CS0-002 exam

Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?A . Agile B. Waterfall C. SDLC D. Dynamic code analysisView AnswerAnswer: A Explanation: Reference: https://www.cleverism.com/software-development-life-cycle-sdlc-methodologies/

Which of the following attacks can be prevented by using output encoding?A . Server-side request forgery B. Cross-site scripting C. SQL injection D. Command injection E. Cross-site request forgery F. Directory traversalView AnswerAnswer: B

Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?A . Unauthorized, unintentional, benign B. Unauthorized, intentional, malicious C. Authorized, intentional, malicious D. Authorized, unintentional, benignView AnswerAnswer: C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack

A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database. Which of the following should the security team...

A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets. Which of the following is the BEST example of the level of sophistication this threat actor is using?A . Social media accounts attributed to...

A security analyst has been alerted to several emails that snow evidence an employee is planning malicious activities that involve employee Pll on the network before leaving the organization. The security analysis BEST response would be to coordinate with the legal department and:A . the public relations department B. senior...

A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer datA. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO's...

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?A . Decompile each binary to derive the source code. B. Perform a factory reset on the affected mobile device. C. Compute SHA-256 hashes for each binary....

An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output: Which of the following should be the focus...

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when...