Top Tips Of Update CS0-002 Questions Pool

NEW QUESTION 1
A security analyst working in the SOC recently discovered Balances m which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in the situation?

• A. implement an IPS signature for the malware and update the blacklisting for the associated domains and IPs
• B. Implement an IPS signature for the malware and another signature request to Nock all the associated domains and IPs
• C. Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains
• D. Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the IPs and domains

Answer: C

NEW QUESTION 2
A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access?

• A. Single sign-on
• B. Mandatory access control
• C. Multifactor authentication
• D. Federation
• E. Privileged access management

Answer: E

NEW QUESTION 3
A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: A

NEW QUESTION 4
An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

• A. Create three separate cloud accounts for each environmen
• B. Configure account peering and security rules to allow access to and from each environment.
• C. Create one cloud account with one VPC for all environment
• D. Purchase a virtual firewall and create granular security rules.
• E. Create one cloud account and three separate VPCs for each environmen
• F. Create security rules to allow access to and from each environment.
• G. Create three separate cloud accounts for each environment and a single core account for network service
• H. Route all traffic through the core account.

Answer: C

NEW QUESTION 5
A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: D

NEW QUESTION 6
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?

• A. Gather information from providers, including datacenter specifications and copies of audit reports.
• B. Identify SLA requirements for monitoring and logging.
• C. Consult with senior management for recommendations.
• D. Perform a proof of concept to identify possible solutions.

Answer: B

NEW QUESTION 7
Which of the following technologies can be used to house the entropy keys for disk encryption on desktops and laptops?

• A. Self-encrypting drive
• B. Bus encryption
• C. TPM
• D. HSM

Answer: A

NEW QUESTION 8
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?

• A. Geofencing
• B. IP restrictions
• C. Reverse proxy
• D. Single sign-on

Answer: A

NEW QUESTION 9
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

• A. Attack vectors
• B. Adversary capability
• C. Diamond Model of Intrusion Analysis
• D. Kill chain
• E. Total attack surface

Answer: B

NEW QUESTION 10
A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?

• A. Insider threat
• B. Buffer overflow
• C. Advanced persistent threat
• D. Zero day

Answer: D

NEW QUESTION 11
As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?

• A. Organizational policies
• B. Vendor requirements and contracts
• C. Service-level agreements
• D. Legal requirements

Answer: D

NEW QUESTION 12
Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.
INSTRUCTIONS
Review the information provided and determine the following:
* 1. How many employees clicked on the link in the phishing email?
* 2. On how many workstations was the malware installed?
* 3. What is the executable file name or the malware?

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Select the following answer as per diagram below:

NEW QUESTION 13
A security analyst implemented a solution that would analyze the attacks that the organization’s firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command.
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
Which of the following solutions did the analyst implement?

• A. Log collector
• B. Crontab mail script
• C. Snikhole
• D. Honeypot

Answer: A

NEW QUESTION 14
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

• A. DST 138.10.2.5.
• B. DST 138.10.25.5.
• C. DST 172.10.3.5.
• D. DST 172.10.45.5.
• E. DST 175.35.20.5.

Answer: A

NEW QUESTION 15
The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

• A. web servers on private networks
• B. HVAC control systems
• C. smartphones
• D. firewalls and UTM devices

Answer: D

NEW QUESTION 16
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation . Which of the following would cause the analyst to further review the incident?
A)

B)

C)

D)

E)

• A. Option A
• B. Option B
• C. Option C
• D. Option D
• E. Option E

Answer: D

NEW QUESTION 17
The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

• A. The DNS name of the new email server
• B. The version of SPF that is being used
• C. The IP address of the new email server
• D. The DMARC policy

Answer: B

NEW QUESTION 18
......