Regenerate CS0-001 Lab 2021

NEW QUESTION 1

A security analyst’s company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to have IPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many sales users reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?

• A. The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.
• B. RFC 3162 is known to cause significant performance problems.
• C. The IPSec implementation has significantly increased the amount of bandwidth needed.
• D. The implementation should have used AES instead of 3DES.

Answer: A

NEW QUESTION 2

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancement to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

• A. OSSIM
• B. NIST
• C. PCI
• D. OWASP

Answer: B

Explanation:
Reference https://www.nist.gov/sites/default/files/documents/itl/Cybersecurity_Green-Paper_FinalVersion.pdf

NEW QUESTION 3

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

• A. Log review
• B. Service discovery
• C. Packet capture
• D. DNS harvesting

Answer: C

NEW QUESTION 4

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.
The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client.
Which of the following should the company implement?

• A. Port security
• B. WPA2
• C. Mandatory Access Control
• D. Network Intrusion Prevention

Answer: A

NEW QUESTION 5

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

• A. The analyst is not using the standard approved browser.
• B. The analyst accidently clicked a link related to the indicator.
• C. The analyst has prefetch enabled on the browser in use.
• D. The alert in unrelated to the analyst’s search.

Answer: C

NEW QUESTION 6

Company A suspects an employee has been exfiltration PII via a USB thumb drive. An analyst is asked with attempting to locate the information on the drive. The PII question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

• A. 3{0-9}d-210-9]d-4[0-9]d
• B. d<3)-dl2|-d(4)
• C. ?|3]-?|21-?[3]
• D. d(9]|'XXX-XX-XXX'

Answer: B

NEW QUESTION 7

An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?

• A. Packet of death
• B. Zero-day malware
• C. PII exfiltration
• D. Known virus

Answer: B

NEW QUESTION 8

An analyst has initiated an assessment of an organization’s security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

• A. Fingerprinting
• B. DNS query log reviews
• C. Banner grabbing
• D. Internet searches
• E. Intranet portal reviews
• F. Sourcing social network sites
• G. Technical control audits

Answer: DF

NEW QUESTION 9

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)

• A. COBIT
• B. NIST
• C. ISO 27000 series
• D. ITIL
• E. OWASP

Answer: BD

NEW QUESTION 10

An analyst reviews a recent report of vulnerabilities on a company's application server. Which of the following should the analyst rate as being of the HIGHEST importance to the company's environment?

• A. Banner grabbing
• B. Remote code execution
• C. SQL injection
• D. Use of old encryption algorithms
• E. Susceptibility to XSS

Answer: B

NEW QUESTION 11

Following a data compromise, a cybersecurity analyst noticed the following executed query: SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

• A. Cookie encryption
• B. XSS attack
• C. Parameter validation
• D. Character blacklist
• E. Malicious code execution
• F. SQL injection

Answer: CF

Explanation:
Reference https://lwn.net/Articles/177037/

NEW QUESTION 12

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.
Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier to implement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve management’s objective?

• A. (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
• B. (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement
• C. (CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement
• D. ((CVSS Score) * 2) / Difficulty = PriorityWhere CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement

Answer: C

NEW QUESTION 13

Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:
tftp –I 10.1.1.1 GET fourthquarterreport.xls
Which of the following is the BEST course of action?

• A. Continue to monitor the situation using tools to scan for known exploits.
• B. Implement an ACL on the perimeter firewall to prevent data exfiltration.
• C. Follow the incident response procedure associate with the loss of business critical data.
• D. Determine if any credit card information is contained on the server containing the financials.

Answer: C

NEW QUESTION 14

A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform?

• A. Continue monitoring critical systems.
• B. Shut down all server interfaces.
• C. Inform management of the incident.
• D. Inform users regarding the affected systems.

Answer: C

NEW QUESTION 15

A security analyst suspects that a workstation may be beaconing to a command and control server. You must inspect the logs from the company’s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
DENYTCP 192.168.1.5 7999 67.8.9.2248080

NEW QUESTION 16

Which of the following is vulnerability when using Windows as a host OS lot virtual machines?

• A. Windows requires frequent patching.
• B. Windows virtualized environments are typically unstable.
• C. Windows requires hundreds of open firewall ports lo operate.
• D. Windows is vulnerable to the "ping of death"

Answer: D

NEW QUESTION 17

After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to reserve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented the code from being released into the production environment?

• A. Cross training
• B. Succession planning
• C. Automated reporting
• D. Separation of duties

Answer: D

NEW QUESTION 18

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

• A. Install agents on the endpoints to perform the scan
• B. Provide each endpoint with vulnerability scanner credentials
• C. Encrypt all of the traffic between the scanner and the endpoint
• D. Deploy scanners with administrator privileges on each endpoint

Answer: A

NEW QUESTION 19

Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:

• A. sniffing.
• B. hardening.
• C. hashing
• D. sandboxing

Answer: D

NEW QUESTION 20

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

• A. Threat intelligence reports
• B. Technical constraints
• C. Corporate minutes
• D. Governing regulations

Answer: A

NEW QUESTION 21

A security analyst performed a review of an organization’s software development life cycle. The analyst reports that the life cycle does not contain a phase m which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

• A. Architectural evaluation
• B. Waterfall
• C. Whitebox testing
• D. Peer review

Answer: D

NEW QUESTION 22

A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

• A. APT
• B. DDoS
• C. Zero day
• D. False positive

Answer: C

NEW QUESTION 23

A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsored authentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?

• A. Sponsored guest passwords must be at least ten characters in length and contain a symbol.
• B. The corporate network should have a wireless infrastructure that uses open authentication standards.
• C. Guests using the wireless network should provide valid identification when registering their wireless devices.
• D. The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.

Answer: C

NEW QUESTION 24

A recent vulnerability scan found four vulnerabilities on an organization’s public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?

• A. A cipher that is known to be cryptographically weak.
• B. A website using a self-signed SSL certificate.
• C. A buffer overflow that allows remote code execution.
• D. An HTTP response that reveals an internal IP address.

Answer: C

NEW QUESTION 25

A security analyst was asked to join an outage call to a critical web application. The web middleware support team determined (he wet) server w running and having no trouble processing requests, however, some investigation has revealed firewall denies to the web server that began around 1 00 a m that morning. An emergency change was made to enable the access, but management has asked tor a root cause determination. Which of the following would be the BEST next step?

• A. Install a packet analyze, near the web server to capture sample traffic to find anomalies.
• B. Block alt traffic lo the web server with an ACL.
• C. Use a port scan to determine all listening pons on the web server.
• D. Search the logging sewers for any rule changes.

Answer: D

NEW QUESTION 26

An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:

Which of the following commands would have generated the output above?

• A. –nmap –sV 192.168.1.13 –p 80
• B. –nmap –sP 192.168.1.0/24 –p ALL
• C. –nmap –sV 192.168.1.1 –p 80
• D. –nmap –sP 192.168.1.13 –p ALL

Answer: A

NEW QUESTION 27

A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with
which the security analyst should comply?

• A. Security operations privacy law
• B. Export restrictions
• C. Non-disclosure agreements
• D. Incident response forms

Answer: D

NEW QUESTION 28
......