Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CompTIA CS0-001

CompTIA CS0-001 Exam Practice Questions (P. 4)

  • Full Access (416 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?
  1. A
    The administrator entered the wrong IP range for the assessment.
  2. B
    The administrator did not wait long enough after applying the patch to run the assessment.
  3. C
    The patch did not remediate the vulnerability.
  4. D
    The vulnerability assessment returned false positives.

Correct Answer:
C

Question #32
An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?
  1. A
    MAC
  2. B
    TAP
  3. C
    NAC
  4. D
    ACL

Correct Answer:
C

Question #33
Review the following results:

Which of the following has occurred?
  1. A
    This is normal network traffic.
  2. B
    123.120.110.212 is infected with a Trojan.
  3. C
    172.29.0.109 is infected with a worm.
  4. D
    172.29.0.109 is infected with a Trojan.

Correct Answer:
A

Question #34
A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of the following vulnerability options would BEST create the process requirements?
  1. A
    Utilizing an operating system SCAP plugin
  2. B
    Utilizing an authorized credential scan
  3. C
    Utilizing a non-credential scan
  4. D
    Utilizing a known malware plugin

Correct Answer:
A

Question #35
A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?
  1. A
    The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
  2. B
    The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
  3. C
    The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
  4. D
    The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.

Correct Answer:
A

Question #36
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?
  1. A
    Wireshark
  2. B
    Qualys
  3. C
    netstat
  4. D
    nmap
  5. E
    ping

Correct Answer:
D

Question #37
In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues.
Which of the following is the BEST way to proceed?
  1. A
    Attempt to identify all false positives and exceptions, and then resolve all remaining items.
  2. B
    Hold off on additional scanning until the current list of vulnerabilities have been resolved.
  3. C
    Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
  4. D
    Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

Correct Answer:
D

Question #38
An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server's BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?
  1. A
    Anti-malware application
  2. B
    Host-based IDS
  3. C
    TPM data sealing
  4. D
    File integrity monitoring

Correct Answer:
C

Question #39
A security analyst is reviewing the following log after enabling key-based authentication.

Given the above information, which of the following steps should be performed NEXT to secure the system?
  1. A
    Disable anonymous SSH logins.
  2. B
    Disable password authentication for SSH.
  3. C
    Disable SSHv1.
  4. D
    Disable remote root SSH logins.

Correct Answer:
B

Question #40
A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the
BEST action for the cybersecurity analyst to perform?
  1. A
    Continue monitoring critical systems.
  2. B
    Shut down all server interfaces.
  3. C
    Inform management of the incident.
  4. D
    Inform users regarding the affected systems.

Correct Answer:
C

Previous Questions Next Questions

All Pages