EnsurePass
Exam Dumps
CS0-001 Dumps VCE and PDF
2019 CS0-001 Dumps VCE and PDF
QUESTION 81
A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)
A. |
Succession planning |
B. |
Separation of duties |
C. |
Mandatory vacation |
D. |
Personnel training |
E. |
Job rotation |
Correct Answer: BD
QUESTION 82
A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which of the following scanning topologies is BEST suited for this environment?
A. |
A passive scanning engine located at the core of the network infrastructure |
B. |
A combination of cloud-based and server-based scanning engines |
C. |
A combination of server-based and agent-based scanning engines |
D. |
An active scanning engine installed on the enterprise console |
Correct Answer: D
QUESTION 83
Several users have reported that when attempting to save documents in team folders, the following message is received:
The File Cannot Be Copied or Moved – Service Unavailable.
Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which of the following is the MOST likely scenario causing these issues?
A. |
The network is saturated, causing network congestion |
B. |
The file server is experiencing high CPU and memory utilization |
C. |
Malicious processes are running on the file server |
D. |
All the available space on the file server is consumed |
Correct Answer: A
QUESTION 84
An analyst has initiated an assessment of an organization’s security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)
A. |
Fingerprinting |
B. |
DNS query log reviews |
C. |
Banner grabbing |
D. |
Internet searches |
E. |
Intranet portal reviews |
F. |
Sourcing social network sites |
G. |
Technical control audits |
Correct Answer: DF
QUESTION 85
Which of the following policies BEST explains the purpose of a data ownership policy?
A. |
The policy should describe the roles and responsibilities between users and managers, and the management of specific data types. |
B. |
The policy should establish the protocol for retaining information types based on regulatory or business needs. |
C. |
The policy should document practices that users must adhere to in order to access data on the corporate network or Internet. |
D. |
The policy should outline the organization’s administration of accounts for authorized users to access the appropriate data. |
Correct Answer: D
QUESTION 86
Which of the following is MOST effective for correlation analysis by log for threat management?
A. |
PCAP |
B. |
SCAP |
C. |
IPS |
D. |
SIEM |
Correct Answer: D
QUESTION 87
A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?
A. |
Install agents on the endpoints to perform the scan |
B. |
Provide each endpoint with vulnerability scanner credentials |
C. |
Encrypt all of the traffic between the scanner and the endpoint |
D. |
Deploy scanners with administrator privileges on each endpoint |
Correct Answer: A
QUESTION 88
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
A. |
Honeypot |
B. |
Jump box |
C. |
Sandboxing |
D. |
Virtualization |
Correct Answer: A
QUESTION 89
A reverse engineer was analyzing malware found on a retailer’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?
A. |
POS malware |
B. |
Rootkit |
C. |
Key logger |
D. |
Ransomware |
Correct Answer: A
QUESTION 90
Which of the following BEST describes the offensive participants in a tabletop exercise?
A. |
Red team |
B. |
Blue team |
C. |
System administrators |
D. |
Security analysts |
E. |
Operations team |
Correct Answer: A