Free CompTIA CS0-003 Übungsprüfungen - Seite 15 von 17

Question #141

An organization supports a large number of remote users.

Which of the following is the best option to protect the data on the remote users‘ laptops?

A . Require the use of VPNs.
B . Require employees to sign an NDA.
C . Implement a DLP solution.
D . Use whole disk encryption.

Lösung einblenden Lösung ausblenden

Question #142

During the forensic analysis of a compromised machine, a security analyst discovers some binaries

that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content.

Which of the following is the next step the analyst should take?

A . Validate the binaries‘ hashes from a trusted source.
B . Use file integrity monitoring to validate the digital signature
C . Run an antivirus against the binaries to check for malware.
D . Only allow binaries on the approve list to execute.

Lösung einblenden Lösung ausblenden

Question #143

A new prototype for a company’s flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties

Which of the following would allow the IT team to determine which devices are USB enabled?

A . Asset tagging
B . Device encryption
C . Data loss prevention
D . SIEMIogs

Lösung einblenden Lösung ausblenden

Question #144

A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well.

Which of the following is the most likely explanation?

A . C2 beaconing activity
B . Data exfiltration
C . Anomalous activity on unexpected ports
D . Network host IP address scanning
E . A rogue network device

Lösung einblenden Lösung ausblenden

Question #145

An organization has established a formal change management process after experiencing several critical system failures over the past year.

Which of the following are key factors that the change management process will include in order to reduce the impact of system failures? (Select two).

A . Ensure users the document system recovery plan prior to deployment.
B . Perform a full system-level backup following the change.
C . Leverage an audit tool to identify changes that are being made.
D . Identify assets with dependence that could be impacted by the change.
E . Require diagrams to be completed for all critical systems.
F . Ensure that all assets are properly listed in the inventory management system.

Lösung einblenden Lösung ausblenden

Richtige Antwort: DF
DF

Explanation:

The correct answers for key factors in the change management process to reduce the impact of system failures are:

D) Identify assets with dependence that could be impacted by the change.

F) Ensure that all assets are properly listed in the inventory management system.

D) Identify assets with dependence that could be impacted by the change: This is crucial in change management because understanding the interdependencies among assets can help anticipate and mitigate the potential cascading effects of a change. By identifying these dependencies, the organization can plan more effectively for changes and minimize the risk of unintended consequences that could lead to system failures.

F) Ensure that all assets are properly listed in the inventory management system: Maintaining an accurate and comprehensive inventory of assets is fundamental in change management. Knowing exactly what assets the organization possesses and their characteristics allows for better planning and impact analysis when changes are made. This ensures that no critical component is overlooked during the change process, reducing the risk of failures due to incomplete information.

Other Options:

A) Ensure users document system recovery plan prior to deployment: While documenting a system recovery plan is important, it’s more related to disaster recovery and business continuity planning than directly reducing the impact of system failures due to changes.

B) Perform a full system-level backup following the change: While backups are essential, they are generally a reactive measure to recover from a failure, rather than a proactive measure to reduce the impact of system failures in the first place.

C) Leverage an audit tool to identify changes that are being made: While using an audit tool is helpful for tracking changes and ensuring compliance, it is not directly linked to reducing the impact of system failures due to changes.

E) Require diagrams to be completed for all critical systems: While having diagrams of critical systems is useful for understanding and managing them, it is not a direct method for reducing the

impact of system failures due to changes. Diagrams are more about documentation and understanding rather than proactive change management.

Question #146

An analyst is evaluating a vulnerability management dashboard. The analyst sees that a previously remediated vulnerability has reappeared on a database server.

Which of the following is the most likely cause?

A . The finding is a false positive and should be ignored.
B . A rollback had been executed on the instance.
C . The vulnerability scanner was configured without credentials.
D . The vulnerability management software needs to be updated.

Lösung einblenden Lösung ausblenden

Question #147

A cybersecurity analyst has been assigned to the threat-hunting team to create a dynamic detection strategy based on behavioral analysis and attack patterns.

Which of the following best describes what the analyst will be creating?

A . Bots
B . loCs
C . TTPs
D . Signatures

Lösung einblenden Lösung ausblenden

Question #148

Which of the following does "federation" most likely refer to within the context of identity and access management?

A . Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access
B . An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains
C . Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user
D . Correlating one’s identity with the attributes and associated applications the user has access to

Lösung einblenden Lösung ausblenden

Question #149

Which of the following is the most important factor to ensure accurate incident response reporting?

A . A well-defined timeline of the events
B . A guideline for regulatory reporting
C . Logs from the impacted system
D . A well-developed executive summary

Lösung einblenden Lösung ausblenden

Question #150

An attacker has just gained access to the syslog server on a LAN. Reviewing the syslog entries has allowed the attacker to prioritize possible next targets.

Which of the following is this an example of?

A . Passive network foot printing
B . OS fingerprinting
C . Service port identification
D . Application versioning

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

Passive network foot printing is the best description of the example, as it reflects the technique of collecting information about a network or system by monitoring or sniffing network traffic without sending any packets or interacting with the target. Foot printing is a term that refers to the process of gathering information about a target network or system, such as its IP addresses, open ports, operating systems, services, or vulnerabilities. Foot printing can be done for legitimate purposes, such as penetration testing or auditing, or for malicious purposes, such as reconnaissance or intelligence gathering. Foot printing can be classified into two types: active and passive. Active foot printing involves sending packets or requests to the target and analyzing the responses, such as using tools like ping, traceroute, or Nmap. Active foot printing can provide more accurate and detailed information, but it can also be detected by firewalls or intrusion detection systems (IDS). Passive foot printing involves observing or capturing network traffic without sending any packets or requests to the target, such as using tools like tcpdump, Wireshark, or Shodan. Passive foot printing can provide less information, but it can also avoid detection by firewalls or IDS. The example in the question shows that the attacker has gained access to the syslog server on a LAN and reviewed the syslog entries to prioritize possible next targets. A syslog server is a server that collects and stores log messages from various devices or applications on a network. A syslog entry is a record of an event or activity that occurred on a device or application, such as an error, a warning, or an alert. By reviewing the syslog entries, the attacker can obtain information about the network or system, such as its configuration, status, performance, or security issues. This is an example of passive network foot printing, as the attacker is not sending any packets or requests to the target, but rather observing or capturing network traffic from the syslog server. The other options are not correct, as they describe different techniques or concepts. OS fingerprinting is a technique of identifying the operating system of a target by analyzing its responses to certain packets or requests, such as using tools like Nmap or Xprobe2. OS fingerprinting can be done actively or passively, but it is not what the attacker is doing in the example. Service port identification is a technique of identifying the services running on a target by scanning its open ports and analyzing its responses to certain packets or requests, such as using tools like Nmap or Netcat. Service port identification can be done actively or passively, but it is not what the attacker is doing in the example. Application versioning is a concept that refers to the process of assigning unique identifiers to different versions of an application, such as using numbers, letters, dates, or names. Application versioning can help to track changes, updates, bugs, or features of an application, but it is not related to what the attacker is doing in the example.