Prev Next Question 38/164 - CS0-001.v2019-02-21

A company's asset management software has been discovering a weekly increase in non-standard software installed on end users' machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?

Comments (The most recent comments are at the top.)

- Oct 08, 2019

why is netstat the answer? netstat only checks the live connection. it is not a tool to block a traffc

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (164q)
Question 1: A computer has been infected with a virus and is sending out...
1 commentQuestion 2: An analyst wants to use a command line tool to identify open...
Question 3: Which of the following organizations would have to remediate...
Question 4: The Chief Security Officer (CSO) has requested a vulnerabili...
1 commentQuestion 5: During an investigation, a computer is being seized. Which o...
Question 6: An organization is experiencing degradation of critical serv...
Question 7: A cybersecurity professional typed in a URL and discovered t...
Question 8: A staff member reported that a laptop has degraded performan...
Question 9: Which of the following countermeasures should the security a...
Question 10: A security analyst at a small regional bank has received an ...
Question 11: An administrator has been investigating the way in which an ...
Question 12: Which of the following principles describes how a security a...
Question 13: A server contains baseline images that are deployed to sensi...
Question 14: A company discovers an unauthorized device accessing network...
Question 15: The following IDS log was discovered by a company's cybersec...
Question 16: A retail corporation with widely distributed store locations...
Question 17: Which of the following systems would be at the GREATEST risk...
Question 18: A company decides to move three of its business applications...
Question 19: Following a data compromise, a cybersecurity analyst noticed...
Question 20: A zero-day crypto-worm is quickly spreading through the inte...
Question 21: A security analyst performed a review of an organization's s...
Question 22: A software patch has been released to remove vulnerabilities...
Question 23: A Linux-based file encryption malware was recently discovere...
Question 24: A technician recently fixed a computer with several viruses ...
Question 25: An organization is conducting penetration testing to identif...
Question 26: A company has decided to process credit card transactions di...
Question 27: A company that is hiring a penetration tester wants to exclu...
Question 28: A cybersecurity analyst is reviewing log data and sees the o...
Question 29: Which of the following actions should occur to address any o...
2 commentQuestion 30: Which of the following tools should a cybersecurity analyst ...
Question 31: An analyst has received unusual alerts on the SIEM dashboard...
Question 32: Given the following output from a Linux machine: file2cable ...
Question 33: Which of the following is a vulnerability when using Windows...
Question 34: As part of the SDLC, software developers are testing the sec...
Question 35: The director of software development is concerned with recen...
Question 36: A security analyst determines that several workstations are ...
Question 37: A software assurance lab is performing a dynamic assessment ...
1 commentQuestion 38: A company's asset management software has been discovering a...
Question 39: A medical organization recently started accepting payments o...
Question 40: An analyst has noticed unusual activities in the SIEM to a ....
Question 41: A cybersecurity analyst is reviewing the following outputs: ...
Question 42: A cybersecurity analyst develops a regular expression to fin...
Question 43: A malware infection spread to numerous workstations within t...
Question 44: A system administrator has reviewed the following output: (E...
Question 45: After analyzing and correlating activity from multiple senso...
Question 46: During which of the following NIST risk management framework...
Question 47: Which of the following could be directly impacted by an unpa...
Question 48: A cybersecurity professional wants to determine if a web ser...
Question 49: Which of the following describes why it is important to incl...
Question 50: During a review of security controls, an analyst was able to...
Question 51: An organization wants to harden its web servers. As part of ...
Question 52: An application development company released a new version of...
Question 53: Which of the following has the GREATEST impact to the data r...
Question 54: A cybersecurity analyst is reviewing Apache logs on a web se...
Question 55: An employee at an insurance company is processing claims tha...
Question 56: A security analyst is performing a forensic analysis on a ma...
Question 57: The Chief Information Security Officer (CISO) asks a securit...
Question 58: During a recent audit, there were a lot of findings similar ...
Question 59: A company provides wireless connectivity to the internal net...
Question 60: A security analyst received a compromised workstation. The w...
Question 61: An incident response report indicates a virus was introduced...
Question 62: A newly discovered malware has a known behavior of connectin...
Question 63: A network technician is concerned that an attacker is attemp...
Question 64: The development team recently moved a new application into p...
Question 65: A security analyst's company uses RADIUS to support a remote...
Question 66: A recently issued audit report highlighted exceptions relate...
Question 67: An organization has recently experienced a data breach. A fo...
Question 68: Which of the following policies BEST explains the purpose of...
Question 69: A network administrator is attempting to troubleshoot an iss...
Question 70: Creating an isolated environment in order to test and observ...
Question 71: A company's computer was recently infected with ransomware. ...
Question 72: As part of an upcoming engagement for a client, an analyst i...
Question 73: A company wants to update its acceptable use policy (AUP) to...
Question 74: An organization is requesting the development of a disaster ...
Question 75: Creating a lessons learned report following an incident will...
Question 76: Several users have reported that when attempting to save doc...
Question 77: A cybersecurity analyst is completing an organization's vuln...
Question 78: A cybersecurity analyst is reviewing the current BYOD securi...
Question 79: Which of the following stakeholders would need to be aware o...
