[Free] 2019(Oct) EnsurePass CompTIA CS0-001 Dumps with VCE and PDF 1-10

Get Full Version of the Exam

Question No.1

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)

  1. 3DES

  2. AES

  3. IDEA

  4. PKCS

  5. PGP

  6. SSL/TLS


Correct Answer: BDF

Question No.2

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device.

The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

  1. Develop a minimum security baseline while restricting the type of data that can be accessed.

  2. Implement a single computer configured with USB access and monitored by sensors.

  3. Deploy a kiosk for synchronizing while using an access list of approved users.

  4. Implement a wireless network configured for mobile device access and monitored by sensors.

Correct Answer: D

Question No.3

An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali#39;s latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of the following techniques did the analyst use to perform these unauthorized activities?

  1. Impersonation

  2. Privilege escalation

  3. Directory traversal

  4. Input injection

Correct Answer: C

Question No.4

An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users that the application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analyst during their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reported problems?

  1. The security analyst should perform security regression testing during each application development cycle.

  2. The security analyst should perform end user acceptance security testing during each application development cycle.

  3. The security analyst should perform secure coding practices during each application development cycle.

  4. The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle.

Correct Answer: A

Question No.5

After running a packet analyzer on the network, a security analyst has noticed the following output:


Which of the following is occurring?

  1. A ping sweep

  2. A port scan

  3. A network map

  4. A service discovery

Correct Answer: B

Question No.6

As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

  1. Timing of the scan

  2. Contents of the executive summary report

  3. Excluded hosts

  4. Maintenance windows

  5. IPS configuration

  6. Incident response policies

Correct Answer: AC

Question No.7

Using a heuristic system to detect an anomaly in a computer#39;s baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?

  1. Cookie stealing

  2. Zero-day

  3. Directory traversal

  4. XML injection

Correct Answer: B

Question No.8

During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

  1. Static code analysis

  2. Peer review code

  3. Input validation

  4. Application fuzzing

Correct Answer: C

Question No.9

A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:


Based on the above information, which of the following should the system administrator do? (Select TWO).

  1. Verify the vulnerability using penetration testing tools or proof-of-concept exploits.

  2. Review the references to determine if the vulnerability can be remotely exploited.

  3. Mark the result as a false positive so it will show in subsequent scans.

  4. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.

  5. Implement the proposed solution by installing Microsoft patch Q316333.

Correct Answer: DE

Question No.10

A security analyst received a compromised workstation. The workstation#39;s hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

  1. Make a copy of the hard drive.

  2. Use write blockers.

  3. Run rm -R command to create a hash.

  4. Install it on a different machine and explore the content.

Correct Answer: B

Get Full Version of the Exam
CS0-001 Dumps
CS0-001 VCE and PDF