CS0-001 Free Practice Test

- (Exam Topic 2)
The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancement to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

1. A. OSSIM
2. B. NIST
3. C. PCI
4. D. OWASP

Correct Answer: B
Reference https://www.nist.gov/sites/default/files/documents/itl/Cybersecurity_Green-Paper_FinalVersion.pdf

- (Exam Topic 1)
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?

1. A. The analyst is not using the standard approved browser.
2. B. The analyst accidently clicked a link related to the indicator.
3. C. The analyst has prefetch enabled on the browser in use.
4. D. The alert in unrelated to the analyst’s search.

Correct Answer: C

- (Exam Topic 1)
A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?

1. A. Attackers are running reconnaissance on company resources.
2. B. An outside command and control system is attempting to reach an infected system.
3. C. An insider is trying to exfiltrate information to a remote network.
4. D. Malware is running on a company system.

Correct Answer: B

- (Exam Topic 2)
A cybersecurity analyst is reviewing the following outputs:
<>

1. A. The remote host is redirecting port 80 to port 8080.
2. B. The remote host is running a service on port 8080.
3. C. The remote host’s firewall is dropping packets for port 80.
4. D. The remote host is running a web server on port 80.

Correct Answer: B

- (Exam Topic 1)
Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

1. A. Incident response plan
2. B. Lessons learned report
3. C. Reverse engineering process
4. D. Chain of custody documentation

Correct Answer: B