Free Access to CompTIA.CV0-003.v2024-06-09.q239 with Valid Practice Test (Page 29)

Question 136

A technician needs to configure a virtual NIC on a Class A IP address network. Which of the following is the default subnet mask for this network?

A./8
B./16
C./24
D./28

Question 137

A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the use to verify if this is a true positive with the LEAST effort and cost? (Select TWO).

A.A network-based scan
B.An agent-based scan
C.A port scan
D.A red-team exercise
E.A credentialed scan
F.A blue-team exercise
G.Unknown environment penetration testing

Correct Answer: B,E

Explanation
The correct answer is B and E. An agent-based scan and a credentialed scan can help verify if the vulnerability related to outdated web-server software is a true positive with the least effort and cost.
An agent-based scan is a type of vulnerability scan that uses software agents installed on the target systems to collect and report data on vulnerabilities. This method can provide more accurate and detailed results than a network-based scan, which relies on network traffic analysis and probes1. An agent-based scan can also reduce the network bandwidth and performance impact of scanning, as well as avoid triggering false alarms from intrusion detection systems2.
A credentialed scan is a type of vulnerability scan that uses valid login credentials to access the target systems and perform a more thorough and comprehensive assessment of their configuration, patch level, and vulnerabilities. A credentialed scan can identify vulnerabilities that are not visible or exploitable from the network level, such as missing updates, weak passwords, or misconfigured services3. A credentialed scan can also reduce the risk of false positives and false negatives, as well as avoid causing damage or disruption to the target systems3.
A network-based scan, a port scan, a red-team exercise, a blue-team exercise, and unknown environment penetration testing are not the best options to verify if the vulnerability is a true positive with the least effort and cost. A network-based scan and a port scan may not be able to detect the vulnerability if it is not exposed or exploitable from the network level. A red-team exercise, a blue-team exercise, and unknown environment penetration testing are more complex, time-consuming, and costly methods that involve simulating real-world attacks or defending against them. These methods are more suitable for testing the overall security posture and resilience of an organization, rather than verifying a specific vulnerability4.

Question 138

A vendor is installing a new retail store management application for a customer. The application license ensures software costs are low when the application is not being used, but costs go up when use is higher.
Which of the following licensing models is MOST likely being used?

A.Socket-based
B.Core-based
C.Subscription
D.Volume-based

Question 139

In an IaaS platform, which of the following actions would a systems administrator take FIRST to identify the scope of an incident?

A.Conduct a memory acquisition.
B.Snapshot all volumes attached to an instance.
C.Retrieve data from a backup.
D.Perform a traffic capture.

Question 140

A cloud administrator has finished building a virtual server template in a public cloud environment.
The administrator is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, the cloud administrator notices that two of the servers do not have a public IP address. Which of the following is the MOST likely cause?

A.There is no Internet gateway configured in the cloud environment.
B.The two servers are not attached to the correct public subnet.
C.The two servers do not have enough virtual network adapters attached.
D.The maximum number of public IP addresses has already been reached.

Question 136

Question 137

Question 138

Question 139

Question 140

Download PDF File