Test CS0-002
Question 1:Employees of a large financial company are continuously being infected by strands of malware that are not detected by EDR tools. Which of the following is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?
A.
MFA on the workstations
B.
Additional host firewall rules
C.
VDI environment
D.
Hard drive encryption
E.
Network access control
F.
Network segmentation
Question 2:
An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?
A.
Use the MITRE ATT&CK framework to develop threat models.
B.
Conduct internal threat research and establish indicators of compromise.
C.
Review the perimeter firewall rules to ensure the accuracy of the rule set.
D.
Use SCAP scans to monitor for configuration changes on the network.
Question 3:
A security team is struggling with alert fatigue, and the Chief Information Security Officer has decided to purchase a SOAR platform to alleviate this issue. Which of the following BEST describes how a SOAR platform will help the security team?
A.
SOAR will integrate threat intelligence into the alerts, which will help the security team decide which events should be investigated first.
B.
A SOAR platform connects the SOC with the asset database, enabling the security team to make informed decisions immediately based on asset criticality.
C.
The security team will be able to use the SOAR framework to integrate the SIEM with a TAXII server, which has an automated intelligence feed that will enhance the alert data.
D.
Logic can now be created that will allow the SOAR platform to block specific traffic at the firewall according to predefined event triggers and actions.
Question 4:
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent similar activity from happening in the future?
A.
An IPS signature modification for the specific IP addresses
B.
An IDS signature modification for the specific IP addresses
C.
A firewall rule that will block port 80 traffic
D.
Implement a WAF to restrict malicious web content
Question 5:
During an audit, several customer order forms v/ere found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the BEST way to locate this issue?
A.
Reduce the session timeout threshold.
B.
Deploy MFA for access to the web server.
C.
Implement input validation.
D.
Run a static code scan.
Question 6:
SIMULATION -
Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
INSTRUCTIONS -
Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question 7:
A help desk technician inadvertently sent the credentials of the company's CRM in cleartext to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident. According to the incident response procedure, which of the following should the security team do NEXT?
A.
Contact the CRM vendor.
B.
Prepare an incident summary report.
C.
Perform postmortem data correlation.
D.
Update the incident response plan.
Question 8:
An organization is adopting IoT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far, leaving hardware-related weaknesses open to compromise.
Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?
A.
Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.
B.
Apply all firmware updates as soon as they are released to mitigate the risk of compromise.
C.
Sign up for vendor emails and create firmware update change plans for affected devices.
D.
Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.
Question 9:
A security analyst at example.com receives SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:
Packet capture:
TCP stream:
Which of the following actions should the security analyst take NEXT?
A.
Review the known Apache vulnerabilities to determine if a compromise actually occurred.
B.
Contact the application owner for connect.example.local for additional information.
C.
Mark the alert as a false positive scan coming from an approved source.
D.
Raise a request to the firewall team to block 203.0.113.15.
Question 10:
A newly appointed Chief Information Security Officer has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
A.
Planning
B.
Continuous monitoring
C.
Risk response
D.
Risk analysis
E.
Oversight
Disclaimer:
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.