CS0-002 Free Practice Test

- (Exam Topic 2)
While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be BEST to prevent this type of attack from beinq successful?

1. A. Implement MFA on the email portal using out-of-band code delivery.
2. B. Create a new rule in the IDS that triggers an alert on repeated login attempts
3. C. Leverage password filters to prevent weak passwords on employee accounts from being exploited.
4. D. Alter the lockout policy to ensure users are permanently locked out after five attempts.
5. E. Configure a WAF with brute force protection rules in block mode

Correct Answer: A

- (Exam Topic 3)
Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

1. A. Message queuing telemetry transport does not support encryption.
2. B. The devices may have weak or known passwords.
3. C. The devices may cause a dramatic Increase in wireless network traffic.
4. D. The devices may utilize unsecure network protocols.
5. E. Multiple devices may interface with the functions of other loT devices.
6. F. The devices are not compatible with TLS 12.

Correct Answer: BD

- (Exam Topic 3)
A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?

1. A. The whitelist
2. B. The DNS
3. C. The blocklist
4. D. The IDS signature

Correct Answer: D

- (Exam Topic 2)
An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization’s network. Which of the following approaches should the security analyst recommend?

1. A. Use the MITRE ATT&CK framework to develop threat models.
2. B. Conduct internal threat research and establish indicators of compromise.
3. C. Review the perimeter firewall rules to ensure rule-set accuracy.
4. D. Use SCAP scans to monitor for configuration changes on the network.

Correct Answer: D

- (Exam Topic 2)
A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident Which of the followinq threat research methodoloqies would be MOST appropriate for the analyst to use?

1. A. Reputation data
2. B. CVSS score
3. C. Risk assessment
4. D. Behavioral analysis

Correct Answer: D