Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CS0-001 Questions and Answers

Question # 6

After implementing and running an automated patching tool, a security administrator ran a vulnerability scan that reported no missing patches found. Which of the following BEST describes why this tool was used?

A.

To create a chain of evidence to demonstrate when the servers were patched.

B.

To harden the servers against new attacks.

C.

To provide validation that the remediation was active.

D.

To generate log data for unreleased patches.

Full Access
Question # 7

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

Locky.js

xerty.ini

xerty.lib

Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

A.

Disable access to the company VPN.

B.

Move the files from the NAS to a cloud-based storage solution.

C.

Set permissions on file shares to read-only.

D.

Add the URL included in the .js file to the company’s web proxy filter.

Full Access
Question # 8

An analyst performed the following activities:

1. Review the security logs.

2. Install a surveillance camera.

3. Analyst trend reports.

Which of the following job responsibilities is the analyst performing? (select TWO.)

A.

Detect a security incident.

B.

Reduce attack surface of the system.

C.

Implement monitoring controls

D.

Implement network devices

E.

Prevent unauthorized access.

F.

Encrypt the devices.

Full Access
Question # 9

A technician at a company’s retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.

Which of the following is MOST likely causing the issue?

A.

A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.

B.

Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.

C.

A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.

D.

Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.

Full Access
Question # 10

During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of human resources has been logging in from multiple locations, including several overseas. Further review of the account showed access rights to a number of corporate applications, including a sensitive accounting application used for employee bonuses. Which of the following security methods could be used to mitigate this risk?

A.

RADIUS identity management

B.

Context-based authentication

C.

Privilege escalation restrictions

D.

Elimination of self-service password resets

Full Access
Question # 11

Company A’s security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

A.

Change PermitRootLogin no to #PermitRootLogin yes

B.

Change ChallengeResponseAuthentication yes to ChallangeResponseAuthentication no

C.

Change PubkeyAuthentication yes to #PubkeyAuthentication yes

D.

Change #AuthorizedKeysFile sh/.ssh/authorized_keys to AuthorizedKeysFile sh/.ssh/authorized_keys

E.

Change PassworAuthentication yes to PasswordAuthentication no

Full Access
Question # 12

An analyst received a forensically sound copy of an employee’s hard drive. The employee’s manager suspects inappropriate images may have been deleted from the hard drive. Which of the following could help the analyst recover the deleted evidence?

A.

File hashing utility

B.

File timestamps

C.

File carving tool

D.

File analysis tool

Full Access
Question # 13

A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

A.

Violating national security policy

B.

Packet injection

C.

Loss of intellectual property

D.

International labor laws

Full Access
Question # 14

An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

A.

Wireshark

B.

Qualys

C.

netstat

D.

nmap

E.

ping

Full Access
Question # 15

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

Locky.js

xerty.ini

xerty.lib

Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

A.

Disable access to the company VPN.

B.

Email employees instructing them not to open the invoice attachment.

C.

Set permissions on file shares to read-only.

D.

Add the URL included in the .js file to the company’s web proxy filter.

Full Access
Question # 16

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?

A.

Phishing

B.

Social engineering

C.

Man-in-the-middle

D.

Shoulder surfing

Full Access
Question # 17

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

A.

To schedule personnel resources required for test activities

B.

To determine frequency of team communication and reporting

C.

To mitigate unintended impacts to operations

D.

To avoid conflicts with real intrusions that may occur

E.

To ensure tests have measurable impact to operations

Full Access
Question # 18

A software patch has been released to remove vulnerabilities from company’s software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?

A.

Fuzzing

B.

User acceptance testing

C.

Regression testing

D.

Penetration testing

Full Access
Question # 19

The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.

If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean.

If the vulnerability is valid, the analyst must remediate the finding.

After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

Instructions

STEP 1: Review the information provided in the network diagram.

STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

Full Access
Question # 20

A cybersecurity analyst is conducting a security test to ensure that information regarding the web server is protected from disclosure. The cybersecurity analyst requested an HTML file from the web server, and the response came back as follows:

Which of the following actions should be taken to remediate this security issue?

A.

