What Downloadable CS0-002 Exam Guide Is

NEW QUESTION 1
During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate:

• A. malware scans.
• B. secure communications.
• C. chain of custody forms.
• D. decryption tools.

Answer: C

NEW QUESTION 2
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

• A. Decompile each binary to derive the source code.
• B. Perform a factory reset on the affected mobile device.
• C. Compute SHA-256 hashes for each binary.
• D. Encrypt the binaries using an authenticated AES-256 mode of operation.
• E. Inspect the permissions manifests within each application.

Answer: C

NEW QUESTION 3
A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.
Which of the following risk actions has the security committee taken?

• A. Risk exception
• B. Risk avoidance
• C. Risk tolerance
• D. Risk acceptance

Answer: D

NEW QUESTION 4
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?

• A. Gather information from providers, including datacenter specifications and copies of audit reports.
• B. Identify SLA requirements for monitoring and logging.
• C. Consult with senior management for recommendations.
• D. Perform a proof of concept to identify possible solutions.

Answer: B

NEW QUESTION 5
A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

• A. $75.000
• B. $300.000
• C. $1.425 million
• D. $1.5 million

Answer: A

NEW QUESTION 6
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution?

• A. Virtualize the system and decommission the physical machine.
• B. Remove it from the network and require air gapping.
• C. Only allow access to the system via a jumpbox
• D. Implement MFA on the specific system.

Answer: A

NEW QUESTION 7
Which of the following policies would slate an employee should not disable security safeguards, such as host firewalls and antivirus on company systems?

• A. Code of conduct policy
• B. Account management policy
• C. Password policy
• D. Acceptable use policy

Answer: D

NEW QUESTION 8
A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.
Which of the following data privacy standards does this violate?

• A. Purpose limitation
• B. Sovereignty
• C. Data minimization
• D. Retention

Answer: A

NEW QUESTION 9
A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

• A. Executing vendor compliance assessments against the organization's security controls
• B. Executing NDAs prior to sharing critical data with third parties
• C. Soliciting third-party audit reports on an annual basis
• D. Maintaining and reviewing the organizational risk assessment on a quarterly basis
• E. Completing a business impact assessment for all critical service providers
• F. Utilizing DLP capabilities at both the endpoint and perimeter levels

Answer: AC

NEW QUESTION 10
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfilltrated?

• A. Monday's logs
• B. Tuesday's logs
• C. Wednesday's logs
• D. Thursday's logs

Answer: D

NEW QUESTION 11
A security analyst received an email with the following key: Xj3XJ3LLc
A second security analyst received an email with following key: 3XJ3xjcLLC
The security manager has informed the two analysts that the email they received is a key that allows access to the company’s financial segment for maintenance. This is an example of:

• A. dual control
• B. private key encryption
• C. separation of duties
• D. public key encryption
• E. two-factor authentication

Answer: A

NEW QUESTION 12
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 13
An analyst performs a routine scan of a host using Nmap and receives the following output:

Which of the following should the analyst investigate FIRST?

• A. Port 21
• B. Port 22
• C. Port 23
• D. Port 80

Answer: C

NEW QUESTION 14
An organization has several system that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

• A. Use SSO across all applications
• B. Perform a manual privilege review
• C. Adjust the current monitoring and logging rules
• D. Implement multifactor authentication

Answer: B

NEW QUESTION 15
Which of the following is the BEST way to share incident-related artifacts to provide non-repudiation?

• A. Secure email
• B. Encrypted USB drives
• C. Cloud containers
• D. Network folders

Answer: B

NEW QUESTION 16
Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

• A. Human resources
• B. Public relations
• C. Marketing
• D. Internal network operations center

Answer: B

NEW QUESTION 17
Which of the following technologies can be used to store digital certificates and is typically used in high-security implementations where integrity is paramount?

• A. HSM
• B. eFuse
• C. UEFI
• D. Self-encrypting drive

Answer: A

NEW QUESTION 18
......