CS0-002 exam

A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of...

A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation recA . Implement parameterized queries.B . Use effective authentication and authorization methods.C . Validate all incoming data.D . Use TLs for all data exchanges.View AnswerAnswer: D

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch. Which of the following is the MOST appropriate threat classification for these incidents?A . Known threatB . Zero dayC...

A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results: Which of the following describes the output of this scan?A . The analyst has discovered a False Positive, and the...

As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO's concerns,...

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of...

A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below: Based on the scenario...

During an investigation, an analyst discovers the following rule in an executive’s email client: IF * TO <[email protected]> THEN mailto: <[email protected]> SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]> The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact...

After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred: Which of the following IP addresses does the analyst need to investigate further?A . 192.168.1.1B . 192.168.1.10C . 192.168.1.12D . 192.168.1.193View AnswerAnswer:...

Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?A . Data encryptionB . Data deidentificationC . Data maskingD . Data minimizationView AnswerAnswer: A