Set “Allowlatescanning” to 1 in the URLScan.ini configuration file.

B.

Set “Removeserverheader” to 1 in the URLScan.ini configuration file.

C.

Set “Enablelogging” to 0 in the URLScan.ini configuration file.

D.

Set “Perprocesslogging” to 1 in the URLScan.ini configuration file.

Full Access
Question # 21

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.

The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client.

Which of the following should the company implement?

A.

Port security

B.

WPA2

C.

Mandatory Access Control

D.

Network Intrusion Prevention

Full Access
Question # 22

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

A.

The analyst is not using the standard approved browser.

B.

The analyst accidently clicked a link related to the indicator.

C.

The analyst has prefetch enabled on the browser in use.

D.

The alert in unrelated to the analyst’s search.

Full Access
Question # 23

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.

The access records are used to identify which staff members accessed the data center in the event of equipment theft.

Which of the following MUST be prevented in order for this policy to be effective?

A.

Password reuse

B.

Phishing

C.

Social engineering

D.

Tailgating

Full Access
Question # 24

After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

A.

privilege escalation.

B.

advanced persistent threat.

C.

malicious insider threat.

D.

spear phishing.

Full Access
Question # 25

Law enforcement has contacted a corporation’s legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

A.

Perform security awareness training about incident communication.

B.

Request all employees verbally commit to an NDA about the breach.

C.

Temporarily disable employee access to social media.

D.

Have law enforcement meet with employees.

Full Access
Question # 26

You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.

Instructions:

The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node. The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Full Access
Question # 27

A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types ‘history’ into the prompt, and sees this line of code in the latest bash history:

This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?

A.

Performed a ping sweep of the Class C network.

B.

Performed a half open SYB scan on the network.

C.

Sent 255 ping packets to each host on the network.

D.

Sequentially sent an ICMP echo reply to the Class C network.

Full Access
Question # 28

A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and production is affected. Which of the following sources would be used to evaluate which network service was interrupted?

A.

Syslog

B.

Network mapping

C.

Firewall logs

D.

NIDS

Full Access
Question # 29

Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

A.

Blue team training exercises

B.

Technical control reviews

C.

White team training exercises

D.

Operational control reviews

Full Access
Question # 30

In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed?

A.

Attempt to identify all false positives and exceptions, and then resolve all remaining items.

B.

Hold off on additional scanning until the current list of vulnerabilities have been resolved.

C.

Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.

D.

Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

Full Access
Question # 31

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

A.

Co-hosted application

B.

Transitive trust

C.

Mutually exclusive access

D.

Dual authentication

Full Access
Question # 32

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

A.

Start the change control process.

B.

Rescan to ensure the vulnerability still exists.

C.

Implement continuous monitoring.

D.

Begin the incident response process.

Full Access
Question # 33

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

A.

Threat intelligence reports

B.

Technical constraints

C.

Corporate minutes

D.

Governing regulations

Full Access
Question # 34

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)

A.

Fuzzing

B.

Behavior modeling

C.

Static code analysis

D.

Prototyping phase

E.

Requirements phase

F.

Planning phase

Full Access
Question # 35

A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

A.

There is an unknown bug in a Lotus server with no Bugtraq ID.

B.

Connecting to the host using a null session allows enumeration of share names.

C.

Trend Micro has a known exploit that must be resolved or patched.

D.

No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

Full Access
Question # 36

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company A’s conference rooms. This access is provided to allow partners the ability to establish VPNs back to Company B’s network. The security architect for Company A wants to ensure partners from Company B are able to gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports. Which of the following can be employed to allow this?

A.

ACL

B.

SIEM

C.

MAC

D.

NAC

E.

SAML

Full Access
Question # 37

During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

A.

Static code analysis

B.

Peer review code

C.

Input validation

D.

Application fuzzing

Full Access
Question # 38

A malicious user is reviewing the following output:

root:~#ping 192.168.1.137

64 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms

64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 ms

root: ~#

Based on the above output, which of the following is the device between the malicious user and the target?

A.

Proxy

B.

Access point

C.

Switch

D.

