Practice CompTIA CS0-001 Exam Questions

The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS. If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean. If the vulnerability is valid, the analyst must remediate the finding. After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options. Instructions STEP 1: Review the information provided in the network diagram. STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability. If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. Step 2 Given the scenario, determine which remediation action is required to address the vulnerabilities. System Validate Result Remediation Action WEB SERVEROl y y - False Positive Encrypt entire session False Negative Encrypt all session cookies True Negative Implement input validation True Positive Submit as non-issue Employ Wlique token in hidden field Avoid using redirects and forwards Disable http Request certificate from a public CA Renew the current certificate WEB SERVER02 y y False Positive Encrypt entire session False Negative Encrypt all session cookies True Negative Implement input validation True Positive Submit as non-issue Employ Wlique token in hidden field Avoid using redirects and forwards Disable http Request certificate from a public CA Renew the current certificate WEB SERVER03 y y False Positive Encrypt entire session False Negative Encrypt all session cookies True Negative Implement input validation True Positive Submit as non-issue Employ Wlique token in hidden field Avoid using redirects and forwards Disable http Request certificate from a public CA Renew the current certificate HIGH SEVERITY TiUe: Oesaiplion:
Cleartext Transmission of Sensitive lnformauon The software transmits sensitive or security<tiUcaldata in Cleartext fn a communication channel tttat can be sninedby authorized users. Affected Asset 172.30.0.150 Risk: Reference:
Anyone can read tile Information by gaining access to the cnannellleing used for communication. CVE-2002-1949 MEDIUM SEVERITY TiUe: Description:
SenSilwe COokie in HTIPS session w1thoul·secure' Attnbute The Secure attnbute for sensitive cookies m HTIPS sessions IS not set.whiCh could cause the user agenlto send those cookies1n plaintext over HTIP sess1on Affected Asset 172.30.0.151 Risk: Reference:
Session SideJacking CVE-2004-0462 LOW SEVERITY Tille Oescrlplion,
Unrl usl.e<l SSUTLS Server X 509 Cerllhcale Theservers TLSiSSL certificalets s•gned by a cerhllcate AuthOnty lllat Is untrusteel or unknown. Affected ASset 172.30.0.152 Rrsk Reference
May allOw rnan-ln lhe middlc llllackers to Insert a spoofea certificate for any Oislingufstie<l Name (ON) CVE2005 12 4 While IOggeel m to the web portal(172.30.0.150) trom the worKstation (192 168 0 10.1) you perrorm an account passworo change. This process requires you to reenter the onglnalpassworo ana enter a new passwo(c:J tw1ce 192.168.0.t0< 172.30.0.1S't TLSvl 733 Appllcauon Data 172.30.0.1:i1 '192.166.0.104 TlSV1 1107 AppllcaUOfl Dl!la 192 166.0 t04 172.30.0.151 TCP 66 44088-.. nups [ACK) Seq•1510 Acl<=12723 Wm=-123613 192.168.0.104 172.30.0.150 HTIP 608 GET Nentpwo tearn?URL=AV5FPSHV2En:at&SSL=83o28i< 172.30.0 151 192.'168.0.104 TCP 66 htlp > 60928 (ACKJ Seq=G22 ACK=847 Wtn=SIS<I Len= Frame 021 1ta bvtes on wue (912 blls), 114 t>y1es captureo (912 b<ts) oo "' Jet Ethernet II, Src: vrnware 00:03:22 (00:50:56;00:03:22). Dst·PatoAlto_39 tC"'30 (00 to 17 39 1c30) Internet Protocol verslon 4, Src: 192.168 0.104 (192.168.0.104 ). Ost 172300 150 (172 30 o ISO) (2Reasseml>!ed TCiP 5e9rnen1s ( 1496 bytes): #4820(1448). !l.l82t(48)) Hypeuexl Transfer Protocol GET NerifpWd.team?URL=AVSFPSHV2EreaJ&SSL=83n28 Host XXXXX\r\n user -Agent· MozJIIafS.O (xt1: LJnux x86_64: rv:t8.0) Gecko/20100101 Flrefox/18.0 l weaseV18.0.11!\,n Accept textlhtml. apptrcatlorvxntmt+xmt.applicaUonJXm;lq=0.9.' /';q=O\M Accept-Language: eri=US,en:q=O.S\M Accept-Encoding: gzlp. denate\r\n Referer: http:fXXXYX/Shared!Portai/CustornProfileSIA_Profile.real\r\n (truncatedJ COOI\Ie: ASPSESSIONIDQABRBT BC=HEJCAHED PK08CEP:ZZZ:ECUSERPROf>S= Connection: keep aJilleiM COnt nt-Type: appllcallonlx W\'IW· rorm-ul1en<lco<led\M COntent-Length' 121\r\n \r\n [Full request UIRJ: nttpi!XXXISriarell!PonaVCustornProfileSIPesiProfile.real?47='25378t 58J L ne-based tel« data· a'ppffca!lor\lx-vmw-rorm-urtencooea EMAIL=someone@CIOUCl.org m&PASSo{{l=PassWord1 m&.PASSnew=i Password2 m&PASSneiW=PassWord2 Gens-al IDetaas ICertification Palll I Certificate Information This CA Root certif icate is nottrusted.To enable trust, install this certif icate in the Trusted Root Certif ication Authorities store. Issued to: PenTestlLC Issued by: PenTestlLC Var.d from 22/07/2014 to 22/07/2024 learn more about certificates
IInstall Ce-lificzte••• JJ issue< Statement I Solution WEB_SERVER01: VALID – IMPLEMENT SSL/TLS WEB_SERVER02: VALID – SET SECURE ATTRIBUTE WHEN COOKIE SHOULD SENT VIA HTTPS ONLY WEB_SERVER03: VALID – IMPLEMENT CA SIGNED CERTIFICATE

HOTSPOT A security analyst suspects that a workstation may be beaconing to a command and control server. Inspect the logs from the company’s web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization. Instructions: Modify the firewall ACL, using the Firewall ACL form to mitigate the issue. If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. Network Diagram FirewallAccess ControlUst Rule PtOioctll E=i E_J
SOurce IP

Which of the following BEST describes the offensive participants in a tabletop exercise?

After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticated breach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is an example of:

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)