Question 80: Which of the following are essential components within the r...
Question 81: The board of directors made the decision to adopt a cloud-fi...
Question 82: The Chief Information Security Officer (CISO) has asked the ...
Question 83: An organization is attempting to harden its web servers and ...
Question 84: A security audit revealed that port 389 has been used instea...
Question 85: While reviewing firewall logs, a security analyst at a milit...
Question 86: Nmap scan results on a set of IP addresses returned one or m...
Question 87: While reviewing proxy logs, the security analyst noticed a s...
Question 88: A security analyst is attempting to configure a vulnerabilit...
Question 89: An organization uses Common Vulnerability Scoring System (CV...
Question 90: A technician receives an alert indicating an endpoint is bea...
Question 91: A recent vulnerability scan found four vulnerabilities on an...
Question 92: The development team currently consists of three developers ...
Question 93: Company A's security policy states that only PKI authenticat...
Question 94: A company has established an ongoing vulnerability managemen...
Question 95: A Chief Information Security Officer (CISO) wants to standar...
Question 96: In order to meet regulatory compliance objectives for the st...
Question 97: A security analyst is reviewing output from a CVE-based vuln...
Question 98: A security analyst is performing a review of Active Director...
Question 99: A SIEM analyst noticed a spike in activities from the guest ...
Question 100: A technician is running an intensive vulnerability scan to d...
Question 101: Policy allows scanning of vulnerabilities during production ...
Question 102: In order to the leverage the power of data correlation with ...
Question 103: A cybersecurity analyst is hired to review the security post...
Question 104: A corporation employs a number of small-form-factor workstat...
Question 105: A cybersecurity analyst is conducting a security test to ens...
Question 106: After running a packet analyzer on the network, a security a...
Question 107: Given a packet capture of the following scan: (Exhibit) Whic...
Question 108: Datacenter access is controlled with proximity badges that r...
Question 109: A security analyst is preparing for the company's upcoming a...
Question 110: The business has been informed of a suspected breach of cust...
Question 111: A security administrator recently deployed a virtual honeyne...
Question 112: A cybersecurity analyst is currently investigating a server ...
1 commentQuestion 113: A security incident has been created after noticing unusual ...
Question 114: A security analyst is reviewing logs and discovers that a co...
Question 115: A production web server is experiencing performance issues. ...
Question 116: A security analyst has been asked to remediate a server vuln...
Question 117: After scanning the main company's website with the OWASP ZAP...
Question 118: Which of the following utilities could be used to resolve an...
Question 119: The new Chief Technology Officer (CTO) is seeking recommenda...
Question 120: A security analyst is adding input to the incident response ...
Question 121: A threat intelligence analyst who works for a technology fir...
Question 122: A red team actor observes it is common practice to allow cel...
Question 123: Joe, an analyst, has received notice that a vendor who is co...
Question 124: A web application has a newly discovered vulnerability in th...
Question 125: An organization wants to remediate vulnerabilities associate...
Question 126: Considering confidentiality and integrity, which of the foll...
Question 127: A technician receives the following security alert from the ...
Question 128: While a threat intelligence analyst was researching an indic...
Question 129: A company has implemented WPA2, a 20-character minimum for t...
Question 130: Management is concerned with administrator access from outsi...
Question 131: Which of the following represent the reasoning behind carefu...
Question 132: During the forensic a phase of a security investigation, it ...
Question 133: A recent audit has uncovered several coding errors and a lac...
Question 134: An organization wants to remediate vulnerabilities associate...
Question 135: An analyst finds that unpatched servers have undetected vuln...
Question 136: In order to leverage the power of data correlation within Ne...
Question 137: A vulnerability scan has returned the following information:...
Question 138: A cybersecurity analyst has identified a new mission-essenti...
Question 139: Scan results identify critical Apache vulnerabilities on a c...
Question 140: A vulnerability analyst needs to identify all systems with u...
Question 141: A security analyst is assisting with a computer crime invest...
Question 142: File integrity monitoring states the following files have be...
Question 143: A security analyst has noticed an alert from the SIEM. A wor...
Question 144: A computer at a company was used to commit a crime. The syst...
Question 145: A cybersecurity analyst is hired to review the security meas...
Question 146: A cybersecurity analyst wants to use ICMP ECHO_REQUESTon a m...
Question 147: A security analyst is performing ongoing scanning and contin...
Question 148: Which of the following is a feature of virtualization that c...
Question 149: A security analyst has noticed that a particular server has ...
Question 150: A security professional is analyzing the results of a networ...
Question 151: A database administrator contacts a security administrator t...
Question 152: A security analyst is reviewing the following log after enab...
Question 153: Given the following access log: (Exhibit) Which of the follo...
Question 154: A security analyst has just completed a vulnerability scan o...
Question 155: A company has received the results of an external vulnerabil...
Question 156: A threat intelligence feed has posted an alert stating there...
Question 157: Company A suspects an employee has been exfiltrating PII via...
Question 158: A security analyst is reviewing a report from the networking...
Question 159: A software development company in the manufacturing sector h...
Question 160: An organization has recently recovered from an incident wher...
Question 161: The software development team pushed a new web application i...
Question 162: A nuclear facility manager determined the need to monitor ut...
Question 163: An analyst is troubleshooting a PC that is experiencing high...
Question 164: The security configuration management policy states that all...