CS0-002 exam

A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445 . Which of the following should be the team's...

A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment. Which of the following is the BEST solution?A . Virtualize the system and decommission the physical machine. B. Remove it from the network...

The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately . Which of the following would be the...

An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented. Which of the following methods would BEST secure the company's infrastructure and...

HOTSPOT Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue. INSTRUCTIONS Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select...

Which of the following is the MOST important objective of a post-incident review?A . Capture lessons learned and improve incident response processes B. Develop a process for containment and continue improvement efforts C. Identify new technologies and strategies to remediate D. Identify a new management strategyView AnswerAnswer: A

An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures . Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?A . A simulated breach scenario evolving the incident response team B. Completion of annual information...

A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised. Which of the following would provide the BEST results?A . Baseline configuration assessment B. Uncredentialed scan C. Network ping sweep D. External penetration testView AnswerAnswer: D

A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to...

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?A . Create a full disk image of the server's hard drive to look for the file containing the malware. B. Run a manual antivirus...