CS0-002 exam

An organization has the following risk mitigation policies • Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000 • Other nsk mitigation will be pnontized based on risk value. The following risks have been identified: Which of the following is the ordei of...

An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device...

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations . Which of the following steps in the intelligence cycle is the security analyst performing?A . Analysis and production B. Processing and...

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).A . Memory cache B. Registry file C. SSD storage D. Temporary filesystems E. Packet decoding F. Swap volumeView...

Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets?A . Remote code execution B. Buffer overflow C. Unauthenticated commands D. Certificate spoofingView AnswerAnswer: C Explanation: Modbus is a communication protocol that is widely used in industrial control systems (ICS). Modbus does not have...

Which of the following can detect vulnerable third-parly libraries before code deployment?A . Impact analysis B. Dynamic analysis C. Static analysis D. Protocol analysisView AnswerAnswer: C Explanation: Static analysis is a method of analyzing the source code or binary code of an application without executing it. Static analysis can detect...

While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue?A . Data execution prevention B. Output encoding C. Prepared statements D. Parameterized queriesView AnswerAnswer: A Explanation: Data execution prevention (DEP) is a security...

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?A . SCAP B. SAST C. DAST D. DACSView AnswerAnswer: A Explanation: SCAP is a protocol designed to assess the security compliance of computers and other devices....

During a review of SIEM alerts, a security analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue?A ....

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which...