CS0-002 Online Practice Questions and Answers

A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

A. The parties have an MOU between them that could prevent shutting down the systems

B. There is a potential disruption of the vendor-client relationship

C. Patches for the vulnerabilities have not been fully tested by the software vendor

D. There is an SLA with the client that allows very little downtime

A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

A. Develop an asset inventory to determine the systems within the software company

B. Review relevant network drawings, diagrams and documentation

C. Perform penetration tests against the software company's Internal and external networks

D. Baseline the software company's network to determine the ports and protocols in use.

After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

Which of the following it the BEST solution to mitigate this type of attack?

A. Implement a better level of user input filters and content sanitization.

B. Property configure XML handlers so they do not process sent parameters coming from user inputs.

C. Use parameterized Queries to avoid user inputs horn being processed by the server.

D. Escape user inputs using character encoding conjoined with whitelisting

Which of the following BEST describes what an organizations incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

A. The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.

B. The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.

C. The disclosure section should include the names and contact information of key employees who are needed for incident resolution

D. The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening m the future.

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

A. Share details of the security incident with the organization's human resources management team

B. Note the secunty incident so other analysts are aware the traffic is malicious

C. Communicate the secunty incident to the threat team for further review and analysis

D. Report the security incident to a manager for inclusion in the daily report

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company's asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

A. A manual log review from data sent to syslog

B. An OS fingerprinting scan across all hosts

C. A packet capture of data traversing the server network

D. A service discovery scan on the network

A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.

Which of the following BEST describes the control being implemented?

A. Audit remediation

B. Defense in depth

C. Access control

D. Multifactor authentication

A security analyst determines that several workstations are reporting traffic usage on port 3389. All workstations are running the latest OS patches according to patch reporting. The help desk manager reports some users are getting logged off of their workstations, and network access is running slower than normal. The analyst believes a zero-day threat has allowed remote attackers to gain access to the workstations. Which of the following are the BEST steps to stop the threat without impacting all services? (Choose two.)

A. Change the public NAT IP address since APTs are common.

B. Configure a group policy to disable RDP access.

C. Disconnect public Internet access and review the logs on the workstations.

D. Enforce a password change for users on the network.

E. Reapply the latest OS patches to workstations.

F. Route internal traffic through a proxy server.

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Choose two.)

A. COBIT

B. NIST

C. ISO 27000 series

D. ITIL

E. COSO

A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment. Conditionally, other processes will need to be created based on input from prior processes. Which of the following is the BEST method for accomplishing this task?

A. Machine learning and process monitoring

B. Continuous integration and configuration management

C. API integration and data enrichment

D. Workflow orchestration and scripting