[Free] 2019(Oct) EnsurePass CompTIA CS0-001 Dumps with VCE and PDF 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/CS0-001.html

Question No.41

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?

  1. Phishing

  2. Social engineering

  3. Man-in-the-middle

  4. Shoulder surfing

Correct Answer: C

Question No.42

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

  1. Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.

  2. Change all devices and servers that support it to 636, as encrypted services run by default on 636.

  3. Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

  4. Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

Correct Answer: B

Question No.43

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client. Which of the following should the company implement?

  1. Port security

  2. WPA2

  3. Mandatory Access Control

  4. Network Intrusion Prevention

Correct Answer: A

Question No.44

A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website?

  1. VPN

  2. Honeypot

  3. Whitelisting

  4. DMZ

  5. MAC filtering

Correct Answer: C

Question No.45

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

  1. Co-hosted application

  2. Transitive trust

  3. Mutually exclusive access

  4. Dual authentication

Correct Answer: B

Question No.46

A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss? (Select THREE).

  1. Prevent users from accessing personal email and file-sharing sites via web proxy

  2. Prevent flash drives from connecting to USB ports using Group Policy

  3. Prevent users from copying data from workstation to workstation

  4. Prevent users from using roaming profiles when changing workstations

  5. Prevent Internet access on laptops unless connected to the network in the office or via VPN

  6. Prevent users from being able to use the copy and paste functions

Correct Answer: ABE

Question No.47

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

  1. OSSIM

  2. SDLC

  3. SANS

  4. ISO

Correct Answer: D

Question No.48

A vulnerability scan has returned the following information:

image

Which of the following describes the meaning of these results?

  1. There is an unknown bug in a Lotus server with no Bugtraq ID.

  2. Connecting to the host using a null session allows enumeration of share names.

  3. Trend Micro has a known exploit that must be resolved or patched.

  4. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

Correct Answer: B

Question No.49

Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the server from anywhere in the company. Which of the following would be an effective solution?

  1. Honeypot

  2. Jump box

  3. Server hardening

  4. Anti-malware

Correct Answer: B

Question No.50

The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation?

  1. Activate the escalation checklist

  2. Implement the incident response plan

  3. Analyze the forensic image

  4. Perform evidence acquisition

Correct Answer: D

Explanation: https://staff.washington.edu/dittrich/misc/forensics/

Get Full Version of the Exam
CS0-001 Dumps
CS0-001 VCE and PDF