[Free] 2019(Oct) EnsurePass CompTIA CS0-001 Dumps with VCE and PDF 21-30

Get Full Version of the Exam

Question No.21

A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization#39;s internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure. The scope of activity as described in the statement of work is an example of:

  1. session hijacking

  2. vulnerability scanning

  3. social engineering

  4. penetration testing

  5. friendly DoS

Correct Answer: D

Question No.22

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?

  1. Advanced persistent threat

  2. Buffer overflow vulnerability

  3. Zero day

  4. Botnet

Correct Answer: A

Question No.23

Law enforcement has contacted a corporation#39;s legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

  1. Security awareness about incident communication channels

  2. Request all employees verbally commit to an NDA about the breach

  3. Temporarily disable employee access to social media

  4. Law enforcement meeting with employees

Correct Answer: A

Question No.24

Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

  1. Incident response plan

  2. Lessons learned report

  3. Reverse engineering process

  4. Chain of custody documentation

Correct Answer: B

Question No.25

A security analyst is reviewing the following log after enabling key-based authentication.


Given the above information, which of the following steps should be performed NEXT to secure the system?

  1. Disable anonymous SSH logins.

  2. Disable password authentication for SSH.

  3. Disable SSHv1.

  4. Disable remote root SSH logins.

Correct Answer: B

Question No.26

Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated quot;Criticalquot;.

The administrator observed the following about the three servers:


The servers are not accessible by the Internet



AV programs indicate the servers have had malware as recently as two weeks ago The SIEM shows unusual traffic in the last 20 days


Integrity validation of system files indicates unauthorized modifications

Which of the following assessments is valid and what is the most appropriate NEXT step? (Select


  1. Servers may have been built inconsistently

  2. Servers may be generating false positives via the SIEM

  3. Servers may have been tampered with

  4. Activate the incident response plan

  5. Immediately rebuild servers from known good configurations

  6. Schedule recurring vulnerability scans on the servers

Correct Answer: DE

Question No.27

While reviewing proxy logs, the security analyst noticed a suspicious traffic pattern. Several internal hosts were observed communicating with an external IP address over port 80 constantly. An incident was declared, and an investigation was launched. After interviewing the affected users, the analyst determined the activity started right after deploying a new graphic design suite. Based on this information, which of the following actions would be the appropriate NEXT step in the investigation?

  1. Update all antivirus and anti-malware products, as well as all other host-based security software on the servers the affected users authenticate to.

  2. Perform a network scan and identify rogue devices that may be generating the observed traffic. Remove those devices from the network.

  3. Identify what the destination IP address is and who owns it, and look at running processes on the affected hosts to determine if the activity is malicious or not.

  4. Ask desktop support personnel to reimage all affected workstations and reinstall the graphic design suite. Run a virus scan to identify if any viruses are present.

Correct Answer: A

Question No.28

A recent vulnerability scan found four vulnerabilities on an organization#39;s public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?

  1. A cipher that is known to be cryptographically weak.

  2. A website using a self-signed SSL certificate.

  3. A buffer overflow that allows remote code execution.

  4. An HTTP response that reveals an internal IP address.

Correct Answer: C

Question No.29

A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of quot;passwordquot; grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?

  1. Manual peer review

  2. User acceptance testing

  3. Input validation

  4. Stress test the application

Correct Answer: C

Question No.30

A software development company in the manufacturing sector has just completed the alpha version of its flagship application. The application has been under development for the past three years. The SOC has seen intrusion attempts made by indicators associated with a particular APT. The company has a hot site location for COOP. Which of the following threats would most likely incur the BIGGEST economic impact for the company?

  1. DDoS

  2. ICS destruction

  3. IP theft

  4. IPS evasion

Correct Answer: A

Get Full Version of the Exam
CS0-001 Dumps
CS0-001 VCE and PDF