2019 Free Microsoft EnsurePass CS0-001 Dumps VCE and PDF Download Part 6

EnsurePass
Exam Dumps
CS0-001 Dumps VCE and PDF
2019 CS0-001 Dumps VCE and PDF

 

QUESTION 51

Given the following access log:

 

image069

 

Which of the following accurately describes what this log displays?

 

A.

A vulnerability in jQuery

B.

Application integration with an externally hosted database

C.

A vulnerability scan performed from the Internet

D.

A vulnerability in Javascript

 

Correct Answer: C

 

 

QUESTION 52

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability to monitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of the organization?

 

A.

Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.

B.

Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.

C.

Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

D.

Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

 

Correct Answer: C

 

 

QUESTION 53

A cybersecurity analyst has received the laptop of a user who recently left the company. The analyst types `history’ into the prompt, and sees this line of code in the latest bash history:

 

image070

 

This concerns the analyst because this subnet should not be known to users within the company. Which of the following describes what this code has done on the network?

 

A.

Performed a ping sweep of the Class C network.

B.

Performed a half open SYB scan on the network.

C.

Sent 255 ping packets to each host on the network.

D.

Sequentially sent an ICMP echo reply to the Class C network.

Correct Answer: A

 

 

QUESTION 54

A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

 

A.

Web application firewall

B.

Network firewall

C.

Web proxy

D.

Intrusion prevention system

 

Correct Answer: A

 

 

QUESTION 55

Which of the following principles describes how a security analyst should communicate during an incident?

 

A.

The communication should be limited to trusted parties only.

B.

The communication should be limited to security staff only.

C.

The communication should come from law enforcement.

D.

The communication should be limited to management only.

 

Correct Answer: B

 

 

QUESTION 56

After scanning the main company’s website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:

 

image071

 

The analyst reviews a snippet of the offending code:

 

image072

 

Which of the following is the BEST course of action based on the above warning and code snippet?

 

A.

The analyst should implement a scanner exception for the false positive.

B.

The system administrator should disable SSL and implement TLS.

C.

The developer should review the code and implement a code fix.

D.

The organization should update the browser GPO to resolve the issue.

 

Correct Answer: D

 

 

QUESTION 57

A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

 

A.

Malware has infected the workstation and is beaconing out to the specific IP address of the file server.

B.

The file server is attempting to transfer malware to the workstation via SMB.

C.

An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.

D.

An attacker has gained control of the workstation and is port scanning the network.

 

Correct Answer: C

 

 

QUESTION 58

A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company’s sensitive financial management application by default. Which of the following is the BEST course of action?

 

A.

Follow the incident response plan for the introduction of new accounts

B.

Disable the user accounts

C.

Remove the accounts’ access privileges to the sensitive application

D.

Monitor the outbound traffic from the application for signs of data exfiltration

E.

Confirm the accounts are valid and ensure role-based permissions are appropriate

 

Correct Answer: E

 

 

QUESTION 59

A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?

 

A.

The analyst should create a backup of the drive and then hash the drive.

B.

The analyst should begin analyzing the image and begin to report findings.

C.

The analyst should create a hash of the image and compare it to the original drive’s hash.

D.

The analyst should create a chain of custody document and notify stakeholders.

 

Correct Answer: C

 

 

QUESTION 60

A system administrator recently deployed and verified the installation of a critical patch issued by the company’s primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?

 

A.

The administrator entered the wrong IP range for the assessment.

B.

The administrator did not wait long enough after applying the patch to run the assessment.

C.

The patch did not remediate the vulnerability.

D.

The vulnerability assessment returned false positives.

 

Correct Answer: C


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Top Cisco Exams Dumps

  • Top Microsoft Exams Dumps

  • Top CompTIA Exams Dumps

  • Top VMware Exams Dumps

  • Microsoft Cisco VMware CompTIA Dumps