CS0-001 | CompTIA CS0-001 Dumps Questions 2019
Cause all that matters here is passing exam with CS0-001 Exam Dumps. Cause all that you need is a high score of CS0-001 Dumps. The only one thing you need to do is downloading CS0-001 Study Guides free now. We will not let you down with our money-back guarantee.
CompTIA CS0-001 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).
- A. Schedule
- B. Authorization
- C. List of system administrators
- D. Payment terms
- E. Business justification
NEW QUESTION 2
Which of the following is a feature of virtualization that can potentially create a single point of failure?
- A. Server consolidation
- B. Load balancing hypervisors
- C. Faster server provisioning
- D. Running multiple OS instances
NEW QUESTION 3
A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap. Which of the following is the correct command to accomplish this?
- A. $ nmap –PE 192.168.1.7
- B. $ ping --PE 192.168.1.7
- C. $ nmap --traceroute 192.168.1.7
- D. $ nmap –PO 192.168.1.7
NEW QUESTION 4
A vulnerability scan returned the following results for a web server that hosts multiple wiki sites: Apache-HTTPD-cve-2014-023: Apache HTTPD: mod_cgid denial of service CVE-2014-0231
Due to a flaw found in mog_cgid, a server using mod_cgid to host CGI scripts could be vulnerable to a DoS attack caused by a remote attacker who is exploiting a weakness in non-standard input, causing processes to hang indefinitely.
The security analyst has confirmed the server hosts standard CGI scripts for the wiki sites, does not have mod_cgid installed, is running Apache 2.2.22, and is not behind a WAF. The server is located in the DMZ, and the purpose of the server is to allow customers to add entries into a publicly accessible database.
Which of the following would be the MOST efficient way to address this finding?
- A. Place the server behind a WAF to prevent DoS attacks from occurring.
- B. Document the finding as a false positive.
- C. Upgrade to the newest version of Apache.
- D. Disable the HTTP service and use only HTTPS to access the server.
NEW QUESTION 5
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?
- A. Use the IP addresses to search through the event logs.
- B. Analyze the trends of the events while manually reviewing to see if any of the indicators match.
- C. Create an advanced query that includes all of the indicators, and review any of the matches.
- D. Scan for vulnerabilities with exploits known to have been used by an APT.
NEW QUESTION 6
The Chief Security Office (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version derails so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?
- A. Execute the ver command
- B. Execute the nmap -p command
- C. Use Wireshart to export a list
- D. Use credentialed configuration
NEW QUESTION 7
In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an SQL statement that will provide how long a vulnerability has been present on the network.
Given the following output table:
Which of the following SQL statements would provide the resulted output needed for this correlation?
- A. SELECT Port, ScanDate, IP, PlugIn FROM MyResults WHERE PluginID=‘1000’
- B. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID=‘1000’
- C. SELECT IP, PORT, PlugIn, ScanDate FROM MyResults SET PluginID=‘1000’
- D. SELECT ScanDate, IP, Port, PlugIn SET MyResults WHERE PluginID=‘1000’
NEW QUESTION 8
A company provides wireless connectivity to the internal network from all physical locations for companyowned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?
- A. The access point is blocking access by MAC addres
- B. Disable MAC address filtering.
- C. The network is not availabl
- D. Escalate the issue to network support.
- E. Expired DNS entries on users’ device
- F. Request the affected users perform a DNS flush.
- G. The access point is a rogue devic
- H. Follow incident response procedures.
NEW QUESTION 9
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js xerty.ini xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?
- A. Disable access to the company VPN.
- B. Move the files from the NAS to a cloud-based storage solution.
- C. Set permissions on file shares to read-only.
- D. Add the URL included in the .js file to the company’s web proxy filter.
NEW QUESTION 10
The following IDS log was discovered by a company’s cybersecurity analyst:
Which of the following was launched against the company based on the IDS log?
- A. SQL injection attack
- B. Cross-site scripting attack
- C. Buffer overflow attack
- D. Online password crack attack
NEW QUESTION 11
The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancement to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?
- A. OSSIM
- B. NIST
- C. PCI
- D. OWASP
Explanation: Reference https://www.nist.gov/sites/default/files/documents/itl/Cybersecurity_Green-Paper_FinalVersion.pdf
NEW QUESTION 12
The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?
- A. Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
- B. Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
- C. Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.
- D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
NEW QUESTION 13
During a recent audit, there were a lot of findings similar to and including the following:
Which of the following would be the BEST way to remediate these finding and minimize similar findings in the future?
- A. Use an automated patch management solution
- B. Remove the affected software programs from the servers
- C. Run Microsoft Baseline Security Analyzer on all of the servers
- D. Schedule regular vulnerability scans for all servers on the network
NEW QUESTION 14
While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company’s manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?
- A. Implement a group policy on company systems to block access to SCADA networks.
- B. Require connections to the SCADA network to go through a forwarding proxy.
- C. Update the firewall rules to block SCADA network access from those laptop IP addresses.
- D. Install security software and a host-based firewall on the SCADA equipment.
NEW QUESTION 15
During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?
- A. Static code analysis
- B. Peer review code
- C. Input validation
- D. Application fuzzing
NEW QUESTION 16
A company’s computer was recently infected with ransomware. After encrypting all documents, the malware logs a random AES-128 encryption key and associated unique identifier onto a compromised remote website. A ransomware code snippet is shown below:
Based on the information from the code snippet, which of the following is the BEST way for a cybersecurity professional to monitor for the same malware in the future?
- A. Configure the company proxy server to deny connections to www.malwaresite.com.
- B. Reconfigure the enterprise antivirus to push more frequent to the clients.
- C. Write an ACL to block the IP address of www.malwaresite.com at the gateway firewall.
- D. Use an IDS custom signature to create an alert for connections to www.malwaresite.com.
P.S. Easily pass CS0-001 Exam with 242 Q&As Surepassexam Dumps & pdf Version, Welcome to Download the Newest Surepassexam CS0-001 Dumps: https://www.surepassexam.com/CS0-001-exam-dumps.html (242 New Questions)