Hub

Full Access
Question # 39

The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:

Which of the following describes the reason why the discovery is failing?

A.

The scanning tool lacks valid LDAP credentials.

B.

The scan is returning LDAP error code 52255a.

C.

The server running LDAP has antivirus deployed.

D.

The connection to the LDAP server is timing out.

E.

The LDAP server is configured on the wrong port.

Full Access
Question # 40

Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potential impacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is this considered to be?

A.

Threat intelligence

B.

Threat information

C.

Threat data

D.

Advanced persistent threats

Full Access
Question # 41

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the data and making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?

A.

Trend analysis

B.

Behavior analysis

C.

Availability analysis

D.

Business analysis

Full Access
Question # 42

Given the following access log:

Which of the following accurately describes what this log displays?

A.

A vulnerability in jQuery

B.

Application integration with an externally hosted database

C.

A vulnerability scan performed from the Internet

D.

A vulnerability in Javascript

Full Access
Question # 43

A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:

Based on the above information, which of the following should the system administrator do? (Select TWO).

A.

Verify the vulnerability using penetration testing tools or proof-of-concept exploits.

B.

Review the references to determine if the vulnerability can be remotely exploited.

C.

Mark the result as a false positive so it will show in subsequent scans.

D.

Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.

E.

Implement the proposed solution by installing Microsoft patch Q316333.

Full Access
Question # 44

Nmap scan results on a set of IP addresses returned one or more lines beginning with “cpe:/o:” followed by a company name, product name, and version. Which of the following would this string help an administrator to identify?

A.

Operating system

B.

Running services

C.

Installed software

D.

Installed hardware

Full Access
Question # 45

A new policy requires the security team to perform web application and OS vulnerability scans. All of the company’s web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company’s web application, while at the same time reducing false positives?

A.

The vulnerability scanner should be configured to perform authenticated scans.

B.

The vulnerability scanner should be installed on the web server.

C.

The vulnerability scanner should implement OS and network service detection.

D.

The vulnerability scanner should scan for known and unknown vulnerabilities.

Full Access
Question # 46

A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of the following is the MOST important security control for the manager to invest in to protect the facility?

A.

Run a penetration test on the installed agent.

B.

Require that the solution provider make the agent source code available for analysis.

C.

Require through guides for administrator and users.

D.

Install the agent for a week on a test system and monitor the activities.

Full Access
Question # 47

A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.

Which of the following should be used to communicate expectations related to the execution of scans?

A.

Vulnerability assessment report

B.

Lessons learned documentation

C.

SLA

D.

MOU

Full Access
Question # 48

Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturing department?

A.

Board of trustees

B.

Human resources

C.

Legal

D.

Marketing

Full Access
Question # 49

Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

A.

Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.

B.

Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

C.

Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.

D.

Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot. Permit the URLs classified as uncategorized to and from that host.

Full Access
Question # 50

During the forensic phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. The attacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potential remediation?

A.

Session hijacking; network intrusion detection sensors

B.

Cross-site scripting; increased encryption key sizes

C.

Man-in-the-middle; well-controlled storage of private keys

D.

Rootkit; controlled storage of public keys

Full Access
Question # 51

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.

Which of the following actions should the analyst take?

A.

Reschedule the automated patching to occur during business hours.

B.

Monitor the web application service for abnormal bandwidth consumption.

C.

Create an incident ticket for anomalous activity.

D.

Monitor the web application for service interruptions caused from the patching.

Full Access
Question # 52

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

A.

Drive adapters

B.

Chain of custody form

C.

Write blockers

D.

Crime tape

E.

Hashing utilities

F.

Drive imager

Full Access
Question # 53

A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?

A.

Quarterly

B.

Yearly

C.

Bi-annually

D.

Monthly

Full Access
Question # 54

A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

A.

The remote host is redirecting port 80 to port 8080.

B.

The remote host is running a service on port 8080.

C.

The remote host’s firewall is dropping packets for port 80.

D.

The remote host is running a web server on port 80.

Full Access
Question # 55

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.

Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier to implement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve management’s objective?

A.

(CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement

B.

(CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement

C.

(CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement

D.

