How Many Questions Of CS0-002 Practice Test

NEW QUESTION 1
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

• A. 10.200.2.0/24 is infected with ransomware.
• B. 10.200.2.0/24 is not routable address space.
• C. 10.200.2.5 is a rogue endpoint.
• D. 10.200.2.5 is exfiltrating data.

Answer: D

NEW QUESTION 2
A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: D

NEW QUESTION 3
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

• A. Shut down the computer
• B. Capture live data using Wireshark
• C. Take a snapshot
• D. Determine if DNS logging is enabled.
• E. Review the network logs.

Answer: A

NEW QUESTION 4
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability.
Which of the following would be the MOST appropriate to remediate the controller?

• A. Segment the network to constrain access to administrative interfaces.
• B. Replace the equipment that has third-party support.
• C. Remove the legacy hardware from the network.
• D. Install an IDS on the network between the switch and the legacy equipment.

Answer: A

NEW QUESTION 5
Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability.
Which of the following UEFI settings is the MOST likely cause of the infections?

• A. Compatibility mode
• B. Secure boot mode
• C. Native mode
• D. Fast boot mode

Answer: A

NEW QUESTION 6
Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

• A. Self-encrypting drive
• B. Bus encryption
• C. TPM
• D. HSM

Answer: A

NEW QUESTION 7
An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

• A. Create three separate cloud accounts for each environmen
• B. Configure account peering and security rules to allow access to and from each environment.
• C. Create one cloud account with one VPC for all environment
• D. Purchase a virtual firewall and create granular security rules.
• E. Create one cloud account and three separate VPCs for each environmen
• F. Create security rules to allow access to and from each environment.
• G. Create three separate cloud accounts for each environment and a single core account for network service
• H. Route all traffic through the core account.

Answer: C

NEW QUESTION 8
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

• A. Attack vectors
• B. Adversary capability
• C. Diamond Model of Intrusion Analysis
• D. Kill chain
• E. Total attack surface

Answer: B

NEW QUESTION 9
A security analyst has been alerted to several emails that snow evidence an employee is planning malicious activities that involve employee Pll on the network before leaving the organization. The security analysis BEST response would be to coordinate with the legal department and:

• A. the public relations department
• B. senior leadership
• C. law enforcement
• D. the human resources department

Answer: D

NEW QUESTION 10
As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.
Which of the following BEST describes this test?

• A. Walk through
• B. Full interruption
• C. Simulation
• D. Parallel

Answer: C

NEW QUESTION 11
An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company Which of the following technical controls would BEST accomplish this goal?

• A. DLP
• B. Encryption
• C. Data masking
• D. SPF

Answer: A

NEW QUESTION 12
Which of the following MOST accurately describes an HSM?

• A. An HSM is a low-cost solution for encryption.
• B. An HSM can be networked based or a removable USB
• C. An HSM is slower at encrypting than software
• D. An HSM is explicitly used for MFA

Answer: A

NEW QUESTION 13
Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

• A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
• B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
• C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.
• D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

Answer: A

NEW QUESTION 14
As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?

• A. Organizational policies
• B. Vendor requirements and contracts
• C. Service-level agreements
• D. Legal requirements

Answer: D

NEW QUESTION 15
A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?

• A. The use of infrastructure-as-code capabilities leads to an increased attack surface.
• B. Patching the underlying application server becomes the responsibility of the client.
• C. The application is unable to use encryption at the database level.
• D. Insecure application programming interfaces can lead to data compromise.

Answer: D

NEW QUESTION 16
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?

• A. Injection attack
• B. Memory corruption
• C. Denial of service
• D. Array attack

Answer: B

NEW QUESTION 17
A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor's labs.
Which of the following is the main concern a security analyst should have with this arrangement?

• A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
• B. Moving the FPGAs between development sites will lessen the time that is available for security testing.
• C. Development phases occurring at multiple sites may produce change management issues.
• D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

Answer: B

NEW QUESTION 18
......