Free CompTIA CS0-003 Übungsprüfungen - Seite 13 von 17

Question #121

Which of the following best describes the process of requiring remediation of a known threat within a given time frame?

A . SLA
B . MOU
C . Best-effort patching
D . Organizational governance

Richtige Antwort: D
D

Explanation:

An SLA (Service Level Agreement) is a contract or agreement between a service provider and a customer that defines the expected level of service, performance, quality, and availability of the service. An SLA also specifies the responsibilities, obligations, and penalties for both parties in case of non-compliance or breach of the agreement. An SLA can help organizations to ensure that their security services are delivered in a timely and effective manner, and that any security incidents or vulnerabilities are addressed and resolved within a specified time frame. An SLA can also help to establish clear communication, expectations, and accountability between the service provider and the customer12

An MOU (Memorandum of Understanding) is a document that expresses a mutual agreement or understanding between two or more parties on a common goal or objective. An MOU is not legally binding, but it can serve as a basis for future cooperation or collaboration. An MOU may not be suitable for requiring remediation of a known threat within a given time frame, as it does not have the same level of enforceability, specificity, or measurability as an SLA.

Best-effort patching is an informal and ad hoc approach to applying security patches or updates to systems or software. Best-effort patching does not follow any defined process, policy, or schedule, and relies on the availability and discretion of the system administrators or users. Best-effort patching may not be effective or efficient for requiring remediation of a known threat within a given time frame, as it does not guarantee that the patches are applied correctly, consistently, or promptly. Best-effort patching may also introduce new risks or vulnerabilities due to human error, compatibility issues, or lack of testing.

Organizational governance is the framework of rules, policies, procedures, and processes that guide and direct the activities and decisions of an organization. Organizational governance can help to establish the roles, responsibilities, and accountabilities of different stakeholders within the organization, as well as the goals, values, and principles that shape the organizational culture and behavior. Organizational governance can also help to ensure compliance with internal and external standards, regulations, and laws. Organizational governance may not be sufficient for requiring remediation of a known threat within a given time frame, as it does not specify the details or metrics of the service delivery or performance. Organizational governance may also vary depending on the size, structure, and nature of the organization.

Question #122

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country.

Which of the following describes what the analyst has noticed?

A . Beaconing
B . Cross-site scripting
C . Buffer overflow
D . PHP traversal

Lösung einblenden Lösung ausblenden

Question #123

A security analyst is trying to validate the results of a web application scan with Burp Suite.

The security analyst performs the following:

图形用户界面, 文本, 应用程序

描述已自动生成

Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

A . SQL injection
B . LFI
C . XSS
D . CSRF

Lösung einblenden Lösung ausblenden

Question #124

An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time.

Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?

A . Requiring the use of the corporate VPN
B . Requiring the screen to be locked after five minutes of inactivity
C . Requiring the laptop to be locked in a cabinet when not in use
D . Requiring full disk encryption

Lösung einblenden Lösung ausblenden

Question #124

An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time.

Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?

A . Requiring the use of the corporate VPN
B . Requiring the screen to be locked after five minutes of inactivity
C . Requiring the laptop to be locked in a cabinet when not in use
D . Requiring full disk encryption

Lösung einblenden Lösung ausblenden

Question #126

Results of a SOC customer service evaluation indicate high levels of dissatisfaction with the inconsistent services provided after regular work hours. To address this, the SOC lead drafts a document establishing customer expectations regarding the SOC’s performance and quality of services.

Which of the following documents most likely fits this description?

A . Risk management plan
B . Vendor agreement
C . Incident response plan
D . Service-level agreement

Lösung einblenden Lösung ausblenden

Question #127

A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network.

Which of the following would best aid in decreasing the workload without increasing staff?

A . SIEM
B . XDR
C . SOAR
D . EDR

Lösung einblenden Lösung ausblenden

Question #128

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed.

Which of the following commands will best accomplish the analyst’s objectives?

A . tcpdump -w packetCapture
B . tcpdump -a packetCapture
C . tcpdump -n packetCapture
D . nmap -v > packetCapture
E . nmap -oA > packetCapture

Lösung einblenden Lösung ausblenden

Question #129

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

文本

描述已自动生成

A . TLS_RSA_WITH_DES_CBC_SHA 56
B . TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)
C . TLS_RSA_WITH_AES_256_CBC_SHA 256
D . TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

Lösung einblenden Lösung ausblenden

Question #130

A company brings in a consultant to make improvements to its website. After the consultant leaves. a web developer notices unusual activity on the website and submits a suspicious file containing the following code to the security team:

图形用户界面, 文本, 应用程序

描述已自动生成

Which of the following did the consultant do?

Implanted a backdoor

Implemented privilege escalation

Implemented clickjacking

Patched the web server

Lösung einblenden Lösung ausblenden

Richtige Antwort: A

Explanation:

The correct answer is A. Implanted a backdoor.

A backdoor is a method that allows an unauthorized user to access a system or network without the permission or knowledge of the owner. A backdoor can be installed by exploiting a software vulnerability, by using malware, or by physically modifying the hardware or firmware of the device. A backdoor can be used for various malicious purposes, such as stealing data, installing malware, executing commands, or taking control of the system.

In this case, the consultant implanted a backdoor in the website by using an HTML and PHP code snippet that displays an image of a shutdown button and an alert message that says “Exit”. However, the code also echoes the remote address of the server, which means that it sends the IP address of the visitor to the attacker. This way, the attacker can identify and target the visitors of the website and use their IP addresses to launch further attacks or gain access to their devices.

The code snippet is an example of a clickjacking attack, which is a type of interface-based attack that tricks a user into clicking on a hidden or disguised element on a webpage. However, clickjacking is not the main goal of the consultant, but rather a means to implant the backdoor. Therefore, option C is incorrect.

Option B is also incorrect because privilege escalation is an attack technique that allows an attacker to gain higher or more permissions than they are supposed to have on a system or network. Privilege escalation can be achieved by exploiting a software vulnerability, by using malware, or by abusing misconfigurations or weak access controls. However, there is no evidence that the consultant implemented privilege escalation on the website or gained any elevated privileges.

Option D is also incorrect because patching is a process of applying updates to software to fix errors, improve performance, or enhance security. Patching can prevent or mitigate various types of attacks, such as exploits, malware infections, or denial-of-service attacks. However, there is no indication that the consultant patched the web server or improved its security in any way.

Reference: 1 What Is a Backdoor & How to Prevent Backdoor Attacks (2023)

2 What is Clickjacking? Tutorial & Examples | Web Security Academy

3 What Is Privilege Escalation and How It Relates to Web Security | Acunetix

4 What Is Patching? | Best Practices For Patch Management – cWatch Blog