CS0-002 Free Practice Test

- (Exam Topic 1)
A security analyst is providing a risk assessment for a medical device that will be installed on the corporate
network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.
Which of the following risk actions has the security committee taken?

1. A. Risk exception
2. B. Risk avoidance
3. C. Risk tolerance
4. D. Risk acceptance

Correct Answer: D

- (Exam Topic 1)
Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

1. A. Unauthorized, unintentional, benign
2. B. Unauthorized, intentional, malicious
3. C. Authorized, intentional, malicious
4. D. Authorized, unintentional, benign

Correct Answer: C
Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack

- (Exam Topic 2)
An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected A security analyst reviews the DNS entry and sees the following:
v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robustmail.com –all
The organization's primary mail server IP is 180.10 6.6, and the secondary mail server IP is 180.10.6.5. The organization's third-party mail provider is "Robust Mail" with the domain name robustmail.com.
Which of the following is the MOST likely reason for the rejected emails?

1. A. The wrong domain name is in the SPF record.
2. B. The primary and secondary email server IP addresses are out of sequence.
3. C. SPF version 1 does not support third-party providers
4. D. An incorrect IP version is being used.

Correct Answer: A

- (Exam Topic 3)
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
• Successful administrator login reporting priority - high
• Failed administrator login reporting priority - medium
• Failed temporary elevated permissions - low
• Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following: Which of the following events is the HIGHEST reporting priority?

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: A

- (Exam Topic 3)
While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

1. A. Block the sender In the email gateway.
2. B. Delete the email from the company's email servers.
3. C. Ask the sender to stop sending messages.
4. D. Review the message in a secure environment.

Correct Answer: D