2019 Free Microsoft EnsurePass CS0-001 Dumps VCE and PDF Download Part 5

EnsurePass
Exam Dumps
CS0-001 Dumps VCE and PDF
2019 CS0-001 Dumps VCE and PDF

 

QUESTION 41

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?

 

A.

Phishing

B.

Social engineering

C.

Man-in-the-middle

D.

Shoulder surfing

 

Correct Answer: C

 

 

QUESTION 42

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended by the audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?

 

A.

Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.

B.

Change all devices and servers that support it to 636, as encrypted services run by default on 636.

C.

Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

D.

Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

 

Correct Answer: B

 

 

QUESTION 43

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client. Which of the following should the company implement?

 

A.

Port security

B.

WPA2

C.

Mandatory Access Control

D.

Network Intrusion Prevention

 

Correct Answer: A

 

 

QUESTION 44

A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website?

 

A.

VPN

B.

Honeypot

C.

Whitelisting

D.

DMZ

E.

MAC filtering

 

Correct Answer: C

 

 

QUESTION 45

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

 

A.

Co-hosted application

B.

Transitive trust

C.

Mutually exclusive access

D.

Dual authentication

 

Correct Answer: B

 

 

QUESTION 46

A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford to purchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against data loss? (Select THREE).

 

A.

Prevent users from accessing personal email and file-sharing sites via web proxy

B.

Prevent flash drives from connecting to USB ports using Group Policy

C.

Prevent users from copying data from workstation to workstation

D.

Prevent users from using roaming profiles when changing workstations

E.

Prevent Internet access on laptops unless connected to the network in the office or via VPN

F.

Prevent users from being able to use the copy and paste functions

 

Correct Answer: ABE

 

 

QUESTION 47

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

 

A.

OSSIM

B.

SDLC

C.

SANS

D.

ISO

 

Correct Answer: D

 

 

 

 

QUESTION 48

A vulnerability scan has returned the following information:

 

image067

 

Which of the following describes the meaning of these results?

 

A.

There is an unknown bug in a Lotus server with no Bugtraq ID.

B.

Connecting to the host using a null session allows enumeration of share names.

C.

Trend Micro has a known exploit that must be resolved or patched.

D.

No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

 

Correct Answer: B

 

 

QUESTION 49

Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the server from anywhere in the company. Which of the following would be an effective solution?

 

A.

Honeypot

B.

Jump box

C.

Server hardening

D.

Anti-malware

 

Correct Answer: B

 

 

QUESTION 50

The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromised workstation?

 

A.

Activate the escalation checklist

B.

Implement the incident response plan

C.

Analyze the forensic image

D.

Perform evidence acquisition

 

Correct Answer: D

Explanation:

https://staff.washington.edu/dittrich/misc/forensics/

This entry was posted in 2019 CS0-001 Dumps Practice Exams and tagged , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.