12/6/24, 2:37 AM labclient.labondemand.

com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a

19: Assisted Lab: Performing Root Cause Analysis

CySA+ (Exam CS0-003)

19/19
Congratulations, you passed!
Duration: 25 minutes, 8 seconds

 How many security alerts for Rule ID 60112 are present for DC10? Score: 1

13
17
23
42

Congratulations, you have answered the question correctly.

 What UserName is associated with the Rule ID 60112 security alerts on DC10? Score: 1

administrator
structureality
jaime
DC10

Congratulations, you have answered the question correctly.

 What type of connection is indicated in the security alert for Rule ID 92653 related to Score: 1
jaime?

Local Workstation
Network Connection
Interactive
Remote Desktop Connection (RDP)

Congratulations, you have answered the question correctly.

 What is the status of the audit policies on DC10? Score: 1

No Auditing
Success
Failure
Success and Failure

Congratulations, you have answered the question correctly.

https://labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a 1/4
12/6/24, 2:37 AM labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a

 What is the Logon Type for this event record related to the jaime connection over Score: 1
RDP?

2
3
7
10

Congratulations, you have answered the question correctly.

 confirm that @lab.variable(RDP-initiator) equals "dylan" Score: 1

Select the Score button to validate this task:
Value matched ...

 What is the logon type for the currently selected event record related to Dylan and Score: 1
MS10?
2
3
7
10

Congratulations, you have answered the question correctly.

 What is the absolute folder reference for where the proxyset.bat file is located? (type Score: 1
in the path exactly as shown by the dir command result, including capitalization)

c:\Users\jaime\Downloads

Congratulations, you have answered the question correctly.

 What is the setting selected in the Connection Settings area of Firefox? Score: 1

No proxy
Auto-detect proxy settings for this network
Use system proxy settings
Manual proxy configuration
Automatic proxy configuration URL

Congratulations, you have answered the question correctly.

 confirm that @lab.variable(JBIP) equals "203.0.113.228" Score: 1

Select the Score button to validate this task:
Value matched ...

 confirm that @lab.variable(dstport) equals "80" Score: 1

Select the Score button to validate this task:
Value matched ...

https://labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a 2/4
12/6/24, 2:37 AM labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a

 The dstport value for one of the logged events between 10.1.16.2 and 203.0.113.228 Score: 1
indicates what about the transaction?
It was an encrypted session.
It was an FTP session.
It was an email transaction.
It was a plaintext communication.

Congratulations, you have answered the question correctly.

 The .ps1 file extension on this script indicates what? Score: 1

This is a PowerShell script.

This is a Bash shell script.
This is a batch script.
This is a python script.
Congratulations, you have answered the question correctly.

 confirm that @lab.variable(JSemail) equals "[email protected]" and that Score: 1

@lab.variable(JSpassword) equals "Pa$$w0rd"
Select the Score button to validate this task:
Both values matched ...

 In the attack scenario of this lab, your investigation determined that which user Score: 1
account had the privileges to disable auditing on DC10?
dylan
jaime
MS10
root
Congratulations, you have answered the question correctly.

 Which event in the security violation took place first? Score: 1

Jaime visiting the Juice Shop website

Dylan accessing DC10 over RDP
Changing the proxy settings of Firefox
Theft of Jaime's credentials.

Congratulations, you have answered the question correctly.

 What is a basic description of a logon of type 2? Score: 1

Network
Unlock
RemoteInteractive
Interactive

Congratulations, you have answered the question correctly.

https://labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a 3/4
12/6/24, 2:37 AM labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a

 Which of the following security resolutions or mitigations would be sufficient to have Score: 1
prevented the audit policy changes on DC10?

Block the execution of unknown code

Disable RDP access to domain controllers
Enable additional logging on all systems
Use security cameras and personnel tracking technologies

Congratulations, you have answered the question correctly. Of the options provided, only
blocking the execution of unknown code would be sufficient to prevent the security violation of
audit policy changes on DC10. Without the modification of Jaime's browser to use a false proxy,
Dylan would not have been able to intercept plaintext communications from PC10 to the Juice
Shop website.

 What is the goal of root cause analysis? Score: 1

Identify the perpetrator.

Determine the initial parameters of a security violation.
Install patches to address vulnerabilities
Place blame on victims for falling for a social engineering attack

Congratulations, you have answered the question correctly.

https://labclient.labondemand.com/Instructions/ExamResult/119f0402-01d2-44fd-832b-3b0cfd128d4a 4/4