CS0-002 Free Practice Test

- (Exam Topic 1)
A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

1. A. Requirements analysis and collection planning
2. B. Containment and eradication
3. C. Recovery and post-incident review
4. D. Indicator enrichment and research pivoting

Correct Answer: A

- (Exam Topic 3)
Which of the following is an advantage of SOAR over SIEM?

1. A. SOAR is much less expensive.
2. B. SOAR reduces the amount of human intervention required.
3. C. SOAR can aggregate data from many sources.
4. D. SOAR uses more robust encryption protocols.

Correct Answer: C
SOAR systems and services tend to add a layer of workflow management. That means that SOAR deployments may actually ingest SIEM alerts and other data and then apply workflows and automation to them. SIEM and SOAR tools can be difficult to distinguish from each other, with one current difference being the broader range of tools that SOAR services integrate with. The same vendors who provide SIEM capabilities also provide SOAR systems in many cases with Splunk, Rapid7, and IBM (QRadar) all included. There are differences, however, as ITSM tools like ServiceNow play in the space as well. As an analyst, you need to know that SOAR services and tools exist and can be leveraged to cover additional elements beyond what traditional SIEM systems have historically handled.

- (Exam Topic 2)
As part of an organization’s information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?

1. A. Conduct a risk assessment based on the controls defined in the newly revised policies
2. B. Require all employees to attend updated security awareness training and sign an acknowledgement
3. C. Post the policies on the organization’s intranet and provide copies of any revised policies to all active vendors
4. D. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them

Correct Answer: B

- (Exam Topic 3)
Which of the following BEST describes HSM?

1. A. A computing device that manages cryptography, decrypts traffic, and maintains library calls
2. B. A computing device that manages digital keys, performs encryption/decryption functions, and maintains other cryptographic functions
3. C. A computing device that manages physical keys, encrypts devices, and creates strong cryptographic functions
4. D. A computing device that manages algorithms, performs entropy functions, and maintains digital signatures

Correct Answer: B

- (Exam Topic 3)
An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

1. A. Require all remote employees to sign an NDA
2. B. Enforce geofencmg to limit data accessibility
3. C. Require users to change their passwords more frequently
4. D. Update the AUP to restrict data sharing

Correct Answer: A