CS0-003 Exam Dumps | While a security analyst for an organization was reviewing logs from web servers. the analyst found several

<< Prev Question Next Question >>

Question 183/302

While a security analyst for an organization was reviewing logs from web servers. the analyst found several successful attempts to downgrade HTTPS sessions to use cipher modes of operation susceptible to padding oracle attacks. Which of the following combinations of configuration changes should the organization make to remediate this issue? (Choose two.)

A. Configure the server to prefer TLS 1.3.

B. Remove cipher suites that use CBC.

C. Configure the server to prefer ephemeral modes for key exchange.

D. Require client browsers to present a user certificate for mutual authentication.

E. Configure the server to require HSTS.

F. Remove cipher suites that use GCM.

Correct Answer: A,B

A padding oracle attack is a type of attack that exploits the padding validation of a cryptographic message to decrypt the ciphertext without knowing the key. A padding oracle is a system that responds to queries about whether a message has a valid padding or not, such as a web server that returns different error messages for invalid padding or invalid MAC. A padding oracle attack can be applied to the CBC mode of operation, where the attacker can manipulate the ciphertext blocks and use the oracle's responses to recover the plaintext. To remediate this issue, the organization should make the following configuration changes:
Configure the server to prefer TLS 1.3. TLS 1.3 is the latest version of the Transport Layer Security protocol, which provides secure communication between clients and servers. TLS 1.3 has several security improvements over previous versions, such as:
It deprecates weak and obsolete cryptographic algorithms, such as RC4, MD5, SHA-1, DES,
3DES, and CBC mode.
It supports only strong and modern cryptographic algorithms, such as AES-GCM, ChaCha20- Poly1305, and SHA-256/384.
It reduces the number of round trips required for the handshake protocol, which improves performance and latency.
It encrypts more parts of the handshake protocol, which enhances privacy and confidentiality. It introduces a zero round-trip time (0-RTT) mode, which allows resuming previous sessions without additional round trips.
It supports forward secrecy by default, which means that compromising the long-term keys does not affect the security of past sessions.
Remove cipher suites that use CBC. Cipher suites are combinations of cryptographic algorithms that specify how TLS connections are secured. Cipher suites that use CBC mode are vulnerable to padding oracle attacks, as well as other attacks such as BEAST and Lucky 13. Therefore, they should be removed from the server's configuration and replaced with cipher suites that use more secure modes of operation, such as GCM or CCM.

