(159 Q&As Dumps, 30%OFF Special Discount: 30free)
NEW QUESTION NO: 15
As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)
A. Timing of the scan
B. Contents of the executive summary report
C. Excluded hosts
D. Maintenance windows
E. IPS configuration
F. Incident response policies
Answer: A,C
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 16
A security analyst is reviewing the following log after enabling key-based authentication.
Given the above information, which of the following steps should be performed NEXT to secure the system?
A. Disable anonymous SSH logins.
B. Disable password authentication for SSH.
C. Disable SSHv1.
D. Disable remote root SSH logins.
Answer: B
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 17
A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?
A. The administrator entered the wrong IP range for the assessment.
B. The administrator did not wait long enough after applying the patch to run the assessment.
C. The patch did not remediate the vulnerability.
D. The vulnerability assessment returned false positives.
Answer: C
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 18
Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?
A. ACL
B. SIEM
C. MAC
D. NAC
E. SAML
Answer: D
Section: (none)
NEW QUESTION NO: 19
The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?
A. Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
B. Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
C. Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.
D. Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
Answer: C
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 20
A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?
A. Sponsored guest passwords must be at least ten characters in length and contain a symbol.
B. The corporate network should have a wireless infrastructure that uses open authentication standards.
C. Guests using the wireless network should provide valid identification when registering their wireless devices.
D. The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.
Answer: C
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 21
A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?
A. Start the change control process.
B. Rescan to ensure the vulnerability still exists.
C. Implement continuous monitoring.
D. Begin the incident response process.
Answer: A
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 22
After scanning the main company's website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:
The analyst reviews a snippet of the offending code:
Which of the following is the BEST course of action based on the above warning and code snippet?
A. The analyst should implement a scanner exception for the false positive.
B. The system administrator should disable SSL and implement TLS.
C. The developer should review the code and implement a code fix.
D. The organization should update the browser GPO to resolve the issue.
Answer: D
Section: (none)
Explanation/Reference:
Explanation:
NEW QUESTION NO: 23
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?
A. Contact the Office of Civil Rights (OCR) to report the breach
B. Notify the Chief Privacy Officer (CPO)
C. Activate the incident response plan
D. Put an ACL on the gateway router
Answer: D
Section: (none)
NEW QUESTION NO: 24
Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".
The administrator observed the following about the three servers:
The servers are not accessible by the Internet
AV programs indicate the servers have had malware as recently as two weeks ago
The SIEM shows unusual traffic in the last 20 days
Integrity validation of system files indicates unauthorized modifications
Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).
A. Servers may have been built inconsistently
B. Servers may be generating false positives via the SIEM
C. Servers may have been tampered with
D. Activate the incident response plan
E. Immediately rebuild servers from known good configurations
F. Schedule recurring vulnerability scans on the servers
Answer: D,E
Section: (none)
NEW QUESTION NO: 25
A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?
A. Advanced persistent threat
B. Buffer overflow vulnerability
C. Zero day
D. Botnet
Answer: A
Section: (none)
NEW QUESTION NO: 26
A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types
'history' into the prompt, and sees this line of code in the latest bash history:
This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?
A. Performed a ping sweep of the Class C network.
B. Performed a half open SYB scan on the network.
C. Sent 255 ping packets to each host on the network.
D. Sequentially sent an ICMP echo reply to the Class C network.
Answer: A
Section: (none)
Explanation/Reference:
Explanation:
https://www.newpassleader.com/CompTIA/CS0-001-exam-preparation-materials.html