Updated CS0-002 Dumps Questions – Actual CS0-002 Questions And Answers For Passing

1. As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy.

Based on the CISO's concerns, the assessor will MOST likely focus on:

2. A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

3. An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization. The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message.

In addition to retraining the employee, which of the following would prevent this from happening in the future?

4. A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports.

Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access?

5. A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach.

Which of the following is the BEST mitigation to prevent unauthorized access?

6. A company’s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user’s activity session.

Which of the following is the BEST technique to address the CISO’s concerns?

7. A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week.

Which of the following will enable the analyst to obtain the BEST results?

8. An incident response team is responding to a breach of multiple systems that contain PII and PHI.

Disclosing the incident to external entities should be based on:

9. A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware.

Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

10. A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan.

In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?

11. A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445.

Which of the following should be the team's NEXT step during the detection phase of this response process?

12. A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable.

Which of the following is the MOST likely cause of this issue?

13. The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

14. A company wants to establish a threat-hunting team.

Which of the following BEST describes the rationale for integration intelligence into hunt operations?

15. A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing.

Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques'?

16. An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed.

Which of the following is the BEST technology for the analyst to recommend?

17. A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise.

Which of the following describes the type of vulnerability that was MOST likely expiated?

18. The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

19. A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS.

Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

20. During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO <[email protected]> THEN mailto: <[email protected]>

SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>

The executive is not aware of this rule.

Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

21. During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

22. A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.

Which of the following should be done to prevent this issue from reoccurring?

23. A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident.

Which of the following threat research methodoloqies would be MOST appropriate for the analyst to use?

24. A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

25. An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server.

The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

26. A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful.

Which of the following should the security analyst perform NEXT?

27. The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion.

Which of the following actions would work BEST to prevent against this type of attack?

28. A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application.

Which of the following is the FIRST step the analyst should take to prevent future attacks?

29. An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.

Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

30. A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now.

The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

31. The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones.

The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

32. An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application.

The working hypothesis is as follows:

• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target

• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks.

Which of the following BEST represents the technique in use?

33. A cybersecurity analyst is establishing a threat hunting and intelligence group at a growing organization.

Which of the following is a collaborative resource that would MOST likely be used for this purpose?

34. After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

Which of the following IP addresses does the analyst need to investigate further?

35. For machine learning to be applied effectively toward security analysis automation, it requires.

36. An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers.

Which of the following is a benefit of having these communication plans?

37. An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used.

Which of the following commands should the analyst use?

38. Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?

39. A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings.

Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

40. An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal.

Which of the following commands will allow the security analyst to confirm the incident?

41. As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information.

After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?

42. A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality.

Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

43. A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied.

When conducting the scan, the analyst received the following code snippet of results:

Which of the following describes the output of this scan?

44. Which of the following MOST accurately describes an HSM?

45. Which of the following is MOST closely related to the concept of privacy?

46. A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.

Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

47. A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented.

Which of the following describes the type of threat actors that should concern the security analyst?

48. A security analyst scanned an internal company subnet and discovered a host with the following Nmap output.

Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?

49. A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior.

Which of the following malware analysis approaches is this?

50. The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

51. A company just chose a global software company based in Europe to implement a new supply chain management solution.

Which of the following would be the MAIN concern of the company?

52. An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.

Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

53. While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.

The analyst sees the following on the laptop's screen:

Which of the following is the BEST action for the security analyst to take?

54. An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures.

Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

55. A company wants to reduce the cost of deploying servers to support increased network growth. The company is currently unable to keep up with the demand, so it wants to outsource the infrastructure to a cloud-based solution.

Which of the following is the GREATEST threat for the company to consider when outsourcing its infrastructure?

56. A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.

Which of the following data privacy standards does this violate?

57. A security analyst is reviewing the following requirements (or new time clocks that will be installed in a shipping warehouse:

• The clocks must be configured so they do not respond to ARP broadcasts.

• The server must be configured with static ARP entries for each clock.

Which of the following types of attacks will this configuration mitigate?

58. A security analyst inspects the header of an email that is presumed to be malicious and sees the following:

Which of the following is inconsistent with the rest of the header and should be treated as suspicious?

