CS0-002 Online Practice Questions and Answers

A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior. Which of the following malware analysis approaches is this?

A. White box testing

B. Fuzzing

C. Sandboxing

D. Static code analysis

After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

Which of the following IP addresses does the analyst need to investigate further?

A. 192.168.1.1

B. 192.168.1.10

C. 192.168.1.12

D. 192.168.1.193

When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

A. nmap -sA -O -noping

B. nmap -sT -O -P0

C. nmap -sS -O -P0

D. nmap -sQ -O -P0

An organization is developing software to match customers' expectations. Before the software goes into production, it must meet the following quality assurance guidelines

Uncover all the software vulnerabilities.

Safeguard the interest of the software's end users.

Reduce the likelihood that a defective program will enter production.

Preserve the Interests of me software producer

Which of me following should be performed FIRST?

A. Run source code against the latest OWASP vulnerabilities.

B. Document the life-cycle changes that look place.

C. Ensure verification and vacation took place during each phase.

D. Store the source code in a software escrow.

E. Conduct a static analysis of the code.

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

A. Resetting the phone to factory settings

B. Rebooting the phone and installing the latest security updates

C. Documenting the respective chain of custody

D. Uninstalling any potentially unwanted programs

E. Performing a memory dump of the mobile device for analysis

F. Unlocking the device by blowing the eFuse

A new policy requires the security team to perform web application and OS vulnerability scans. All of the company's web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company's web application, while at the same time reducing false positives?

A. The vulnerability scanner should be configured to perform authenticated scans.

B. The vulnerability scanner should be installed on the web server.

C. The vulnerability scanner should implement OS and network service detection.

D. The vulnerability scanner should scan for known and unknown vulnerabilities.

A vulnerability scan came back with critical findings for a Microsoft SharePoint server:

Which of the following actions should be taken?

A. Remove Microsoft Office from the server.

B. Document the finding as an exception.

C. Install a newer version of Microsoft Office on the server.

D. Patch Microsoft Office on the server.

A security analyst at a large financial institution is evaluating the security posture of a smaller financial company. The analyst is performing the evaluation as part of a due diligence process prior to a potential acquisition. With which of the following threats should the security analyst be MOST concerned? (Choose two.)

A. Breach of confidentiality and market risks can occur if the potential acquisition is leaked to the press.

B. The parent company is only going through this process to identify and steal the intellectual property of the smaller company.

C. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.

D. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.

E. The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.

F. The company being acquired may already be compromised and this could pose a risk to the parent company's assets.

A Chief Executive Officer (CEO) wants to implement BYOD in the environment. Which of the following options should the security analyst suggest to protect corporate data on these devices? (Choose two.)

A. Disable VPN connectivity on the device.

B. Disable Bluetooth on the device.

C. Disable near-field communication on the device.

D. Enable MDM/MAM capabilities.

E. Enable email services on the device.

F. Enable encryption on all devices.

A host is spamming the network unintentionally. Which of the following control types should be used to address this situation?

A. Managerial

B. Technical

C. Operational

D. Corrective