CS0-002 Online Practice Questions and Answers

HOTSPOT

The developers recently deployed new code to three web servers. A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.

If the venerability is not valid, the analyst must take the proper steps to get the scan clean.

If the venerability is valid, the analyst must remediate the finding.

After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

INTRUCTIONS:

The simulation includes 2 steps.

Step1:Review the information provided in the network diagram and then move to the STEP 2 tab.

STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.

Hot Area:

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

A. Decompile each binary to derive the source code.

B. Perform a factory reset on the affected mobile device.

C. Compute SHA-256 hashes for each binary.

D. Encrypt the binaries using an authenticated AES-256 mode of operation.

E. Inspect the permissions manifests within each application.

A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection. Which of the following is the BEST technical security control to mitigate this risk?

A. Switch to RADIUS technology

B. Switch to TACACS+ technology.

C. Switch to 802 IX technology

D. Switch to the WPA2 protocol.

A security analyst needs to automate the incident response process for malware infections. When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Which of the following is the best way for the analyst to automate alert generation?

A. Deploy a signature-based IDS

B. Install a UEBA-capable antivirus

C. Implement email protection with SPF

D. Create a custom rule on a SIEM

A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port 445 of a file server on the production network. All of the attempts are made with invalid credentials. Which of the following describes what is occurring?

A. Malware has infected the workstation and is beaconing out to the specific IP address of the file server.

B. The file server is attempting to transfer malware to the workstation via SMB.

C. An attacker has gained control of the workstation and is attempting to pivot to the file server by creating an SMB session.

D. An attacker has gained control of the workstation and is port scanning the network.

The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?

A. The security analysts should not respond to internal audit requests during an active investigation

B. The security analysts should report the suspected breach to regulators when an incident occurs

C. The security analysts should interview system operators and report their findings to the internal auditors

D. The security analysts should limit communication to trusted parties conducting the investigation

A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showing susceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which of the following vulnerability management processes should be implemented?

A. Frequent server scanning

B. Automated report generation

C. Group policy modification

D. Regular patch application

A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?

A. Insider threat

B. Nation-state

C. Hacktivist

D. Organized crime

A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use?

A. An adversary capability model

B. The MITRE ATTandCK framework

C. The Cyber Kill Chain

D. The Diamond Model of Intrusion Analysis

The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading

Which of the following should be the NEXT step in this incident response?

A. Enable an ACL on all VLANs to contain each segment

B. Compile a list of loCs so the IPS can be updated to halt the spread.

C. Send a sample of the malware to the antivirus vendor and request urgent signature creation.

D. Begin deploying the new anti-malware on all uninfected systems.