Question List (302q): Question 1: An analyst has received an IPS event notification from the S...; Question 2: Which of the following is described as a method of enforcing...; Question 3: An incident response analyst is taking over an investigation...; Question 4: A company is launching a new application in its internal net...; Question 5: Which of the following is the term for a predefined set of a...; Question 6: A company's domain has been spooled in numerous phishing cam...; Question 7: An analyst reviews a recent government alert on new zero-day...; Question 8: Which of the following is a benefit of the Diamond Model of ...; Question 9: A report contains IoC and TTP information for a zero-day exp...; Question 10: Following an attack, an analyst needs to provide a summary o...; Question 11: A security analyst found an old version of OpenSSH running o...; Question 12: A junior security analyst opened ports on the company's fire...; Question 13: Which of the following is the best technical method to prote...; Question 14: A SOC team lead occasionally collects some DNS information f...; Question 15: An analyst uses an AI platform to help correlate events. The...; Question 16: A company has a primary control in place to restrict access ...; Question 17: Using open-source intelligence gathered from technical forum...; Question 18: A security analyst reviews the following Arachni scan result...; Question 19: Which of the following choices is most likely to cause obsta...; Question 20: A user clicks on a malicious adware link, and the malware su...; Question 21: An organization has activated the CSIRT. A security analyst ...; Question 22: A security manager is looking at a third-party vulnerability...; Question 23: Which of the following best describes the goal of a tabletop...; Question 24: A security analyst is reviewing a recent vulnerability scan ...; Question 25: Which of the following is a nation-state actor least likely ...; Question 26: Which of the following is the best framework for assessing h...; Question 27: Which of the following best describes root cause analysis?...; Question 28: An organization adds an MSSP to supplement its security moni...; Question 29: Several vulnerability scan reports have indicated runtime er...; Question 30: An analyst discovers unusual outbound connections to an IP t...; Question 31: Which of the following techniques can help a SOC team to red...; Question 32: As part of an incident investigation, an analyst creates a d...; Question 33: An auditor is reviewing an evidence log associated with a cy...; Question 34: A security analyst finds an application that cannot enforce ...; Question 35: An organization is preparing for a disaster recovery exercis...; Question 36: During a review of recent network traffic, an analyst realiz...; Question 37: An organization wants to implement a privileged access manag...; Question 38: A security analyst at example.com receives SIEM alert for an...; Question 39: An analyst suspects cleartext passwords are being sent over ...; Question 40: A threat hunter seeks to identify new persistence mechanisms...; Question 41: The email system administrator for an organization configure...; Question 42: A SOC manager reviews metrics from the last four weeks to in...; Question 43: A systems administrator receives reports of an internet-acce...; Question 44: An analyst is responding to an incident involving an attack ...; Question 45: A security analyst is testing a web application for vulnerab...; Question 46: Which of the following is the best action to take after the ...; Question 47: The DevSecOps team is remediating a Server-Side Request Forg...; Question 48: A security administrator is tasked with modifying the vulner...; Question 49: During a security test, a security analyst found a critical ...; Question 50: A network security analyst for a large company noticed unusu...; Question 51: A group of hacktivists has breached and exfiltrated data fro...; Question 52: Which of the following is the software development process b...; Question 53: While reviewing the web server logs a security analyst notic...; Question 54: An organization has a critical financial application hosted ...; Question 55: A help desk technician inadvertently sent the credentials of...; Question 56: An analyst is remediating items associated with a recent inc...; Question 57: An organization conducted a web application vulnerability as...; Question 58: Which of the following are the MOST likely reasons lo includ...; Question 59: An organization's email account was compromised by a bad act...; Question 60: Chief Information Security Officer (CISO) wants to disable a...; Question 61: An analyst is investigating a phishing incident and has retr...; Question 62: A Chief Information Security Officer (CISO) has determined t...; Question 63: A threat intelligence analyst is updating a document accordi...; Question 64: A security analyst is assessing the security of a cloud envi...; Question 65: An e-commerce organization recently experienced a cyberattac...; Question 66: The Chief Information Security Officer is directing a new pr...; Question 67: After a series of UEBA alerts, a company's SOC observes an e...; Question 68: A SOC analyst identifies the following content while examini...; Question 69: Which of the following factors would determine the regulatio...; Question 70: Security analysts can review the Windows Registry on endpoin...; Question 71: Which of the following is instituting a security policy that...; Question 72: An organization wants to implement an identity and access ma...; Question 73: Which of the following best describes the actions taken by a...; Question 74: A security analyst IS comparing the results of the past and ...; Question 75: A vulnerability scanner has identified an out-of-support dat...; Question 76: Which of the following types of controls defines placing an ...; Question 