• Home
  • Articles
  • [2024] Free CS0-001 Exam Dumps to Pass Exam Easily [Q97-Q116]

[2024] Free CS0-001 Exam Dumps to Pass Exam Easily [Q97-Q116]

Share

[2024] Free CS0-001 Exam Dumps to Pass Exam Easily

CS0-001 Exam Dumps, CS0-001 Practice Test Questions


The CS0-001 exam consists of 85 multiple-choice and performance-based questions that must be completed within 165 minutes. To pass the exam, candidates must achieve a score of at least 750 out of a possible 900. CS0-001 exam is available in several languages, including English, Japanese, and Portuguese.

 

NEW QUESTION # 97
A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?

  • A. ping -a
  • B. tracert
  • C. nmap
  • D. nslookup

Answer: C

Explanation:
Reference:
https://serverfault.com/questions/10590/how-to-get-a-list-of-all-ip-addresses-and-ideally-device- names-on-a-lan


NEW QUESTION # 98
Following a data compromise, a cybersecurity analyst noticed the following executed query:
SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

  • A. Malicious code execution
  • B. Character blacklist
  • C. Cookie encryption
  • D. SQL injection
  • E. XSS attack
  • F. Parameter validation

Answer: D,F

Explanation:
Explanation/Reference:
Reference https://lwn.net/Articles/177037/


NEW QUESTION # 99
After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company's computer.

Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

  • A. DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389
  • B. DENY TCP ANY HOST 10.38.219.20 EQ 3389
  • C. DENY IP HOST 10.38.219.20 ANY EQ 25
  • D. DENY TCP ANY HOST 192.168.1.10 EQ 25

Answer: B


NEW QUESTION # 100
After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

  • A. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
  • B. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
  • C. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
  • D. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer

Answer: C


NEW QUESTION # 101
A computer at a company was used to commit a crime. The system was seized and removed for further
analysis. Which of the following is the purpose of labeling cables and connections when seizing the
computer system?

  • A. To block any communication with the computer system from attack
  • B. To maintain the chain of custody
  • C. To document the model, manufacturer, and type of cables connected
  • D. To capture the system configuration as it was at the time it was removed

Answer: D


NEW QUESTION # 102
During a recent audit, there were a lot of findings similar to and including the following:

Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?

  • A. Remove the affected software programs from the servers.
  • B. Use an automated patch management solution.
  • C. Run Microsoft Baseline Security Analyzer on all of the servers.
  • D. Schedule regular vulnerability scans for all servers on the network.

Answer: B


NEW QUESTION # 103
NOTE: Question IP must be 192.168.192.123
During a network reconnaissance engagement, a penetration tester was given perimeter firewall ACLs to accelerate the scanning process. The penetration tester has decided to concentrate on trying to brute force log in to destination IP address 192.168.192.132 via secure shell.

Given a source IP address of 10.10.10.30, which of the following ACLs will permit this access?
A:

B:

C:

D:

  • A. Option B
  • B. Option A
  • C. Option C
  • D. Option D

Answer: C


NEW QUESTION # 104
A company has monthly scheduled windows for patching servers and applying configuration changes.
Out-of-window changes can be done, but they are discouraged unless absolutely necessary. The systems administrator is reviewing the weekly vulnerability scan report that was just released. Which of the following vulnerabilities should the administrator fix without waiting for the next scheduled change window?

  • A. The administrator should fix http (80/tcp). The 'greeting.cgi' script is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon.
  • B. The administrator should fix general/tcp. The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall a company is using, an attacker may use this flaw to bypass its rules.
  • C. The administrator should fix smtp (25/tcp). The remote SMTP server is insufficiently protected against relaying. This means spammers might be able to use the company's mail server to send their emails to the world.
  • D. The administrator should fix dns (53/tcp). BIND 'NAMED' is an open-source DNS server from ISC.org. The BIND-based NAMED server (or DNS servers) allow remote users to query for version and type information.
  • E. The administrator should fix http (80/tcp). An information leak occurs on Apache web servers with the UserDir module enabled, allowing an attacker to enumerate accounts by requesting access to home directories and monitoring the response.

