CS0-002 Free Practice Test

- (Exam Topic 3)
A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment. Which of the following should the analyst do to block this activity?

1. A. Create an IPS rule to block the subnet.
2. B. Sinkhole the IP address.
3. C. Create a firewall rule to block the IP address.
4. D. Close all unnecessary open ports.

Correct Answer: B

- (Exam Topic 3)
A consultant evaluating multiple threat intelligence leads to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?

1. A. Ask for external scans from industry peers, look at the open ports, and compare Information with the client.
2. B. Discuss potential tools the client can purchase lo reduce the livelihood of an attack.
3. C. Look at attacks against similar industry peers and assess the probability of the same attacks happening.
4. D. Meet with the senior management team to determine if funding is available for recommended solutions.

Correct Answer: C

- (Exam Topic 3)
Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

1. A. To identify weaknesses in an organization's security posture
2. B. To identify likely attack scenarios within an organization
3. C. To build a business security plan for an organization
4. D. To build a network segmentation strategy

Correct Answer: B

- (Exam Topic 3)
An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

1. A. The hosts are part of a reflective denial -of -service attack.
2. B. Information is leaking from the memory of host 10.20 30.40
3. C. Sensitive data is being exfilltrated by host 192.168.1.10.
4. D. Host 291.168.1.10 is performing firewall port knocking.

Correct Answer: C

- (Exam Topic 2)
A forensic analyst took an image of a workstation that was involved in an incident To BEST ensure the image is not tampered with me analyst should use:

1. A. hashing
2. B. backup tapes
3. C. a legal hold
4. D. chain of custody.

Correct Answer: A