CS0-002 Free Practice Test

- (Exam Topic 1)
Which of the following is the MOST important objective of a post-incident review?

1. A. Capture lessons learned and improve incident response processes
2. B. Develop a process for containment and continue improvement efforts
3. C. Identify new technologies and strategies to remediate
4. D. Identify a new management strategy

Correct Answer: A

- (Exam Topic 3)
A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:


Winch of the following actions should the security analyst lake NEXT?

1. A. Review the known Apache vulnerabilities to determine if a compromise actually occurred
2. B. Contact the application owner for connect example local tor additional information
3. C. Mark the alert as a false positive scan coming from an approved source.
4. D. Raise a request to the firewall team to block 203.0.113.15.

Correct Answer: D

- (Exam Topic 2)
An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?

1. A. Software-based drive encryption
2. B. Hardware security module
3. C. Unified Extensible Firmware Interface
4. D. Trusted execution environment

Correct Answer: D

- (Exam Topic 1)
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

1. A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report
2. B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
3. C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate
4. D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltratio
5. E. fix any vulnerabilities, remediate, and report.

Correct Answer: A

- (Exam Topic 2)
Understanding attack vectors and integrating intelligence sources are important components of:

1. A. proactive threat hunting
2. B. risk management compliance.
3. C. a vulnerability management plan.
4. D. an incident response plan.

Correct Answer: C
threat hunting activities.
* 1. Establishing a hypothesis,
* 2. Profile threat actors/activities,
* 3. Threat hunting tactics,
* 4. Reducing attack surface,
* 5. Bundle critical systems/assets into groups/protected zones,
* 6. Attack vectors understood, assessed and addressed
* 7. Integrated intelligence
* 8. Improving detection capabilities.