CS0-002 exam

A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?A . Violating national security policyB . Packet injectionC . Loss of intellectual propertyD . International labor lawsView AnswerAnswer: A

A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use?A . An...

An analyst is reviewing the following code output of a vulnerability scan: Which of the following types of vulnerabilities does this MOST likely represent?A . A insecure direct object reference vulnerabilityB . An HTTP response split vulnerabilityC . A credential bypass vulnerabilityD . A XSS vulnerabilityView AnswerAnswer: C

The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?A . Whitelisting authorized IP addressesB . Enforcing more complex password requirementsC . Blacklisting unauthorized IP addressesD . Establishing a sinkhole serviceView AnswerAnswer: C

A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get...

Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?A . Unauthorized, unintentional, benignB . Unauthorized, intentional, maliciousC . Authorized, intentional, maliciousD . Authorized, unintentional, benignView AnswerAnswer: C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack

Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?A . AgileB . WaterfallC . SDLCD . Dynamic code analysisView AnswerAnswer: A Explanation: Reference: https://www.cleverism.com/software-development-life-cycle-sdlc-methodologies/

A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO's...

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the:A . firewall behind the VPN serverB . VPN server parallel to the firewallC . VPN server behind the...

A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?A . Public relations must receive information promptly in...