CS0-002 Free Practice Test

- (Exam Topic 1)
Which of the following attacks can be prevented by using output encoding?

1. A. Server-side request forgery
2. B. Cross-site scripting
3. C. SQL injection
4. D. Command injection
5. E. Cross-site request forgery
6. F. Directory traversal

Correct Answer: B

- (Exam Topic 1)
Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

1. A. Self-encrypting drive
2. B. Bus encryption
3. C. TPM
4. D. HSM

Correct Answer: A

- (Exam Topic 2)
A company’s change management team has asked a security analyst to review a potential change to the email server before it is released into production. The analyst reviews the following change request:

Which of the following is the MOST likely reason for the change?

1. A. To reject email from servers that are not listed in the SPF record
2. B. To reject email from email addresses that are not digitally signed.
3. C. To accept email to the company’s domain.
4. D. To reject email from users who are not authenticated to the network.

Correct Answer: A

- (Exam Topic 3)
A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

1. A. The extended support mitigates any risk associated with the software.
2. B. The extended support contract changes this vulnerability finding to a false positive.
3. C. The company is transferring the risk for the vulnerability to the software vendor.
4. D. The company is accepting the inherent risk of the vulnerability.

Correct Answer: D

Risk Acceptance
o A risk response that involves determining that a risk is within the organization’s risk appetite and no countermeasures other than ongoing monitoring will be needed Mitigation
Control Avoidance Changing plans Transference Insurance Acceptance Low risk

- (Exam Topic 1)
A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server.
Which of the following should be done to correct the cause of the vulnerability?

1. A. Deploy a WAF in front of the application.
2. B. Implement a software repository management tool.
3. C. Install a HIPS on the server.
4. D. Instruct the developers to use input validation in the code.

Correct Answer: B