2022 Updated Verified CS0-001 Q&As - Pass Guarantee or Full Refund [Q43-Q65]

5/5 - (2 votes)

2022 Updated Verified CS0-001 Q&As – Pass Guarantee or Full Refund

[Dec-2022] CS0-001 Certification with Actual Questions from BraindumpsIT

Why use BraindumpsIT to study

BraindumpsIT is a central hub for all people looking for information and resources regarding certification exams we create an extremely accurate and loyal web and mobile exam simulator. BraindumpsIT is providing a set of CS0-001 exam questions with the answers. CS0-001 practice exams have been built to imitate the real exam.

QUESTION 43
A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

Install agents on the endpoints to perform the scan

Provide each endpoint with vulnerability scanner credentials

Encrypt all of the traffic between the scanner and the endpoint

Deploy scanners with administrator privileges on each endpoint

QUESTION 44
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:

Which of the following mitigation techniques is MOST effective against the above attack?

The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.

The company should implement a network-based sinkhole to drop all traffic coming from 192.168.1.1 at their gateway router.

The company should implement the following ACL at their gateway firewall:
DENY IP HOST 192.168.1.1 170.43.30.0/24.

The company should enable the DoS resource starvation protection feature of the gateway NIPS.

QUESTION 45
HOTSPOT
Malware is suspected on a server in the environment. The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware. Servers
1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which hosts this malware.
Instructions:
If any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

QUESTION 46
A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?

The analyst should create a backup of the drive and then hash the drive.

The analyst should begin analyzing the image and begin to report findings.

The analyst should create a hash of the image and compare it to the original drive’s hash.

The analyst should create a chain of custody document and notify stakeholders.

QUESTION 47
A recent vulnerability scan found four vulnerabilities on an organization’s public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following should be remediated FIRST?

A cipher that is known to be cryptographically weak.

A website using a self-signed SSL certificate.

A buffer overflow that allows remote code execution.

An HTTP response that reveals an internal IP address.

QUESTION 48
File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:
chmod 777 -Rv /usr
Which of the following may be occurring?

The ownership pf /usr has been changed to the current user.

Administrative functions have been locked from users.

Administrative commands have been made world readable/writable.

The ownership of/usr has been changed to the root user.

QUESTION 49
Creating a lessons learned report following an incident will help an analyst to communicate which of the following information? (Select TWO)

Root cause analysis of the incident and the impact it had on the organization

Outline of the detailed reverse engineering steps for management to review

Performance data from the impacted servers and endpoints to report to management

Enhancements to the policies and practices that will improve business responses

List of IP addresses, applications, and assets

QUESTION 50
During a recent audit, there were a lot of findings similar to and including the following:

Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?

Use an automated patch management solution.

Remove the affected software programs from the servers.

Run Microsoft Baseline Security Analyzer on all of the servers.

Schedule regular vulnerability scans for all servers on the network.

QUESTION 51
A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

DDoS

APT

Ransomware

Software vulnerability

QUESTION 52
CORRECT TEXT
You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing
PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

QUESTION 53
A security analyst is performing a forensic analysis on a machine that was the subject of some historic
SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of
svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of
the following threats has the security analyst uncovered?

DDoS

APT

Ransomware

Software vulnerability

QUESTION 54
Various devices are connecting and authenticating to a single evil twin within the network. Which of the
following are MOST likely being targeted?

Mobile devices

All endpoints

VPNs

Network infrastructure

Wired SCADA devices

QUESTION 55
A company installed a wireless network more than a year ago, standardizing on the same model APs in a
single subnet. Recently, several users have reported timeouts and connection issues with Internet
browsing. The security administrator has gathered some information about the network to try to recreate
the issues with the assistance of a user. The administrator is able to ping every device on the network and
confirms that the network is very slow.

Output:

Given the above results, which of the following should the administrator investigate FIRST?

The AP-Workshop device

The AP-Reception device

The device at 192.168.1.4

The AP-IT device

The user’s PC

QUESTION 56
Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristic, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were clashed as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

Remove those computers from the network and replace the hard drives Send the Infected hard drives out lot investigation.

Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

Run a vulnerability scan and patch discovered vulnerabilities on the next patching cycle Have the users restart their computer Create a use case in the SIEM to monitor farted logins on infected computers.

Install a computer with the same settings as the infected computers in the DM^ to use as a honeypot Permit the URLs classified as uncategorized to and from that host.

QUESTION 57
After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

privilege escalation.

advanced persistent threat.

malicious insider threat.

spear phishing.

QUESTION 58
The following IDS log was discovered by a company’s cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

SQL injection attack

Cross-site scripting attack

Buffer overflow attack

Online password crack attack

QUESTION 59
Company A’s security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

Change PermitRootLoginnoto #PermitRootLoginyes

Change ChallengeResponseAuthentication yesto ChallangeResponseAuthentication no

Change PubkeyAuthentication yesto #PubkeyAuthentication yes

Change #AuthorizedKeysFile sh/.ssh/authorized_keysto AuthorizedKeysFile sh/
. ssh/authorized_keys

Change PassworAuthentication yesto PasswordAuthentication no

QUESTION 60
Given the following code:

Which of the following types of attacks is occurring in the example above?

MITM

Session hijacking

XSS

Privilege escalation

SQL injection

QUESTION 61
A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered large amounts of business critical data delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for (his transfer and discovered that this new process s not documented in the change management log. Which of the following would be the BESST course of action for the analyst to take?

Investigate a potential incident

Verify user per missions

Run a vulnerability scan

Verify SLA with cloud provider

QUESTION 62
Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image
before and after an investigation?

strings

sha1sum

file

gzip

QUESTION 63
Which of the following tools should an analyst use to scan for web server vulnerabilities?

Wireshark

Quslys

ArcSight

SolarWinds

QUESTION 64
Which of the fallowing has the GREAT EST impact to the data retention policies of an organization?

The CIA classification matrix assigned to each piece of data

The level of sensitivity of the data established by the data owner

The regulatory requirements concerning the data set

The technical constraints of the technology used to store the data

QUESTION 65
After analyzing and correlating activity from multiple sensors, the security analyst has determined a group
from a high-risk country is responsible for a sophisticated breach of the company network and continuous
administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is
an example of:

privilege escalation.

advanced persistent threat.

malicious insider threat.

spear phishing.