[Free] 2019(Oct) EnsurePass CompTIA CS0-001 Dumps with VCE and PDF 31-40

October 27, 2019   |   by admin

Get Full Version of the Exam
http://www.EnsurePass.com/CS0-001.html

Question No.31

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

  1. Threat intelligence reports

  2. Technical constraints

  3. Corporate minutes

  4. Governing regulations

Correct Answer: A

Question No.32

You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.

Instructions:

The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

image

image

image

image

image

image

image

image

image

Correct Answer:

image

image

image

image

image

image

image

image

image

Question No.33

HOTSPOT

A security analyst suspects that a workstation may be beaconing to a command and control server. You must inspect the logs from the company#39;s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.

Instructions:

If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

image

Correct Answer:

image

Question No.34

A security analyst is conducting traffic analysis and observes an HTTP POST to a web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?

  1. Exfiltration

  2. DoS

  3. Buffer overflow

  4. SQL injection

Correct Answer: A

Question No.35

When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?

  1. Bluejacking

  2. ARP cache poisoning

  3. Phishing

  4. DoS

Correct Answer: D

Question No.36

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as quot;rootquot; and browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following security architecture areas should the administrator recommend review and modification? (Select TWO).

  1. Log aggregation and analysis

  2. Software assurance

  3. Encryption

  4. Acceptable use policies

  5. Password complexity

  6. Network isolation and separation

Correct Answer: AD

Question No.37

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non- common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

  1. DDoS

  2. APT

  3. Ransomware

  4. Software vulnerability

Correct Answer: B

Question No.38

A threat intelligence analyst who works for a technology firm received this report from a vendor.

quot;There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is Ramp;D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector.quot;

Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

  1. Polymorphic malware and secure code analysis

  2. Insider threat and indicator analysis

  3. APT and behavioral analysis

  4. Ransomware and encryption

Correct Answer: B

Question No.39

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

  1. Password reuse

  2. Phishing

  3. Social engineering

  4. Tailgating

Correct Answer: D

Question No.40

Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select TWO)

  1. Root cause analysis of the incident and the impact it had on the organization

  2. Outline of the detailed reverse engineering steps for management to review

  3. Performance data from the impacted servers and endpoints to report to management

  4. Enhancements to the policies and practices that will improve business responses

  5. List of IP addresses, applications, and assets

Correct Answer: AD

Get Full Version of the Exam
CS0-001 Dumps
CS0-001 VCE and PDF

Leave Your Comment