How Many Questions Of CS0-002 Pdf Exam

NEW QUESTION 1
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.
Which of the following is the MOST likely cause of this issue?

• A. A password-spraying attack was performed against the organization.
• B. A DDoS attack was performed against the organization.
• C. This was normal shift work activity; the SIEM's AI is learning.
• D. A credentialed external vulnerability scan was performed.

Answer: A

NEW QUESTION 2
A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

• A. Executing vendor compliance assessments against the organization's security controls
• B. Executing NDAs prior to sharing critical data with third parties
• C. Soliciting third-party audit reports on an annual basis
• D. Maintaining and reviewing the organizational risk assessment on a quarterly basis
• E. Completing a business impact assessment for all critical service providers
• F. Utilizing DLP capabilities at both the endpoint and perimeter levels

Answer: AC

NEW QUESTION 3
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

• A. Agile
• B. Waterfall
• C. SDLC
• D. Dynamic code analysis

Answer: A

NEW QUESTION 4
Which of the following MOST accurately describes an HSM?

• A. An HSM is a low-cost solution for encryption.
• B. An HSM can be networked based or a removable USB
• C. An HSM is slower at encrypting than software
• D. An HSM is explicitly used for MFA

Answer: A

NEW QUESTION 5
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

• A. An IPS signature modification for the specific IP addresses
• B. An IDS signature modification for the specific IP addresses
• C. A firewall rule that will block port 80 traffic
• D. A firewall rule that will block traffic from the specific IP addresses

Answer: D

NEW QUESTION 6
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts .c onf file The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

• A. The file was altered to accept payments without charging the cards
• B. The file was altered to avoid logging credit card information
• C. The file was altered to verify the card numbers are valid.
• D. The file was altered to harvest credit card numbers

Answer: A

NEW QUESTION 7
A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

• A. Review the firewall logs.
• B. Review syslogs from critical servers.
• C. Perform fuzzing.
• D. Install a WAF in front of the application server.

Answer: C

NEW QUESTION 8
A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

• A. Client-side whitelisting
• B. Server-side whitelisting
• C. Server-side blacklisting
• D. Client-side blacklisting

Answer: B

NEW QUESTION 9
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

• A. Social media accounts attributed to the threat actor
• B. Custom malware attributed to the threat actor from prior attacks
• C. Email addresses and phone numbers tied to the threat actor
• D. Network assets used in previous attacks attributed to the threat actor
• E. IP addresses used by the threat actor for command and control

Answer: D

NEW QUESTION 10
Which of me following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

• A. It automatically performs remedial configuration changes lo enterprise security services
• B. It enables standard checklist and vulnerability analysis expressions for automaton
• C. It establishes a continuous integration environment for software development operations
• D. It provides validation of suspected system vulnerabilities through workflow orchestration

Answer: B

NEW QUESTION 11
Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability.
Which of the following UEFI settings is the MOST likely cause of the infections?

• A. Compatibility mode
• B. Secure boot mode
• C. Native mode
• D. Fast boot mode

Answer: A

NEW QUESTION 12
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two
compromised devices.
Which of the following should be used to identify the traffic?

• A. Carving
• B. Disk imaging
• C. Packet analysis
• D. Memory dump
• E. Hashing

Answer: C

NEW QUESTION 13
Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

• A. Enumeration and OS fingerprinting
• B. Email harvesting and host scanning
• C. Social media profiling and phishing
• D. Network and host scanning

Answer: C

NEW QUESTION 14
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

• A. Tool A is agent based.
• B. Tool A used fuzzing logic to test vulnerabilities.
• C. Tool A is unauthenticated.
• D. Tool B utilized machine learning technology.
• E. Tool B is agent based.
• F. Tool B is unauthenticated.

Answer: CE

NEW QUESTION 15
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

• A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report
• B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
• C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate
• D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltratio
• E. fix any vulnerabilities, remediate, and report.

Answer: A

NEW QUESTION 16
......