Embark on a journey of certification enlightenment, with the CS0-002 dumps as your unwavering companion. Crafted with an eye for detail to align with the diverse curriculum, the CS0-002 dumps offer a wide expanse of practice questions, solidifying your expertise. Whether the unerring clarity of PDFs engages you or the dynamic depths of the VCE format entrances, the CS0-002 dumps have you covered. An all-encompassing study guide, central to the CS0-002 dumps, sheds light on elusive concepts, simplifying your journey. With an unwavering commitment to these offerings, we confidently champion our 100% Pass Guarantee.
Elevate your chances of acing the CS0-002 exam with our expertly-crafted CS0-002 VCE and PDF study tools
Question 1:
During a routine review of firewall logs, an analyst identified that an IP address from the organization\’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident\’s impact assessment?
A. PII of company employees and customers was exfiltrated.
B. Raw financial information about the company was accessed.
C. Forensic review of the server required fall-back on a less efficient service.
D. IP addresses and other network-related configurations were exfiltrated.
E. The local root password for the affected server was compromised.
Correct Answer: A
Question 2:
An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant. An analyst observes the following:
1.
Antivirus signatures were updated recently
2.
The desktop background was changed
3.
Web proxy logs show browsing to various information security sites and ad network traffic
4.
There is a high volume of hard disk activity on the file server
5.
SMTP server shown the employee recently received several emails from blocked senders
6.
The company recently switched web hosting providers
7.
There are several IPS alerts for external port scans
Which of the following describes how the employee got this type of ransomware?
A. The employee fell victim to a CSRF attack
B. The employee was using another user\’s credentials
C. The employee opened an email attachment
D. The employee updated antivirus signatures
Correct Answer: A
Question 3:
An organization is developing software to match customers\’ expectations. Before the software goes into production, it must meet the following quality assurance guidelines
Uncover all the software vulnerabilities.
Safeguard the interest of the software\’s end users.
Reduce the likelihood that a defective program will enter production.
Preserve the Interests of me software producer
Which of me following should be performed FIRST?
A. Run source code against the latest OWASP vulnerabilities.
B. Document the life-cycle changes that look place.
C. Ensure verification and vacation took place during each phase.
D. Store the source code in a software escrow.
E. Conduct a static analysis of the code.
Correct Answer: C
Question 4:
A company\’s security officer needs to implement geographical IP blocks for nation-state actors from a foreign country. On which of the following should the blocks be implemented?
A. Data loss prevention
B. Network access control
C. Access control list
D. Web content filter
Correct Answer: C
Question 5:
A financial organization has offices located globally. Per the organization\’s policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization\’s data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?
A. Implement a mobile device wiping solution for use if a device is lost or stolen.
B. Install a DLP solution to track data now
C. Install an encryption solution on all mobile devices.
D. Train employees to report a lost or stolen laptop to the security department immediately
Correct Answer: C
Question 6:
A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate web server. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the web server. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BEST describes the type of threat being used?
A. APT
B. Zero-day attack
C. Man-in-the-middle attack
D. XSS
Correct Answer: A
Question 7:
A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?
A. TCP
B. SMTP
C. ICMP
D. ARP
Correct Answer: C
Question 8:
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?
A. Implement a UTM instead of a stateful firewall and enable gateway antivirus.
B. Back up the workstations to facilitate recovery and create a gold image.
C. Establish a ransomware awareness program and implement secure and verifiable backups.
D. Virtualize all the endpoints with daily snapshots of the virtual machines.
Correct Answer: C
Question 9:
Which of the following BEST describes HSM?
A. A computing device that manages cryptography, decrypts traffic, and maintains library calls
B. A computing device that manages digital keys, performs encryption/decryption functions, and maintains other cryptographic functions
C. A computing device that manages physical keys, encrypts devices, and creates strong cryptographic functions D. A computing device that manages algorithms, performs entropy functions, and maintains digital signatures
Correct Answer: B
Question 10:
An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?
A. Implement outgoing filter rules to quarantine messages that contain card data
B. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist
C. Remove all external recipients from the employee\’s address book
D. Set the outgoing mail filter to strip spreadsheet attachments from all messages.
Correct Answer: A
Question 11:
A company\’s data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?
A. Printed reports from the database contain sensitive information
B. DRM must be implemented with the DLP solution
C. Users are not labeling the appropriate data sets
D. DLP solutions are only effective when they are implemented with disk encryption
Correct Answer: B
Reference: https://www.vaultize.com/blog/-enterprise-drm-and-dlp-are-amazing-together.html
Question 12:
During a recent audit, there were a lot of findings similar to and including the following:
Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?
A. Use an automated patch management solution.
B. Remove the affected software programs from the servers.
C. Run Microsoft Baseline Security Analyzer on all of the servers.
D. Schedule regular vulnerability scans for all servers on the network.
Correct Answer: A
Question 13:
A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in
A. Strict input validation
B. Blacklisting
C. SQL patching
D. Content filtering
E. Output encoding
Correct Answer: A
Question 14:
A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal.
Which of the following is the BEST manner in which to dispose of the hardware appliance?
A. Ensure the hardware appliance has the ability to encrypt the data before disposing of it.
B. Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.
C. Return the hardware appliance to the vendor, as the vendor is responsible for disposal.
D. Establish guidelines for the handling of sensitive information.
Correct Answer: B
Question 15:
Which of the following is a reason for correctly identifying APTs that might be targeting an organization?
A. APTs’ passion for social justice will make them ongoing and motivated attackers.
B. APTs utilize methods and technologies differently than other threats.
C. APTs are primarily focused on financial gain and are widely available over the internet.
D. APTs lack sophisticated methods, but their dedication makes them persistent.
Correct Answer: B