CS0-002 exam

An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently...

A security analyst needs to reduce the overall attack surface. Which of the following infrastructure changes should the analyst recommend?A . Implement a honeypot. B. Air gap sensitive systems. C. Increase the network segmentation. D. Implement a cloud-based architecture.View AnswerAnswer: C Explanation: Reference: https://www.securitymagazine.com/articles/89283-ways-to-reduce-your-attack-surface

During a cyber incident, which of the following is the BEST course of action?A . Switch to using a pre-approved, secure, third-party communication system. B. Keep the entire company informed to ensure transparency and integrity during the incident. C. Restrict customer communication until the severity of the breach is confirmed....

An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company. Which of the following technical controls would BEST accomplish this goal?A . DLP B. Encryption C. Data masking D. SPFView AnswerAnswer: C

An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework. At this time, the analyst only needs to focus on the technical controls . Which of the following should the analyst provide an assessment of?A . Tokenization of sensitive data B. Establishment o'...

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in...

A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access?A . Single sign-on B. Mandatory access...

An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform. Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?A . FaaS B. RTOS C. SoC D. GPS E. CAN busView AnswerAnswer: E

A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named webserverlist.xml. The host list is provided in a file named webserverlist.txt . Which of the...

A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks. To BEST mitigate this risk, the analyst should use.A . an 802.11ac wireless bridge to create an air gap. B. a...