CS0-002 Online Practice Questions and Answers

A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to

create a policy that will automatically disable the services for all workstations in the organization.

Which of the following BEST describes the security analyst's goal?

A. To create a system baseline

B. To reduce the attack surface

C. To optimize system performance

D. To improve malware detection

Which of the following is the greatest security concern regarding ICS?

A. The involved systems are generally hard to identify.

B. The systems are configured for automatic updates, leading to device failure.

C. The systems are oftentimes air gapped, leading to fileless malware attacks.

D. Issues on the systems cannot be reversed without rebuilding the systems.

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are MOST volatile and should be preserved? (Choose two.)

A. Memory cache

B. Registry file

C. SSD storage

D. Temporary filesystems

E. Packet decoding

F. Swap volume

An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

A. Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.

B. Extract the server's system timeline, verifying hashes and network connections during a certain time frame.

C. Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.

D. Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

A. Message queuing telemetry transport does not support encryption.

B. The devices may have weak or known passwords.

C. The devices may cause a dramatic Increase in wireless network traffic.

D. The devices may utilize unsecure network protocols.

E. Multiple devices may interface with the functions of other loT devices.

F. The devices are not compatible with TLS 12.

Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)

A. Kitten

B. Panda

C. Tiger

D. Jackal

E. Bear

F. Spider

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of the following vulnerability options would BEST create the process requirements?

A. Utilizing an operating system SCAP plugin

B. Utilizing an authorized credential scan

C. Utilizing a non-credential scan

D. Utilizing a known malware plugin

Which of the allowing is a best practice with regard to interacting with the media during an incident?

A. Allow any senior management level personnel with knowledge of the incident to discuss it.

B. Designate a single port of contact and at least one backup for contact with the media.

C. Stipulate that incidents are not to be discussed with the media at any time during the incident.

D. Release financial information on the impact of damages caused by the incident.

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

A. SCAP

B. SAST

C. DAST

D. DACS

A security analyst needs to acquire evidence by cloning hard drives, which will then be acquired by a third-party forensic lab. The security analyst is concerned about modifying evidence on the hard drives. Which of the following should be the NEXT step to preserve the evidence?

A. Apply encryption over the data during the evidence collection process.

B. Create a file hash of the drive images and clones.

C. Use an encrypted USB stick to transfer the data from the hard drives.

D. Initiate a chain of custody document and ask the data owner to sign it.