CS0-002 exam

The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile. Which of the...

After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group Policy Object update but cannot validate which update caused the Issue. Which of the following security solutions would resolve this issue?A . Privilege managementB . Group Policy Object...

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts: This script has been running successfully every day. Which of the following commands would...

An organization has the following risk mitigation policy: Risks with a probability of 95% or greater will be addressed before all others regardless of the impact. All other prioritization will be based on risk value. The organization has identified the following risks: Which of the following is the order of...

A consultant evaluating multiple threat intelligence leads to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?A . Ask for external scans from industry peers, look at the open ports, and compare Information with...

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:A . detection and prevention capabilities to improve.B . which systems were exploited more frequently.C . possible evidence that is missing during forensic...

As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for...

Which of the following incident response components can identify who is the llaison between multiple lines of business and the pubic?A . Red-team analysisB . Escalation process and proceduresC . Triage and analysisD . Communications planView AnswerAnswer: D Explanation: A communications plan is a document that outlines how information will...

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?A ....

Which of the following is MOST important when developing a threat hunting program?A . Understanding penetration testing techniquesB . Understanding how to build correlation rules within a SIEMC . Understanding security software technologiesD . Understanding assets and categories of assetsView AnswerAnswer: D Explanation: Understanding assets and categories of assets is...