CS0-002 Free Practice Test

- (Exam Topic 2)
Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night.
Which of the following actions should the analyst take NEXT?

1. A. Initiate the incident response plan.
2. B. Disable the privileged account
3. C. Report the discrepancy to human resources.
4. D. Review the activity with the user.

Correct Answer: A

- (Exam Topic 3)
An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

1. A. Resetting the phone to factory settings
2. B. Rebooting the phone and installing the latest security updates
3. C. Documenting the respective chain of custody
4. D. Uninstalling any potentially unwanted programs
5. E. Performing a memory dump of the mobile device for analysis
6. F. Unlocking the device by browing the eFuse

Correct Answer: CE

- (Exam Topic 3)
A Chief Information Security Officer has asked for a list of hosts that have critical and high-severity findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

1. A. Nessus
2. B. Nikto
3. C. Fuzzer
4. D. Wireshark
5. E. Prowler

Correct Answer: A

- (Exam Topic 3)
While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

1. A. Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server
2. B. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.
3. C. Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.
4. D. Cryptomining malware is running on the server and utilizing an CPU and memor
5. E. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

Correct Answer: A

- (Exam Topic 1)
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

1. A. Social media accounts attributed to the threat actor
2. B. Custom malware attributed to the threat actor from prior attacks
3. C. Email addresses and phone numbers tied to the threat actor
4. D. Network assets used in previous attacks attributed to the threat actor
5. E. IP addresses used by the threat actor for command and control

Correct Answer: B