CS0-003 Exam Question 146

A company patches its servers using automation software. Remote SSH or RDP connections are allowed to the servers only from the service account used by the automation software. All servers are in an internal subnet without direct access to or from the internet. An analyst reviews the following vulnerability summary:

Which of the following vulnerability IDs should the analyst address first?
  • CS0-003 Exam Question 147

    An organization's email account was compromised by a bad actor. Given the following Information:
    Which of the following is the length of time the team took to detect the threat?
  • CS0-003 Exam Question 148

    ID
    Source
    Destination
    Protocol
    Service
    1
    172.16.1.1
    172.16.1.10
    ARP
    AddrResolve
    2
    172.16.1.10
    172.16.1.20
    TCP 135
    RPC Kerberos
    3
    172.16.1.10
    172.16.1.30
    TCP 445
    SMB WindowsExplorer
    4
    172.16.1.30
    5.29.1.5
    TCP 443
    HTTPS Browser.exe
    5
    11.4.11.28
    172.16.1.1
    TCP 53
    DNS Unknown
    6
    20.109.209.108
    172.16.1.1
    TCP 443
    HTTPS WUS
    7
    172.16.1.25
    bank.backup.com
    TCP 21
    FTP FileZilla
    Which of the following represents the greatest concerns with regard to potential data exfiltration? (Select two.)
  • CS0-003 Exam Question 149

    A SOC analyst determined that a significant number of the reported alarms could be closed after removing the duplicates. Which of the following could help the analyst reduce the number of alarms with the least effort?
  • CS0-003 Exam Question 150

    Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output:

    Which of the following choices should the analyst look at first?