The Improved Guide To CS0-002 Exam

NEW QUESTION 1
Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

• A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
• B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
• C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.
• D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

Answer: A

NEW QUESTION 2
An organization has several system that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

• A. Use SSO across all applications
• B. Perform a manual privilege review
• C. Adjust the current monitoring and logging rules
• D. Implement multifactor authentication

Answer: B

NEW QUESTION 3
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution?

• A. Virtualize the system and decommission the physical machine.
• B. Remove it from the network and require air gapping.
• C. Only allow access to the system via a jumpbox
• D. Implement MFA on the specific system.

Answer: A

NEW QUESTION 4
A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings. Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

• A. Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.
• B. Incorporate prioritization levels into the remediation process and address critical findings first.
• C. Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.
• D. Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

Answer: B

NEW QUESTION 5
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

• A. PC1
• B. PC2
• C. Server1
• D. Server2
• E. Firewall

Answer: B

NEW QUESTION 6
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

• A. The To address is invalid.
• B. The email originated from the www.spamfilter.org URL.
• C. The IP address and the remote server name are the same.
• D. The IP address was blacklisted.
• E. The From address is invalid.

Answer: D

NEW QUESTION 7
During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate:

• A. malware scans.
• B. secure communications.
• C. chain of custody forms.
• D. decryption tools.

Answer: C

NEW QUESTION 8
A large software company wants to move «s source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?

• A. Establish an alternate site with active replication to other regions
• B. Configure a duplicate environment in the same region and load balance between both instances
• C. Set up every cloud component with duplicated copies and auto scaling turned on
• D. Create a duplicate copy on premises that can be used for failover in a disaster situation

Answer: A

NEW QUESTION 9
A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

• A. Development of a hypothesis as part of threat hunting
• B. Log correlation, monitoring, and automated reporting through a SIEM platform
• C. Continuous compliance monitoring using SCAP dashboards
• D. Quarterly vulnerability scanning using credentialed scans

Answer: A

NEW QUESTION 10
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

• A. Install a data loss prevention system, and train human resources employees on its us
• B. Provide PII training to all employees at the compan
• C. Encrypt PII information.
• D. Enforce encryption on all emails sent within the compan
• E. Create a PII program and policy on how to handle dat
• F. Train all human resources employees.
• G. Train all employee
• H. Encrypt data sent on the company networ
• I. Bring in privacy personnel to present a plan on how PII should be handled.
• J. Install specific equipment to create a human resources policy that protects PII dat
• K. Train company employees on how to handle PII dat
• L. Outsource all PII to another compan
• M. Send the human resources director to training for PII handling.

Answer: A

NEW QUESTION 11
A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

• A. Client-side whitelisting
• B. Server-side whitelisting
• C. Server-side blacklisting
• D. Client-side blacklisting

Answer: B

NEW QUESTION 12
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

• A. firewall behind the VPN server
• B. VPN server parallel to the firewall
• C. VPN server behind the firewall
• D. VPN on the firewall

Answer: B

NEW QUESTION 13
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfilltrated?

• A. Monday's logs
• B. Tuesday's logs
• C. Wednesday's logs
• D. Thursday's logs

Answer: D

NEW QUESTION 14
An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

• A. Root-cause analysis
• B. Active response
• C. Advanced antivirus
• D. Information-sharing community
• E. Threat hunting

Answer: E

NEW QUESTION 15
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?

• A. Sanitization policy
• B. Data sovereignty
• C. Encryption policy
• D. Retention standards

Answer: D

NEW QUESTION 16
A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

• A. $75.000
• B. $300.000
• C. $1.425 million
• D. $1.5 million

Answer: A

NEW QUESTION 17
A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.
Which of the following is the NEXT step the analyst should take to address the issue?

• A. Audit access permissions for all employees to ensure least privilege.
• B. Force a password reset for the impacted employees and revoke any tokens.
• C. Configure SSO to prevent passwords from going outside the local network.
• D. Set up privileged access management to ensure auditing is enabled.

Answer: B

NEW QUESTION 18
......