59. A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised.

When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

60. A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client.

Which of the following is MOST likely inhibiting the remediation efforts?

61. A company creates digitally signed packages for its devices.

Which of the following BEST describes the method by which the security packages are delivered to the company's customers?

62. A cybersecurity analyst is dissecting an intrusion down to the specific techniques and wants to organize them in a logical manner.

Which of the following frameworks would BEST apply in this situation?

63. An analyst performs a routine scan of a host using Nmap and receives the following output:

Which of the following should the analyst investigate FIRST?

64. A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

65. A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?

66. HOTSPOT

Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.

INSTRUCTIONS

Click on me ticket to see the ticket details Additional content is available on tabs within the ticket

First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

67. A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.

Which of the following would be the BEST solution to recommend to the director?

68. A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation.

Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

69. An analyst is reviewing the following code output of a vulnerability scan:

if (search name ! = null )

{

%>

employee <%search names%> not found

}

Which of the following types of vulnerabilities does this MOST likely represent?

70. A security analyst needs to obtain the footprint of the network.

The footprint must identify the following information;

• TCP and UDP services running on a targeted system

• Types of operating systems and versions

• Specific applications and versions

Which of the following tools should the analyst use to obtain the data?

71. A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised.

Which of the following is the value of this risk?

72. A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

73. A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment.

Which of the following is the BEST solution?

74. Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything.

The security team obtains the laptop and begins to investigate, noting the following:

✑ File access auditing is turned off.

✑ When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.

✑ All processes running appear to be legitimate processes for this user and machine.

✑ Network traffic spikes when the space is cleared on the laptop.

✑ No browser is open.

Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

75. While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal.

Which of the following would be BEST to prevent this type of attack from beinq successful1?

76. An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding.

When of the following would be the BEST integration option for the service?

77. An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.

Which of the following is the BEST approach for supply chain assessment when selecting a vendor?

78. During a cyber incident, which of the following is the BEST course of action?

79. A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program.

Which of the following is the MOST appropriate product category for this purpose?

80. A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other

processes will need to be created based on input from prior processes

Which of the following is the BEST method for accomplishing this task?

81. After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced output was compromised?

82. The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded

and has revealed a worm is spreading

Which of the following should be the NEXT step in this incident response?

83. A security analyst is generating a list of recommendations for the company's insecure API.

Which of the following is the BEST parameter mitigation rec

84. An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours.

Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

85. A company's marketing emails are either being found in a spam folder or not being delivered at all.

The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com.

Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

A)

B)

C)

D)

86. A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.

Which of the following is the MOST likely cause of this issue?

87. A security analyst is reviewing a suspected phishing campaign that has targeted an organisation. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working.

The analyst runs the following command:

> dig domain._domainkey.comptia.orq TXT

Which of the following email protection technologies is the analyst MOST likely validating?

88. While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it.

Which of the following is the BEST solution for the security analyst to implement?

89. A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities.

The type of vulnerability that should be disseminated FIRST is one that:

90. CORRECT TEXT

You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company's hardening guidelines indicate the following:

• TLS 1.2 is the only version of TLS running.

• Apache 2.4.18 or greater should be used.

• Only default ports should be used.

INSTRUCTIONS

Using the supplied data, record the status of compliance with the company's guidelines for each server.

The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

91. During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation.

Which of the following would cause the analyst to further review the incident?

A)

B)

C)

D)

E)

92. A hybrid control is one that:

93. An organization supports a large number of remote users.

Which of the following is the BEST option to protect the data on the remote users1 laptops?

94. A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified.

Which of the following will provide a trend of risk mitigation?

95. A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

96. While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:

• All sensitive data must be classified

• All sensitive data must be purged on a quarterly basis

• Certificates of disposal must remain on file for at least three years

This framework control is MOST likely classified as:

97. A network attack that is exploiting a vulnerability in the SNMP is detected.

Which of the following should the cybersecurity analyst do FIRST?

98. Which of the following technologies can be used to house the entropy keys for disk encryption on desktops and laptops?

99. A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent.

Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

100. A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.

Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)