CS0-002 exam

A cybersecurity analyst has access to several threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic. Which of the following would BEST accomplish this goal?A . Continuous integration and deploymentB . Automation and orchestrationC . Static and dynamic analysisD . Information sharing and analysisView AnswerAnswer:...

A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?A . Development of a hypothesis as part of threat...

A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get...

An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?A . Copies of prior...

Data spillage occurred when an employee accidentally emailed a sensitive file to an external recipient. Which of the following controls would have MOST likely prevented this incident?A . SSOB . DLPC . WAFD . VDIView AnswerAnswer: B Explanation: Reference: https://greenlightcorp.com/blog/cyber-security-solutions-data-spillage-and-how-to-create-an-after-incident-to-do-list/

A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below: Based on the scenario...

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?A . Decompile each binary to derive the source code.B . Perform a factory reset on the affected mobile device.C . Compute SHA-256 hashes for each binary.D...

A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet. Which of the following solutions would meet this requirement?A . Establish a hosted SSC . Implement a CASE . Virtualize the...

A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features....

A cybersecurity analyst is contributing to a team hunt on an organization's endpoints. Which of the following should the analyst do FIRST?A . Write detection logic.B . Establish a hypothesis.C . Profile the threat actors and activities.D . Perform a process analysis.View AnswerAnswer: C Explanation: Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting