CS0-001 Free Practice Test

- (Exam Topic 1)
The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analyst has determined the email includes an attachment named invoice.zip that contains the following files:
Locky.js xerty.ini xerty.lib
Further analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRST to prevent data on the company NAS from being encrypted by infected devices?

1. A. Disable access to the company VPN.
2. B. Email employees instructing them not to open the invoice attachment.
3. C. Set permissions on file shares to read-only.
4. D. Add the URL included in the .js file to the company’s web proxy filter.

Correct Answer: B

- (Exam Topic 2)
An organization has recently experienced a data breach A forensic analysis. On formed the attacker found a legacy web server that had not been used in over a year and was not regularly patched After a discussion with the security team, management decided to initiate a program of network reconnaissance and penetration testing They want to start the process by scanning the network for active hosts and open pods Which of the following tools is BEST suited for this job?

1. A. Ping
2. B. Nmap
3. C. Netstal
4. D. ifconfig
5. E. Wireshark
6. F. L0phtCrack

Correct Answer: B

- (Exam Topic 2)
During a review of security controls, an analyst was able to connect to an external, unsecured FTP server from a workstation. The analyst was troubleshooting and reviewed the ACLs of the segment firewall the workstation is connected to:
<>

1. A. FTP was explicitly allowed in Seq 8 of the ACL.
2. B. FTP was allowed in Seq 10 of the ACL.
3. C. FTP was allowed as being included in Seq 3 and Seq 4 of the ACL.
4. D. FTP was allowed as being outbound from Seq 9 of the ACL.

Correct Answer: A

- (Exam Topic 1)
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?

1. A. Packet of death
2. B. Zero-day malware
3. C. PII exfiltration
4. D. Known virus

Correct Answer: B

- (Exam Topic 2)
An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on the system:
< > >< > >< > >< > >Which of the following tools should the analyst utilize to determine the rogue process?

1. A. Ping 127.0.0.1.
2. B. Use grep to search.
3. C. Use Netstat.
4. D. Use Nessus.

Correct Answer: C