Get High Score with up-to-date CS0-001 Exam Questions

1. Malware is suspected on a server in the environment.

The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware

INSTRUCTIONS

Servers 1. 2, and 4 are clickable. Select the Server and the process that host the malware.

If at any time you would like to bring back the initial state of the simulation, please click the Resen All button

2. A security analyst performs various types of vulnerability scans.

Review the vulnerability scan results to determine the type of scan that was executed and If a false positive occurred for each device.

INSTRUCTIONS

Select the Results Generated drop-down option to determine if the results were generated

from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for False Positives and check the Findings that display false positives.

NOTE: If you would like to uncheck an option that is currently selected, click on the option

a second time

Lastly, based on the vulnerability scan results, identity the type of Server by dragging the

Server to the results

The Linux Web Server File-Print server, and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation please click the Reset AN button.

3. A security analyst suspects that a workstation may be beaconing to a command control server

Inspect the logs from the company's web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization

INSTRUCTIONS

Modify the firewall ACL using the Firewall ACL form to mitigate the issue

If at any time you would like to bring back the initial state of the simulation please click the Reset All button.

4. The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.

If the vulnerability is not valid the analyst must take the proper steps to get the scan clean

If the vulnerability is valid, the analyst must remediate the finding.

After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options

INSTRUC TIONS

STEP 1: Review the information provided in the network diagram

STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

5. A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems. A top talkers report a five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

6. During the forensic phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. The attacker used those keys to intercept and

decrypt sensitive traffic on a web server.

Which of the following describes this type of exploit and the potential remediation?

7. Which of the following is a vulnerability when using Windows as a host OS for virtual machines?

8. A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and the internal perimeter of the environment.

During which of the following processes is this type of information normally gathered?

9. A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked.

Which of the following are common attack techniques that take advantage of this practice? (Select TWO)

10. Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive.

The PII in question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

11. A recently issued audit report highlighted exceptions related to end-user handling of sensitive data and access credentials. A security manager is addressing the findings.

Which of the following activities should be implemented?

12. During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?

13. A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike.

Which of the following describes what may be occurring?

14. Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia.

Which of the following steps should be taken NEXT?

15. Which of the following has the GREATEST impact to the data retention policies of an organization?

16. A company has decided to process credit card transactions directly.

Which of the following would meet the requirements for scanning this type of data?

17. Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization’s workstation devices?

18. A new zero- day vulnerability was discovered within a basic screen capture app, which is used throughout the environment Two days after discovering the vulnerability, the manufacturer of the software has management teams. The vulnerability allows remote code execution to gain privileged access to the system.

Which of the following is the BEST course of action to mitigate this threat?

19. Which of the following tools should a cybersecurity analyst use to verity the integrity of a forensic image before and after an investigation?

20. A computer has been infected with a virus and is sending out a beacon to a command and control server through an unknown service.

Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?

21. A central zed tool for organizing security events and managing their response and resolution is known as:

22. After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve a user navigation issue that was causing for several customers. The code had inadvertently granted administrative privileges to all users, allowing inappropriate access to sensitive data and reports.

Which of the following could have prevented this code from being released into the production environment?

23. A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensics lab.

Which of the following items would be MOST helpful to secure the PC? (Select THREE)

24. A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution to address the need for integrating the business and ICS networks. The solution requires a very small agent to be installed on the ICS equipment.

Which of the following is the MOST important security control for the manager to invest in to protect the facility?

25. A security professional is analyzing the results of a network utilization report.

The report includes the following information:

Which of the following servers needs further investigation?

26. Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.

Which of the following frameworks would BEST support the program? (Select Two)

27. A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages.

After determining the alert was a true positive, which of the following represents the MOST likely cause?

28. A company has implemented WPA2, a 20-character minimum for the WIFI passphrase, and a new WiFi passphrase every 30 days, and has disabled SSID broadcast on all wireless access points.

Which of the following is the company trying to mitigate?

29. The help desk formed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users.

The analyst has determined the email includes an attachment named invoice.zip that contains the following files:

Locky.jp

xerty.ini

xerty.lib

Further analysis indicates that when the zip file Is opened, it is installing a new version of ransomware on the devices.

Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

30. A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memory utilization, and outbound network traffic are consuming the laptop resources.

Which of the following is the BEST course of action to resolve the problem?

31. A security analyst has discovered that an outbound SHIP process is occurring at the same time of day for the past several days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination P for this transfer and discovered that this new process is not documented in the change management log.

Which of the following would be the BEST course of action for the analyst to take?

32. During an investigation, a computer is being seized.

Which of the following is the FIRST step the analyst should take?

33. A security analyst has determined the security team should take action based on the following log:

Host 192.168.2.7

[00:00:01] successful login: 015 192.168.2.7: local

[00:00:02] unsuccessful login: 022 222.34.56.8: RDP 192.168.2.8

[00:00:04] unsuccessful login: 010 222.34.56.8: RDP 192.168.2.8

[00:00:06] unsuccessful login: 015 222.34.56.8: RDP 192.168.2.8

[00:00:09] unsuccessful login: 012 222.34.56.8: RDP 192.168.2.8

Which of the following should be used to improve the security posture of the system?

34. An organization has recently experienced a data breach. A forensic analysis confirmed the attacker found a legacy web server that had not been used in over a year and was not regularly patched. After a discussion with the security team, management decided to initiate and penetration testing. They want to start the process by scanning the network for active hosts and open ports.

Which of the following tools is BEST suited for this job?

35. A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data.

Which of the following types of data incurs the highest regulatory constraints?

36. An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities.

Which of the following would be an indicator of a likely false positive?