CS0-001 CompTIA Exam Lab Questions

Page: 10 / 16

Question 40

A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used to BEST protect the network in response to this alert? (Choose two.)

Options:

Set up a sinkhole for that dynamic DNS domain to prevent communication.

Isolate the infected endpoint to prevent the potential spread of malicious activity.

Implement an internal honeypot to catch the malicious traffic and trace it.

Perform a risk assessment and implement compensating controls.

Ensure the IDS is active on the network segment where the endpoint resides.

Question 41

A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user’s account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

Options:

The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.

The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.

The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.

The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

Question 42

An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability management process?

Options:

Create a third environment between development and production that mirrors production and tests all changes before deployment to the users

Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production

Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment

Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities

Question 43

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)