CS0-001 | Best Quality CS0-001 Dumps Questions 2019
Act now and download your CS0-001 Braindumps today! Do not waste time for the worthless CS0-001 Exam Questions and Answers tutorials. Download CS0-001 Exam Dumps with real questions and answers and begin to learn CS0-001 Exam Questions and Answers with a classic professional.
Also have CS0-001 free dumps questions for you:
NEW QUESTION 1
A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered large amounts of business critical data delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for (his transfer and discovered that this new process s not documented in the change management log. Which of the following would be the BESST course of action for the analyst to take?
- A. Investigate a potential incident
- B. Verify user per missions
- C. Run a vulnerability scan
- D. Verify SLA with cloud provider
NEW QUESTION 2
A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?
- A. The analyst is red team.The employee is blue team.The manager is white team.
- B. The analyst is white team.The employee is red team.The manager is blue team.
- C. The analyst is red team.The employee is white team.The manager is blue team.
- D. The analyst is blue team.The employee is red team.The manager is white team.
Explanation: Reference https://danielmiessler.com/study/red-blue-purple-teams/
NEW QUESTION 3
Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:
- A. sniffing.
- B. hardening.
- C. hashing
- D. sandboxing
NEW QUESTION 4
External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?
- A. Stress testing
- B. Regression testing
- C. Input validation
- D. Fuzzing
NEW QUESTION 5
Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A’s conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B’s network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?
- A. ACL
- B. SIEM
- C. MAC
- D. NAC
- E. SAML
NEW QUESTION 6
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:
Which of the following combinations BEST describes the situation and recommendations to be made for this situation?
- A. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
- B. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
- C. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
- D. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.
Explanation: Topic 2, Exam Set B
NEW QUESTION 7
A company installed a wireless network more than a year ago, standardizing on the same model APs in a single subnet. Recently, several users have reported timeouts and connection issues with Internet browsing. The security administrator has gathered some information about the network to try to recreate the issues with the assistance of a user. The administrator is able to ping every device on the network and confirms that the network is very slow.
Given the above results, which of the following should the administrator investigate FIRST?
- A. The AP-Workshop device
- B. The AP-Reception device
- C. The device at 192.168.1.4
- D. The AP-IT device
- E. The user’s PC
NEW QUESTION 8
A security analyst determines that several workstations ate reporting traffic usage on port 3389 Al workstations are running the latest OS patches according to patch reporting: The help desk manager reports some use's are getting togged off of these workstations, and network access is running slower than normal The analyst believes a zero-day threat has allowed remote attackers to gain access to the workstakons. Which of the following are the BEST steps to stop the threat without impacting at services? (Select TWO)
- A. Change the pubic lP address since APTs are common.
- B. Configure a group policy to disable RDP access.
- C. Disconnect public Internet access and review the logs on the workstations.
- D. Enforce a password change for users on the network.
- E. Reapply the latest OS patches to workstations.
- F. Route internal traffic through a proxy server.
NEW QUESTION 9
A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?
- A. The workstations should be isolated from the network.
- B. The workstations should be donated for reuse.
- C. The workstations should be reimaged.
- D. The workstations should be patched and scanned.
NEW QUESTION 10
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)
- A. Cardholder data
- B. Intellectual property
- C. Personal health information
- D. Employee records
- E. Corporate financial data
NEW QUESTION 11
Nmap scan results on a set of IP addresses returned one or more lines beginning with “cpe:/o:” followed by a company name, product name, and version. Which of the following would this string help an administrator to identify?
- A. Operating system
- B. Running services
- C. Installed software
- D. Installed hardware
NEW QUESTION 12
A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?
- A. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
- B. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
- C. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
- D. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.
NEW QUESTION 13
Which of the following is vulnerability when using Windows as a host OS lot virtual machines?
- A. Windows requires frequent patching.
- B. Windows virtualized environments are typically unstable.
- C. Windows requires hundreds of open firewall ports lo operate.
- D. Windows is vulnerable to the "ping of death"
NEW QUESTION 14
A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?
- A. The security analyst should recommend this device be place behind a WAF.
- B. The security analyst should recommend an IDS be placed on the network segment.
- C. The security analyst should recommend this device regularly export the web logs to a SIEM system.
- D. The security analyst should recommend this device be included in regular vulnerability scans.
NEW QUESTION 15
A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be implemented to prevent this incident from reoccurring?
- A. Personnel training
- B. Separation of duties
- C. Mandatory vacation
- D. Backup server
NEW QUESTION 16
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)
- A. Fuzzing
- B. Behavior modeling
- C. Static code analysis
- D. Prototyping phase
- E. Requirements phase
- F. Planning phase
P.S. Surepassexam now are offering 100% pass ensure CS0-001 dumps! All CS0-001 exam questions have been updated with correct answers: https://www.surepassexam.com/CS0-001-exam-dumps.html (242 New Questions)