77: A system that provides the user interface for a critical ser...; Question 78: Several critical bugs were identified during a vulnerability...; Question 79: An analyst would like to start automatically ingesting IoCs ...; Question 80: Which of the following is a difference between SOAR and SCAP...; Question 81: A SOC analyst determined that a significant number of the re...; Question 82: An analyst is reviewing a dashboard from the company's SIEM ...; Question 83: An incident responder was able to recover a binary file thro...; Question 84: Based on an internal assessment, a vulnerability management ...; Question 85: A systems administrator notices unfamiliar directory names o...; Question 86: A security analyst runs the following command: (Exhibit) Whi...; Question 87: A security analyst wants to implement new monitoring control...; Question 88: An online gaming company was impacted by a ransomware attack...; Question 89: To comply with regulatory requirements, the Chief Executive ...; Question 90: A security analyst notices multiple attempts of the same exp...; Question 91: A security analyst is responding to an indent that involves ...; Question 92: A security analyst is reviewing a packet capture in Wireshar...; Question 93: Which of the following best explains the importance of secur...; Question 94: An analyst is reviewing system logs while threat hunting: (E...; Question 95: A security analyst is responding to an incident that involve...; Question 96: A company reports that user plain text credentials have been...; Question 97: A company's security team recently discovered a number of wo...; Question 98: A security analyst receives an alert with the following pack...; Question 99: Which of the following best describes the key goal of the co...; Question 100: A company runs a website that allows public posts. Recently,...; Question 101: A finance department employee opens an unsolicited email tha...; Question 102: Which of the following is the best use of automation in cybe...; Question 103: An analyst notices there is an internal device sending HTTPS...; Question 104: An employee received a phishing email that contained malware...; Question 105: Which of the following statements best describes the MITRE A...; Question 106: An organization is planning to adopt a zero-trust architectu...; Question 107: During a routine review of DNS logs, a security analyst obse...; Question 108: A vulnerability management team is unable to patch all vulne...; Question 109: An organization is conducting a pilot deployment of an e-com...; Question 110: A security analyst needs to provide the development team wit...; Question 111: A security analyst has prepared a vulnerability scan that co...; Question 112: A cybersecurity analyst is tasked with scanning a web applic...; Question 113: Which of the following best describes the reporting metric t...; Question 114: Several users received a phishing email containing a malicio...; Question 115: A company is in the middle of an incident, and customer data...; Question 116: A Chief Information Security Officer wants to lock down the ...; Question 117: An analyst wants to ensure that users only leverage web-base...; Question 118: After detecting possible malicious external scanning, an int...; Question 119: When undertaking a cloud migration of multiple SaaS applicat...; Question 120: After examining a header and footer file, a security analyst...; Question 121: A security administrator has been notified by the IT operati...; Question 122: A SOC analyst recommends adding a layer of defense for all e...; Question 123: A security alert was triggered when an end user tried to acc...; Question 124: A cybersecurity analyst is recording the following details: ...; Question 125: Which of the following is MOST dangerous to the client envir...; Question 126: The website of a large retail chain is falling to enforce en...; Question 127: Which of the following BEST explains the function of a manag...; Question 128: A security analyst detects an email server that had been com...; Question 129: A security analyst is trying to identify anomalies on the ne...; Question 130: Which of the following is a useful tool for mapping, trackin...; Question 131: An organization wants to ensure the privacy of the data that...; Question 132: The security team is reviewing a list of vulnerabilities pre...; Question 133: Which of the following does a security policy do?...; Question 134: Which of the following would a security analyst most likely ...; Question 135: A security analyst reviews the following output: (Exhibit) W...; Question 136: A security analyst at a company called ACME Commercial notic...; Question 137: Which of the following defines the proper sequence of data v...; Question 138: An analyst views the following log entries: (Exhibit) The or...; Question 139: The SOC team reestablishes user access after a threat actor ...; Question 140: After reviewing the final report for a penetration test, a c...; Question 141: A company's user accounts have been compromised. Users are a...; Question 142: Which of the following evidence collection methods is most l...; Question 143: An incident responder is investigating a possible server dat...; Question 144: An email hosting provider added a new data center with new p...; Question 145: A WAF weekly report shows that a daily spike occurs from the...; Question 146: After a security assessment was done by a third-party consul...; Question 147: During an incident, analysts need to rapidly investigate by ...; Question 148: An analyst is designing a message system for a bank. The ana...; Question 149: A security analyst has received an incident case regarding m...; Question 150: Which of the following documents should link to the recovery...; Question 151: A security analyst reviews the following results of a Nikto ...; Question 152: A zero-day command injection vulnerability was