Free Access CompTIA.CS0-001.v2022-04-30.q237 Practice Test (Page 21)

Question 96

An analyst is examining a system that is suspected of being involved in an intrusion. The analyst uses the command 'cat/etc/passwd' and receives the following partial output:

Based on the above output, which of the following should the analyst investigate further?

A.User 'mail' should not have a default shell of /usr/sbin/nologin

B.User 'daemon' should not have a home directory of /usr/sbin

C.User 'root' should not have a home directory of /root

D.User 'news' should not have a default shell of /bin/bash

Question 97

Which of the following policies BEST explains the purpose of a data ownership policy?

A.The policy should describe the roles and responsibilities between users and managers, and the
management of specific data types.

B.The policy should establish the protocol for retaining information types based on regulatory or business
needs.

C.The policy should document practices that users must adhere to in order to access data on the
corporate network or Internet.

D.The policy should outline the organization's administration of accounts for authorized users to access
the appropriate data.

Question 98

A cybersecurity analyst traced the source of an attack to compromised user credentials.
Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement?

A.Single sign-on

B.Self-service password reset

C.Context-based authentication

D.Password complexity

Question 99

Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat
characteristics, these files were quarantined by the host-based antivirus program. At the same time,
additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the
URLs were classified as uncategorized. The domain location of the IP address of the URLs that were
blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken
NEXT?

A.Remove those computers from the network and replace the hard drives. Send the infected hard drives
out for investigation.

B.Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot.
Permit the URLs classified as uncategorized to and from that host.

C.Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that
happened just before the alerts were received in the SIEM.

D.Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users
restart their computers. Create a use case in the SIEM to monitor failed logins on the infected
computers.

Question 100

After running a packet analyzer on the network, a security analyst has noticed the following output:

Which of the following is occurring?

A.A port scan

B.A ping sweep

C.A service discovery

D.A network map

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 226CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 96

Question 97

Question 98

Question 99

Question 100

Download PDF File