Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CompTIA CS0-001

CompTIA CS0-001 Exam Practice Questions (P. 5)

  • Full Access (416 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?
  1. A
    Start the change control process.
  2. B
    Rescan to ensure the vulnerability still exists.
  3. C
    Implement continuous monitoring.
  4. D
    Begin the incident response process.

Correct Answer:
A

Question #42
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Choose two.)
  1. A
    Fuzzing
  2. B
    Behavior modeling
  3. C
    Static code analysis
  4. D
    Prototyping phase
  5. E
    Requirements phase
  6. F
    Planning phase

Correct Answer:
AD
Reference:
http://www.brighthub.com/computing/smb-security/articles/9956.aspx

Question #43
Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?
  1. A
    Perform security awareness training about incident communication.
  2. B
    Request all employees verbally commit to an NDA about the breach.
  3. C
    Temporarily disable employee access to social media
  4. D
    Have law enforcement meet with employees.

Correct Answer:
A

Question #44
A recent vulnerability scan found four vulnerabilities on an organization's public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?
  1. A
    A cipher that is known to be cryptographically weak.
  2. B
    A website using a self-signed SSL certificate.
  3. C
    A buffer overflow that allows remote code execution.
  4. D
    An HTTP response that reveals an internal IP address.

Correct Answer:
C

Question #45
A security professional is analyzing the results of a network utilization report. The report includes the following information:

Which of the following servers needs further investigation?
  1. A
    hr.dbprod.01
  2. B
    R&D.file.srvr.01
  3. C
    mrktg.file.srvr.02
  4. D
    web.srvr.03

Correct Answer:
A

Question #46
A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both
IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?
  1. A
    Use the IP addresses to search through the event logs.
  2. B
    Analyze the trends of the events while manually reviewing to see if any of the indicators match.
  3. C
    Create an advanced query that includes all of the indicators, and review any of the matches.
  4. D
    Scan for vulnerabilities with exploits known to have been used by an APT.

Correct Answer:
B

Question #47
A system administrator has reviewed the following output:

Which of the following can a system administrator infer from the above output?
  1. A
    The company email server is running a non-standard port.
  2. B
    The company email server has been compromised.
  3. C
    The company is running a vulnerable SSH server.
  4. D
    The company web server has been compromised.

Correct Answer:
A

Question #48
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
  1. A
    Honeypot
  2. B
    Jump box
  3. C
    Sandboxing
  4. D
    Virtualization

Correct Answer:
A

Question #49
An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?
  1. A
    Configure a script to automatically update the scanning tool.
  2. B
    Manually validate that the existing update is being performed.
  3. C
    Test vulnerability remediation in a sandbox before deploying.
  4. D
    Configure vulnerability scans to run in credentialed mode.

Correct Answer:
A

Question #50
A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?
  1. A
    Attackers are running reconnaissance on company resources.
  2. B
    An outside command and control system is attempting to reach an infected system.
  3. C
    An insider is trying to exfiltrate information to a remote network.
  4. D
    Malware is running on a company system.

Correct Answer:
B

Previous Questions Next Questions

All Pages