PlugIn FROM MyResults WHERE PluginID='1000'
- D. SELECT ScanDate, IP, Port, PlugIn SET MyResults WHERE PluginID='1000'
Answer: B
NEW QUESTION # 159
A threat intelligence analyst who works for a financial services firm received this report:
"There has been an effective waterhole campaign residing at
www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector." The analyst ran a query and has assessed that this traffic has been seen on the network.
Which of the following actions should the analyst do NEXT? (Select TWO).
- A. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"
- B. Visit the domain and begin a threat assessment
- C. Format the MBR as a precaution
- D. Produce a threat intelligence message to be disseminated to the company
- E. Advise the firewall engineer to implement a block on the domain
- F. Advise the security architects to enable full-disk encryption to protect the MBR
Answer: B,F
NEW QUESTION # 160
Which of the following best practices is used to identify areas in the network that may be vulnerable to
penetration testing from known external sources?
- A. Blue team training exercises
- B. White team training exercises
- C. Operational control reviews
- D. Technical control reviews
Answer: A
Explanation:
Explanation/Reference:
Explanation:
NEW QUESTION # 161
A company installed a wireless network more than a year ago, standardizing on the same model APs in a
single subnet. Recently, several users have reported timeouts and connection issues with Internet
browsing. The security administrator has gathered some information about the network to try to recreate
the issues with the assistance of a user. The administrator is able to ping every device on the network and
confirms that the network is very slow.
Output:
Given the above results, which of the following should the administrator investigate FIRST?
- A. The AP-Reception device
- B. The AP-IT device
- C. The AP-Workshop device
- D. The device at 192.168.1.4
- E. The user's PC
Answer: C
NEW QUESTION # 162
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)
- A. Planning phase
- B. Static code analysis
- C. Prototyping phase
- D. Behavior modeling
- E. Fuzzing
- F. Requirements phase
Answer: B,E
Explanation:
Explanation: References:
NEW QUESTION # 163
Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the server from anywhere in the company. Which of the following would be an effective solution?
- A. Anti-malware
- B. Jump box
- C. Honeypot
- D. Server hardening
Answer: B
NEW QUESTION # 164
A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port
445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?
- A. An attacker has gained control of the workstation and is port scanning the network.
- B. An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.
- C. Malware has infected the workstation and is beaconing out to the specific IP address of the file server.
- D. The file server is attempting to transfer malware to the workstation via SMB.
Answer: B
NEW QUESTION # 165
A customer reports having money removed from an online bank account An analyst researched and discovered an attacker used an open browser session while the customer was performing an online transaction. Which of the following would be BEST to implement to prevent this from occurring in the future?
- A. Disable the use or any cookies
- B. Utilize secret tokens with random values
- C. Employ crypto graphically long session IDs
- D. Disable any client-side JavaScript
Answer: B
NEW QUESTION # 166
After completing a vulnerability scan, the following output was noted:
Which of the following vulnerabilities has been identified?
- A. PKI transfer vulnerability.
- B. Active Directory encryption vulnerability.
- C. Web application cryptography vulnerability.
- D. VPN tunnel vulnerability.
Answer: C
Explanation:
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION # 167
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the
web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that
related sites were not visited but were searched for in a search engine. Which of the following MOST likely
happened in this situation?
- A. The analyst has prefetch enabled on the browser in use.
- B. The alert in unrelated to the analyst's search.
- C. The analyst is not using the standard approved browser.
- D. The analyst accidently clicked a link related to the indicator.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
NEW QUESTION # 168
A centralized tool for organizing security events and managing their response and resolution is known as:
- A. HIPS
- B. Syslog
- C. SIEM
- D. Wireshark
Answer: C
NEW QUESTION # 169
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations alter returning to work awl logging in. The building security team informs the IT security team that the cleaning stall was caught using the systems after the accounting department users left for the day Which of the following steps should the IT security team take to help prevent this from happening again?
(Select TWO)
- A. Install a web monitors application to track Internet usage after hours
- B. Set up a camera to monitor the workstations for unauthorized use
- C. Configure mandatory access controls to allow only accounting department users lo access the workstations
- D. Configure a policy for workstation account timeout at three minutes
- E. Configure NAC lo set time-based restrictions on the accounting group to normal business hours
Answer: D,E
NEW QUESTION # 170
The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization's email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?
- A. Externally hosted instant message
- B. Post of the company blog
- C. Summary sent by certified mail
- D. Corporate-hosted encrypted email
- E. VoIP phone call
Answer: E
NEW QUESTION # 171
Given the following code:
Which of the following types of attacks is occurring in the example above?
- A. MITM
- B. Session hijacking
- C. SQL injection
- D. Privilege escalation
- E. XSS
Answer: C
NEW QUESTION # 172
After completing a vulnerability scan, the following output was noted:
Which of the following vulnerabilities has been identified?
- A. PKI transfer vulnerability.
- B. Active Directory encryption vulnerability.
- C. Web application cryptography vulnerability.
- D. VPN tunnel vulnerability.
Answer: C
NEW QUESTION # 173
A security analyst is conducting traffic analysis following a potential web server breach. The analyst wants to investigate client-side server errors.
Which of the following lines of this query output should be investigated further?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION # 174
A cybersecurity analyst was asked to review several results of web vulnerability scan logs.
Given the following snippet of code:
Which of the following BEST describes the situation and recommendations to be made?
- A. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. Recommend making the iframe visible. Fixing the code will correct the issue.
- B. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The code should include the domain name. Recommend the entry be updated with the domain name.
- C. The security analyst has discovered an embedded iframe that is hidden from users accessing the web page. This code is correct. This is a design preference, and no vulnerabilities are present.
- D. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network. The link is hidden and suspicious. Recommend the entry be removed from the web page.
Answer: C
NEW QUESTION # 175
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
- A. Sandboxing
- B. Jump box
- C. Honeypot
- D. Virtualization
Answer: C
NEW QUESTION # 176
Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings.
Which of the following changes should made to the following ssh_config file to establish compliance with the policy?
A)
B)
C)
D)
E)
- A. Option C
- B. Option A
- C. Option B
- D. Option E
- E. Option D
Answer: B
NEW QUESTION # 177
......
The CS0-001 exam consists of 85 multiple-choice and performance-based questions that must be completed within 165 minutes. To pass the exam, candidates must achieve a score of at least 750 out of a possible 900. CS0-001 exam is available in several languages, including English, Japanese, and Portuguese.
100% Free CS0-001 Files For passing the exam Quickly: https://www.pass4guide.com/CS0-001-exam-guide-torrent.html