((CVSS Score) * 2) / Difficulty = PriorityWhere CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement

Full Access
Question # 56

The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation?

A.

Activate the escalation checklist

B.

Implement the incident response plan

C.

Analyze the forensic image

D.

Perform evidence acquisition

Full Access
Question # 57

An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

A.

CVSS

B.

SLA

C.

ITIL

D.

OpenVAS

E.

Qualys

Full Access
Question # 58

A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

A.

The analyst is red team.The employee is blue team.The manager is white team.

B.

The analyst is white team.The employee is red team.The manager is blue team.

C.

The analyst is red team.The employee is white team.The manager is blue team.

D.

The analyst is blue team.The employee is red team.The manager is white team.

Full Access
Question # 59

After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve a user navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?

A.

Cross training

B.

Succession planning

C.

Automated reporting

D.

Separation of duties

Full Access
Question # 60

A suite of three production servers that were originally configured identically underwent the same vulnerability scans. However, recent results revealed the three servers has different critical vulnerabilities. The servers are not accessible by the Internet, and AV programs have not detected any malware. The servers’ syslog files do not show any unusual traffic since they were installed and are physically isolated in an off-site datacenter. Checksum testing of random executables does not reveal tampering. Which of the following scenarios is MOST likely?

A.

Servers have not been scanned with the latest vulnerability signature

B.

Servers have been attacked by outsiders using zero-day vulnerabilities

C.

Servers were made by different manufacturers

D.

Servers have received different levels of attention during previous patch management events

Full Access
Question # 61

An organization is performing vendor selection activities for penetration testing, and a security analyst is reviewing the MOA and rules of engagement, which were supplied with proposals. Which of the following should the analyst expect will be included in the documents and why?

A.

The scope of the penetration test should be included in the MOA to ensure penetration testing is conducted against only specifically authorized network resources.

B.

The MOA should address the client SLA in relation to reporting results to regulatory authorities, including issuing banks for organizations that process cardholder data.

C.

The rules of engagement should include detailed results of the penetration scan, including all findings, as well as designation of whether vulnerabilities identified during the scanning phases are found to be exploitable during the penetration test.

D.

The exploitation standards should be addressed in the rules of engagement to ensure both parties are aware of the depth of exploitation that will be attempted by penetration testers.

Full Access
Question # 62

A company’s IDP/DLP solution triggered the following alerts:

Which of the following alerts should a security analyst investigate FIRST?

A.

A

B.

B

C.

C

D.

D

E.

E

Full Access
Question # 63

A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showing susceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which of the following vulnerability management processes should be implemented?

A.

Frequent server scanning

B.

Automated report generation

C.

Group policy modification

D.

Regular patch application

Full Access
Question # 64

In comparison to non-industrial IT vendors, ICS equipment vendors generally:

A.

rely less on proprietary code in their hardware products.

B.

have more mature software development models.

C.

release software updates less frequently.

D.

provide more expensive vulnerability reporting.

Full Access
Question # 65

After reviewing security logs, it is noticed that sensitive data is being transferred over an insecure network. Which of the following would a cybersecurity analyst BEST recommend that the organization implement?

A.

Use a VPN

B.

Update the data classification matrix.

C.

Segment the networks.

D.

Use FIM.

E.

Use a digital watermark.

Full Access
Question # 66

The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

A.

Execute the ver command

B.

Execute the nmap –p command

C.

Use Wireshark to export a list

D.

Use credentialed configuration

Full Access
Question # 67

A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value?

A.

Access control list network segmentation that prevents access to the SCADA devices inside the network.

B.

Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices.

C.

Implementation of a VLAN that allows all devices on the network to see all SCADA devices on the network.

D.

SCADA systems configured with ‘SCADA SUPPORT’=ENABLE

Full Access
Question # 68

A vulnerability scan came back with critical findings for a Microsoft SharePoint server:

Which of the following actions should be taken?

A.

Remove Microsoft Office from the server.

B.

Document the finding as an exception.

C.

Install a newer version of Microsoft Office on the server.

D.

Patch Microsoft Office on the server.

Full Access