published. A ...; Question 153: Which of the following is a commonly used four-component fra...; Question 154: A security officer needs to find the most cost-effective sol...; Question 155: A security analyst needs to support an organization's legal ...; Question 156: Which of the following attributes is part of the Diamond Mod...; Question 157: A security manager has decided to form a special group of an...; Question 158: A security analyst is implementing a process to perform vuln...; Question 159: A security analyst is performing vulnerability scans on the ...; Question 160: A company brings in a consultant to make improvements to its...; Question 161: A spillage incident results in the access of controlled info...; Question 162: During a packet capture review, a security analyst identifie...; Question 163: Which of the following does "federation" most likely refer t...; Question 164: A security analyst reviews a packet capture and identifies t...; Question 165: A SOC analyst observes reconnaissance activity from an IP ad...; Question 166: In the last hour, a high volume of failed RDP authentication...; Question 167: Which of the following most accurately describes the Cyber K...; Question 168: An analyst is reviewing a dashboard from the company's SIEM ...; Question 169: A security analyst has identified outgoing network traffic l...; Question 170: During an incident, a security analyst discovers a large amo...; Question 171: An older CVE with a vulnerability score of 7.1 was elevated ...; Question 172: A security analyst has found the following suspicious DNS tr...; Question 173: An IT security analyst has received an email alert regarding...; Question 174: A vulnerability scan shows the following issues: (Exhibit) A...; Question 175: A systems administrator is concerned after reviewing the res...; Question 176: Which of the following will most likely cause severe issues ...; Question 177: An analyst reviews alerts that indicate a number of differen...; Question 178: During an extended holiday break, a company suffered a secur...; Question 179: A company is launching a new application in its internal net...; Question 180: Which of the following best explains the importance of utili...; Question 181: After a recent vulnerability report for a server is presente...; Question 182: Which of the following actions would an analyst most likely ...; Question 183: While a security analyst for an organization was reviewing l...; Question 184: A Chief Information Security Officer (CISO) is concerned tha...; Question 185: A security analyst is writing a shell script to identify IP ...; Question 186: Which of the following threat-hunting concepts is most conce...; Question 187: A company receives a penetration test report summary from a ...; Question 188: An employee is no longer able to log in to an account after ...; Question 189: Numerous emails were sent to a company's customer distributi...; Question 190: During an incident, some IoCs of possible ransomware contami...; Question 191: A company's application development has been outsourced to a...; Question 192: A Chief Information Security Officer wants to implement secu...; Question 193: During a review of SIEM alerts, a security analyst discovers...; Question 194: Which of the following describes a contract that is used to ...; Question 195: An organization performs software assurance activities and r...; Question 196: A cybersecurity analyst is participating with the DLP projec...; Question 197: Due to reports of unauthorized activity that was occurring o...; Question 198: A list of loCs released by a government security organizatio...; Question 199: During a tabletop exercise, engineers discovered that an ICS...; Question 200: An organization's Chief Information Security Officer (CISO) ...; Question 201: A security analyst is trying to validate the results of a we...; Question 202: While reviewing web server logs, a security analyst discover...; Question 203: When investigating a potentially compromised host, an analys...; Question 204: A Chief Information Security Officer wants to map all the at...; Question 205: A third-party assessment of a recent incident determined tha...; Question 206: Results of a SOC customer service evaluation indicate high l...; Question 207: When undertaking a cloud migration of multiple SaaS applicat...; Question 208: An analyst has been asked to validate the potential risk of ...; Question 209: The Chief Information Security Officer for an organization r...; Question 210: New employees in an organization have been consistently plug...; Question 211: After an upgrade to a new EDR, a security analyst received r...; Question 212: Two employees in the finance department installed a freeware...; Question 213: Patches for two highly exploited vulnerabilities were releas...; Question 214: A Chief Information Security Officer (CISO) has decided the ...; Question 215: A SOC receives several alerts indicating user accounts are c...; Question 216: A security analyst is reviewing events that occurred during ...; Question 217: The SOC received a threat intelligence notification indicati...; Question 218: A developer downloaded and attempted to install a file trans...; Question 219: A security analyst needs to identify services in a small, cr...; Question 220: An organization's internal department frequently uses a clou...; Question 221: An organization has implemented code into a production envir...; Question 222: Which of the following is the best reason to implement an MO...; Question 223: A security analyst reviews a SIEM alert related to a suspici...; Question 224: An incident response team receives an alert to start an inve...; Question 225: An analyst is reviewing a vulnerability report and must make...; Question 226: A security analyst identifies the following log entry in the...; Question 227: A Chief Executive Officer (CEO) is concerned the company wil...; Question 