CS0-001 | Breathing CS0-001 Free Practice Questions 2019
It is impossible to pass CompTIA CS0-001 exam without any help in the short term. Come to us soon and find the most advanced, correct and guaranteed CS0-001 Free Practice Questions. You will get a surprising result by our CS0-001 Free Practice Questions.
Check CS0-001 free dumps before getting the full version:
NEW QUESTION 1
During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident’s impact assessment?
- A. PII of company employees and customers was exfiltrated.
- B. Raw financial information about the company was accessed.
- C. Forensic review of the server required fall-back on a less efficient service.
- D. IP addresses and other network-related configurations were exfiltrated.
- E. The local root password for the affected server was compromised.
NEW QUESTION 2
A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:
Based on the above information, which of the following should the system administrator do? (Select TWO).
- A. Verify the vulnerability using penetration testing tools or proof-of-concept exploits.
- B. Review the references to determine if the vulnerability can be remotely exploited.
- C. Mark the result as a false positive so it will show in subsequent scans.
- D. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.
- E. Implement the proposed solution by installing Microsoft patch Q316333.
NEW QUESTION 3
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations alter returning to work awl logging in. The building security team informs the IT security team that the cleaning stall was caught using the systems after the accounting department users left for the day Which of the following steps should the IT security team take to help prevent this from happening again? (Select TWO)
- A. Install a web monitors application to track Internet usage after hours
- B. Configure a policy for workstation account timeout at three minutes
- C. Configure NAC lo set time-based restrictions on the accounting group to normal business hours
- D. Configure mandatory access controls to allow only accounting department users lo access the workstations
- E. Set up a camera to monitor the workstations for unauthorized use
NEW QUESTION 4
A security notices PII has copied from the customer to an anonymous FTP server in the DMZ. Firewall logs indicate the customer database has not been from the anonymous FTP server. Which of the following department should make a decision about pursuing further investigation?
- A. Human resources
- B. Public relations
- C. Legal
- D. Executive management
- E. IT management
NEW QUESTION 5
The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:
Which of the following describes the reason why the discovery is failing?
- A. The scanning tool lacks valid LDAP credentials.
- B. The scan is returning LDAP error code 52255a.
- C. The server running LDAP has antivirus deployed.
- D. The connection to the LDAP server is timing out.
- E. The LDAP server is configured on the wrong port.
NEW QUESTION 6
A cybersecurity analyst develops a regular expression to find data within traffic that will alarm on a hit.
The SIEM alarms on seeing this data in cleartext between the web server and the database server.
Which of the following types of data would the analyst MOST likely to be concerned with, and to which type of data classification does it belong?
- A. Credit card numbers that are PCI
- B. Social security numbers that are PHI
- C. Credit card numbers that are PII
- D. Social security numbers that are PII
NEW QUESTION 7
A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data. Which of the following types of data incurs the highest regulatory constraints?
- A. PHI
- B. PCI
- C. Pll
- D. IP
NEW QUESTION 8
A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had been compromised. Upon investigating the incident, the cybersecurity
analyst found that a brute force attack was launched against the company.
Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?
- A. Prohibit password reuse using a GPO.
- B. Deploy multifactor authentication.
- C. Require security awareness training.
- D. Implement DLP solution.
NEW QUESTION 9
An organization has recently experienced a data breach A forensic analysis. On formed the attacker found a legacy web server that had not been used in over a year and was not regularly patched After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing They want to start the process by scanning the network for active hosts and open pods Which of the following tools is BEST suited for this job?
- A. Ping
- B. Nmap
- C. Netstal
- D. ifconfig
- E. Wireshark
- F. L0phtCrack
NEW QUESTION 10
A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user’s account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?
- A. The Windows Active Directory domain controller has not completed synchronization, and should forceThe domain controller to sync.
- B. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
- C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.
- D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.
NEW QUESTION 11
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:
Based on the output of the scan, which of the following is the BEST answer?
- A. Failed credentialed scan
- B. Failed compliance check
- C. Successful sensitivity level check
- D. Failed asset inventory
NEW QUESTION 12
After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to reserve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented the code from being released into the production environment?
- A. Cross training
- B. Succession planning
- C. Automated reporting
- D. Separation of duties
NEW QUESTION 13
A software patch has been released to remove vulnerabilities from company’s software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?
- A. Fuzzing
- B. User acceptance testing
- C. Regression testing
- D. Penetration testing
NEW QUESTION 14
Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Select two.)
- A. Patching
- B. NIDS
- C. Segmentation
- D. Disabling unused services
- E. Firewalling
NEW QUESTION 15
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.
The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the
Which of the following is the security administrator practicing in this example?
- A. Explicit deny
- B. Port security
- C. Access control lists
- D. Implicit deny
NEW QUESTION 16
Which of the following could be directly impacted by an unpatched vulnerability m vSphre ESXi?
- A. The organization's physical routers
- B. The organization's mobile devices
- C. The organization's virtual infrastructure
- D. The organization's VPN
Thanks for reading the newest CS0-001 exam dumps! We recommend you to try the PREMIUM Surepassexam CS0-001 dumps in VCE and PDF here: https://www.surepassexam.com/CS0-001-exam-dumps.html (242 Q&As Dumps)