Forge ahead, and let your aspirations take flight, bolstered by the profound wisdom within the CS0-002 dumps. Fine-tuned to perfection to mirror the diverse contours of the syllabus, the CS0-002 dumps roll out an expansive suite of practice questions, building a robust foundation. Whether the meticulous details of PDFs catch your eye or the captivating depths of the VCE format capture your imagination, the CS0-002 dumps remain peerless. An exhaustive study guide, seamlessly incorporated into the CS0-002 dumps, decodes the enigmas, paving the way for success. Trusting unwaveringly in the quality of these resources, we wholeheartedly endorse our 100% Pass Guarantee.
[Freshly Updated] Aim high in your exams with the free CS0-002 PDF and Exam Questions, vowing for top performance
Question 1:
A Chief Executive Officer (CEO) is concerned the company will be exposed lo data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?
A. Data masking procedures
B. Enhanced encryption functions
C. Regular business impact analysis functions
D. Geographic access requirements
Correct Answer: D
Data Sovereignty means that data is subject to the laws and regulations of the geographic location where that data is collected and processed. Data sovereignty is a country-specific requirement that data must remain within the borders of the jurisdiction where it originated. At its core, data sovereignty is about protecting sensitive, private data and ensuring it remains under the control of its owner. You\’re only worried about that if you\’re in multiple locations. . https://www.virtru.com/ blog/gdpr-data-sovereignty-matters- globally
Question 2:
Which of the following is the MOST important objective of a post-incident review?
A. Capture lessons learned and improve incident response processes
B. Develop a process for containment and continue improvement efforts
C. Identify new technologies and strategies to remediate
D. Identify a new management strategy
Correct Answer: A
Question 3:
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and
the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)
A. Cardholder data
B. Intellectual property
C. Personal health information
D. Employee records
E. Corporate financial data
Correct Answer: AC
Question 4:
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?
A. Packet of death
B. Zero-day malware
C. PII exfiltration
D. Known virus
Correct Answer: B
Question 5:
Which of the following is a difference between SOAR and SCAP?
A. SOAR can be executed taster and with fewer false positives than SCAP because of advanced heunstics
B. SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope
C. SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does
D. SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts
Correct Answer: B
Question 6:
A new vanant of malware is spreading on ihe company network using TCP 443 to contact its command- and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance.
Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?
A. Implement a sinkhole with a high entropy level
B. Disable TCP/53 at the penmeter firewall
C. Block TCP/443 at the edge router
D. Configure the DNS forwarders to use recursion
Correct Answer: A
Question 7:
A company\’s Chief Information Security Officer (CISO) published an Internet usage policy that prohibits employees from accessing unauthorized websites. The IT department whitelisted websites used for business needs. The CISO wants the security analyst to recommend a solution that would improve security and support employee morale. Which of the following security recommendations would allow employees to browse non-business-related websites?
A. Implement a virtual machine alternative.
B. Develop a new secured browser.
C. Configure a personal business VLAN.
D. Install kiosks throughout the building.
Correct Answer: C
Question 8:
An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on the system:
lsass.exe csrss.exe wordpad.exe notepad.exe
Which of the following tools should the analyst utilize to determine the rogue process?
A. Ping 127.0.0.1.
B. Use grep to search.
C. Use Netstat.
D. Use Nessus.
Correct Answer: C
Question 9:
During a routine review of firewall logs, an analyst identified that an IP address from the organization\’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident\’s impact assessment?
A. PII of company employees and customers was exfiltrated.
B. Raw financial information about the company was accessed.
C. Forensic review of the server required fall-back on a less efficient service.
D. IP addresses and other network-related configurations were exfiltrated.
E. The local root password for the affected server was compromised.
Correct Answer: A
Question 10:
A security analyst is probing a company\’s public-facing servers for vulnerabilities and obtains the following output:
Which of the following changes should the analyst recommend FIRST?
A. Implement File Transfer Protocol Secure on the upload server
B. Disable anonymous login on the web server
C. Configure firewall changes to close port 445 on 124.45.23.112
D. Apply a firewall rule to filter the number of requests per second on port 80 on 124.45.23.108
Correct Answer: C
SMB exploitation and remote code execution can do a lot more damage to files/network compared to a DoS causing a site to be down.
Question 11:
During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products.
Which of the following would be the BEST way to locate this issue?
A. Reduce the session timeout threshold
B. Deploy MFA for access to the web server
C. Implement input validation
D. Run a static code scan
Correct Answer: D
Implementing input validation is NOT the best way to LOCATE THE ISSUE. It\’s a mitigation technique to reduce the likelihood of exploitation. D – static code analysis and code review is the way to go.
Question 12:
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds. Which of the following can be inferred from this activity?
A. 10.200.2.0/24 is infected with ransomware.
B. 10.200.2.0/24 is not routable address space.
C. 10.200.2.5 is a rogue endpoint.
D. 10.200.2.5 is exfiltrating data.
Correct Answer: D
Question 13:
A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?
A. Review the firewall logs.
B. Review syslogs from critical servers.
C. Perform fuzzing.
D. Install a WAF in front of the application server.
Correct Answer: B
Question 14:
A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists. The analyst uses the following snippet of code:
Which of the following vulnerabilities is the analyst checking for?
A. Buffer overflow
B. SQL injection
C. Default passwords
D. Format string attack
Correct Answer: B
Question 15:
A company has received the results of an external vulnerability scan from its approved scanning vendor. The company is required to remediate these vulnerabilities for clients within 72 hours of acknowledgement of the scan results.
Which of the following contract breaches would result if this remediation is not provided for clients within the time frame?
A. Service level agreement
B. Regulatory compliance
C. Memorandum of understanding
D. Organizational governance
Correct Answer: A