228: The Chief Information Security Officer wants to eliminate an...; Question 229: A cybersecurity analyst has recovered a recently compromised...; Question 230: A security analyst is reviewing the findings of the latest v...; Question 231: SIMULATION You are a penetration tester who is reviewing the...; Question 232: A security analyst is working on a server patch management p...; Question 233: A manufacturing company uses a third-party service provider ...; Question 234: Following a recent security incident, the Chief Information ...; Question 235: Which of the following is the best way to begin preparation ...; Question 236: A security analyst found the following vulnerability on the ...; Question 237: An analyst needs to provide recommendations based on a recen...; Question 238: A user is flagged for consistently consuming a high volume o...; Question 239: A security analyst has just received an incident ticket rega...; Question 240: A security analyst sees the following OWASP ZAP output from ...; Question 241: A security analyst is reviewing WAF alerts and sees the foll...; Question 242: A payroll department employee was the target of a phishing a...; Question 243: Which of the following BEST describes HSM?...; Question 244: An analyst determines a security incident has occurred. Whic...; Question 245: An analyst reviews code for a sensitive application for thei...; Question 246: Which of the following concepts is using an API to insert bu...; Question 247: Which of the following BEST identifies the appropriate use o...; Question 248: An attacker recently gained unauthorized access to a financi...; Question 249: Which of the following responsibilities does the legal team ...; Question 250: A security analyst is validating a particular finding that w...; Question 251: A user downloads software that contains malware onto a compu...; Question 252: During the threat modeling process for a new application tha...; Question 253: A security analyst was transferred to an organization's thre...; Question 254: A security analyst is trying to identify possible network ad...; Question 255: A company was able to reduce triage time by focusing on hist...; Question 256: A security analyst needs to identify a computer based on the...; Question 257: A company discovers that its proprietary information is bein...; Question 258: An incident response analyst notices multiple emails travers...; Question 259: K company has recently experienced a security breach via a p...; Question 260: The Chief Executive Officer (CEO) has notified that a confid...; Question 261: SIMULATION Approximately 100 employees at your company have ...; Question 262: Which of the following is the appropriate phase in the incid...; Question 263: Which of the following is a reason proper handling and repor...; Question 264: While monitoring the information security notification mailb...; Question 265: A security analyst receives an alert with the following pack...; Question 266: Which of the following, BEST explains the function of TPM?...; Question 267: After conducting a cybersecurity risk assessment for a new s...; Question 268: Which of following attack methodology frameworks should a cy...; Question 269: Which of the following should a cybersecurity analyst utiliz...; Question 270: A company suspects a coordinated effort to attack their plat...; Question 271: A company's internet-facing web application has been comprom...; Question 272: A small company does not have enough staff to effectively se...; Question 273: A security team identified several rogue Wi-Fi access points...; Question 274: Which of the following BEST describes what an organizations ...; Question 275: A security analyst is investigating an unusually high volume...; Question 276: A systems administrator is reviewing after-hours traffic flo...; Question 277: A security analyst is trying to detect connections to a susp...; Question 278: An analyst is conducting monitoring against an authorized te...; Question 279: An attacker has just gained access to the syslog server on a...; Question 280: A SOC analyst is analyzing traffic on a network and notices ...; Question 281: Each time a vulnerability assessment team shares the regular...; Question 282: An analyst is reviewing an SSLscan from a web server in an e...; Question 283: SIMULATION A systems administrator is reviewing the output o...; Question 284: A critical server hosting final exams for an educational ins...; Question 285: A security analyst needs to provide a copy of a hard drive f...; Question 286: A security analyst is investigating an incident related to a...; Question 287: A security analyst identified the following suspicious entry...; Question 288: A security analyst discovers an ongoing ransomware attack wh...; Question 289: An organization receives a legal hold request from an attorn...; Question 290: Which of the following will most likely ensure that mission-...; Question 291: A security analyst must assist the IT department with creati...; Question 292: A web developer reports the following error that appeared on...; Question 293: An analyst is examining events in multiple systems but is ha...; Question 294: A cybersecurity analyst is recommending a solution to ensure...; Question 295: A security analyst must review a suspicious email to determi...; Question 296: Which of the following would help an analyst to quickly find...; Question 297: An end user forwarded an email with a file attachment to the...; Question 298: A security analyst is reviewing a firewall usage report that...; Question 299: Which of the following is an important aspect that should be...; Question 300: A virtual web server in a server pool was infected with malw...; Question 301: An incident response team member is triaging a Linux server....; Question 302: An organization discovered a data breach that resulted in PI...

Question 183/302

LEAVE A REPLY

Download PDF File