Answer: C


NEW QUESTION # 105
A red team actor observes it is common practice to allow cell phones to charge on company computers,
but access to the memory storage is blocked. Which of the following are common attack techniques that
take advantage of this practice? (Choose two.)

  • A. A USB attack that turns the connected device into a rogue access point that spoofs the configured
    wireless SSIDs
  • B. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password
    hash gathering utility for offline password cracking
  • C. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends
    characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
  • D. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types
    if physically connected to a USB port
  • E. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to
    mount, and then launches a Java applet attack

Answer: D,E


NEW QUESTION # 106
A security analyst reserved several service tickets reporting that a company storefront website is not accessible by internal domain users. However, external users ate accessing the website without issue. Which of the following is the MOST likely reason for this behavior?

  • A. The certificate is expired.
  • B. The DNS server is corrupted.
  • C. The FQDN is incorrect.
  • D. The time synchronization server is corrupted.

Answer: D


NEW QUESTION # 107
Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A's conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B's network. The security architect for Company
A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

  • A. MAC
  • B. SIEM
  • C. ACL
  • D. NAC
  • E. SAML

Answer: C


NEW QUESTION # 108
The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization's email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

  • A. Externally hosted instant message
  • B. VoIP phone call
  • C. Summary sent by certified mail
  • D. Post of the company blog
  • E. Corporate-hosted encrypted email

Answer: A


NEW QUESTION # 109
Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

  • A. Perform security awareness training about incident communication.
  • B. Have law enforcement meet with employees.
  • C. Temporarily disable employee access to social media
  • D. Request all employees verbally commit to an NDA about the breach.

Answer: A


NEW QUESTION # 110
Policy allows scanning of vulnerabilities during production hours, but production servers have been
crashing lately due to unauthorized scans performed by junior technicians. Which of the following is the
BEST solution to avoid production server downtime due to these types of scans?

  • A. Require vulnerability scans be performed by trained personnel.
  • B. Scan only as required for regulatory compliance.
  • C. Transition from centralized to agent-based scans.
  • D. Implement sandboxing to analyze the results of each scan.
  • E. Configure daily-automated detailed vulnerability reports.

Answer: A


NEW QUESTION # 111
Which of the following are essential components within the rules of engagement for a penetration test?
(Select TWO).

  • A. Business justification
  • B. Authorization
  • C. List of system administrators
  • D. Payment terms
  • E. Schedule

Answer: B,E


NEW QUESTION # 112
A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

  • A. Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and
    636 are identical.
  • B. Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
  • C. Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
  • D. Change all devices and servers that support it to 636, as encrypted services run by default on 636.

Answer: D


NEW QUESTION # 113
A security analyst is Investigating some unusual network traffic to and from one or the company's email servers. Reviewing a packet capture, the analyst notes the following sequence of packets:

Which of the following should be the NEXT step In the Investigation?

  • A. Log on to the server at IP address 74.125.131.27 and determine the process using port 25.
  • B. Log on to the server at IP address 74.125.131.27 and determine the process using port 80.
  • C. Check with the network team to see if the IP address 67.35.20.70 has connected to any other servers.
  • D. Ask the network team to blackhole the IP address 153.22.17.8 to prevent further connections.

Answer: A


NEW QUESTION # 114
Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

  • A. Change ChallengeResponseAuthentication yesto ChallangeResponseAuthentication no
  • B. Change PubkeyAuthentication yesto #PubkeyAuthentication yes
  • C. Change PassworAuthentication yesto PasswordAuthentication no
  • D. Change #AuthorizedKeysFile sh/.ssh/authorized_keysto AuthorizedKeysFile sh/
    . ssh/authorized_keys
  • E. Change PermitRootLoginnoto #PermitRootLoginyes

Answer: C


NEW QUESTION # 115
The following IDS log was discovered by a company's cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

  • A. SQL injection attack
  • B. Online password crack attack
  • C. Buffer overflow attack
  • D. Cross-site scripting attack

Answer: C


NEW QUESTION # 116
......

CS0-001 Exam Dumps, CS0-001 Practice Test Questions: https://www.testkingfree.com/CompTIA/CS0-001-practice-exam-dumps.html

Related Articles

more
CompTIA CS0-001 Certification Practice Exam