A Review Of Best Quality CS0-002 Answers

NEW QUESTION 1
A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: D

NEW QUESTION 2
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

• A. DST 138.10.2.5.
• B. DST 138.10.25.5.
• C. DST 172.10.3.5.
• D. DST 172.10.45.5.
• E. DST 175.35.20.5.

Answer: A

NEW QUESTION 3
When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

• A. nmap –sA –O <system> -noping
• B. nmap –sT –O <system> -P0
• C. nmap –sS –O <system> -P0
• D. nmap –sQ –O <system> -P0

Answer: C

NEW QUESTION 4
A company’s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user’s activity session. Which of the following is the BEST technique to address the CISO’s concerns?

• A. Configure DLP to reject all changes to the files without pre-authorizatio
• B. Monitor the files for unauthorized changes.
• C. Regularly use SHA-256 to hash the directory containing the sensitive informatio
• D. Monitor the files for unauthorized changes.
• E. Place a legal hold on the file
• F. Require authorized users to abide by a strict time context access policy.Monitor the files for unauthorized changes.
• G. Use Wireshark to scan all traffic to and from the director
• H. Monitor the files for unauthorized changes.

Answer: A

NEW QUESTION 5
Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.
INSTRUCTIONS
Review the information provided and determine the following:
* 1. How many employees clicked on the link in the phishing email?
* 2. On how many workstations was the malware installed?
* 3. What is the executable file name or the malware?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Select the following answer as per diagram below:

NEW QUESTION 6
A cybersecurity analyst is contributing to a team hunt on an organization's endpoints. Which of the following should the analyst do FIRST?

• A. Write detection logic.
• B. Establish a hypothesis.
• C. Profile the threat actors and activities.
• D. Perform a process analysis.

Answer: C

NEW QUESTION 7
The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

• A. web servers on private networks
• B. HVAC control systems
• C. smartphones
• D. firewalls and UTM devices

Answer: D

NEW QUESTION 8
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

• A. Agile
• B. Waterfall
• C. SDLC
• D. Dynamic code analysis

Answer: A

NEW QUESTION 9
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

• A. PC1
• B. PC2
• C. Server1
• D. Server2
• E. Firewall

Answer: B

NEW QUESTION 10
An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.
Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

• A. FaaS
• B. RTOS
• C. SoC
• D. GPS
• E. CAN bus

Answer: E

NEW QUESTION 11
It is important to parameterize queries to prevent:

• A. the execution of unauthorized actions against a database.
• B. a memory overflow that executes code with elevated privileges.
• C. the establishment of a web shell that would allow unauthorized access.
• D. the queries from using an outdated library with security vulnerabilities.

Answer: A

NEW QUESTION 12
An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following:
The source of the breach is linked to an IP located in a foreign country.
The breach is isolated to the research and development servers.
The hash values of the data before and after the breach are unchanged.
The affected servers were regularly patched, and a recent scan showed no vulnerabilities.
Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)

• A. The confidentiality of the data is unaffected.
• B. The threat is an APT.
• C. The source IP of the threat has been spoofed.
• D. The integrity of the data is unaffected.
• E. The threat is an insider.

Answer: BD

NEW QUESTION 13
An information security analyst is compiling data from a recent penetration test and reviews the following output:

The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would MOST likely provide the needed information?

• A. ping -t 10.79.95.173.rdns.datacenters.com
• B. telnet 10.79.95.173 443
• C. ftpd 10.79.95.173.rdns.datacenters.com 443
• D. tracert 10.79.95.173

Answer: B

NEW QUESTION 14
A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack .The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

• A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,
• B. Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.
• C. Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
• D. Conduct a wireless survey to determine if the wireless strength needs to be reduced.

Answer: A

NEW QUESTION 15
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue. INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 16
While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.
To provide the MOST secure access model in this scenario, the jumpbox should be.

• A. placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
• B. placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
• C. bridged between the IT and operational technology networks to allow authenticated access.
• D. placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

Answer: D

NEW QUESTION 17
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?

• A. Sanitization policy
• B. Data sovereignty
• C. Encryption policy
• D. Retention standards

Answer: D

NEW QUESTION 18
Which of the following technologies can be used to house the entropy keys for disk encryption on desktops and laptops?

• A. Self-encrypting drive
• B. Bus encryption
• C. TPM
• D. HSM

Answer: A

NEW QUESTION 19
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.
Which of the following is the MOST likely cause of this issue?

• A. A password-spraying attack was performed against the organization.
• B. A DDoS attack was performed against the organization.
• C. This was normal shift work activity; the SIEM's AI is learning.
• D. A credentialed external vulnerability scan was performed.

Answer: A

NEW QUESTION 20
A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: A

NEW QUESTION 21
......