CompTIA CS0-001 시험

Question No : 1

Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Select two.)

• A.Patching
• B.NIDS
• C.Segmentation
• D.Disabling unused services
• E.Firewalling

답을 확인하기

정답:

Question No : 2

A technician receives a report that a user’s workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running the back of the user’s VoIP phone is routed directly under the rolling chair and has been smashed flat over time.
Which of the following is the most likely cause of this issue?

• A.Cross-talk
• B.Electromagnetic interference
• C.Excessive collisions
• D.Split pairs

답을 확인하기

정답:

Question No : 3

HOTSPOT
A security analyst suspects that a workstation may be beaconing to a command and control server. Inspect the logs from the company’s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
Modify the firewall ACL, using the Firewall ACL form to mitigate the issue.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

답을 확인하기

정답:


Explanation:
Deny TCP 192.168.1.6 Any 2.63.25.201 80

Question No : 4

A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities .
Which of the following documents should include these details?

• A.Acceptable use policy
• B.Service level agreement
• C.Rules of engagement
• D.Memorandum of understanding
• E.Master service agreement

답을 확인하기

정답:

Question No : 5

A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages.
After determining the alert was a true positive, which of the following represents the MOST likely cause?

• A.Attackers are running reconnaissance on company resources.
• B.An outside command and control system is attempting to reach an infected system.
• C.An insider is trying to exfiltrate information to a remote network.
• D.Malware is running on a company system.

답을 확인하기

정답:

Question No : 6

A system administrator has reviewed the following output:



Which of the following can a system administrator infer from the above output?

• A.The company email server is running a non-standard port.
• B.The company email server has been compromised.
• C.The company is running a vulnerable SSH server.
• D.The company web server has been compromised.

답을 확인하기

정답:

Question No : 7

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company’s asset inventory is not current .
Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

• A.A manual log review from data sent to syslog
• B.An OS fingerprinting scan across all hosts
• C.A packet capture of data traversing the server network
• D.A service discovery scan on the network

답을 확인하기

정답:

Question No : 8

CORRECT TEXT
The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.
If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean.
If the vulnerability is valid, the analyst must remediate the finding.
After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.
Instructions
STEP 1: Review the information provided in the network diagram.
STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

답을 확인하기

정답: WEB_SERVER01: VALID C IMPLEMENT SSL/TLS
WEB_SERVER02: VALID C SET SECURE ATTRIBUTE WHEN COOKIE SHOULD SENT VIA HTTPS ONLY
WEB_SERVER03: VALID C IMPLEMENT CA SIGNED CERTIFICATE

Question No : 9

After scanning the main company’s website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:



The analyst reviews a snippet of the offending code:



Which of the following is the BEST course of action based on the above warning and code snippet?

• A.The analyst should implement a scanner exception for the false positive.
• B.The system administrator should disable SSL and implement TL
• C.The developer should review the code and implement a code fix.
• D.The organization should update the browser GPO to resolve the issue.

답을 확인하기

정답:

Question No : 10

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team .
Which of the following frameworks would BEST support the program? (Select two.)

• A.COBIT
• B.NIST
• C.ISO 27000 series
• D.ITIL
• E.OWASP

답을 확인하기

정답:

Question No : 11

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, and procedures do not exist .
Which of the following steps should be taken to assist in the development of the disaster recovery plan?

• A.Conduct a risk assessment.
• B.Develop a data retention policy.
• C.Execute vulnerability scanning.
• D.Identify assets.

답을 확인하기

정답:

Question No : 12

A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of “password” grants elevated access to the application over the Internet .
Which of the following is the BEST method to discover the vulnerability before a production deployment?

• A.Manual peer review
• B.User acceptance testing
• C.Input validation
• D.Stress test the application

답을 확인하기

정답:

Question No : 13

Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, and how it was remediated, in addition to incident response effectiveness and any identified gaps needing improvement?

• A.Forensic analysis report
• B.Chain of custody report
• C.Trends analysis report
• D.Lessons learned report

답을 확인하기

정답:

Question No : 14

Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

• A.Incident response plan
• B.Lessons learned report
• C.Reverse engineering process
• D.Chain of custody documentation

답을 확인하기

정답:

Question No : 15

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines.
Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

• A.Succession planning
• B.Separation of duties
• C.Mandatory vacation
• D.Personnel training
• E.Job rotation

답을 확인하기

정답: