CS0-002 Free Practice Test

- (Exam Topic 2)
A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems:
• Existence of a new and unexpected svchost exe process
• Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred
• DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

1. A. The affected hosts may participate in a coordinated DDoS attack upon command
2. B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.
3. C. Key files on the affected hosts may become encrypted and require ransom payment for unlock.
4. D. The adversary may attempt to perform a man-in-the-middle attack.

Correct Answer: C

- (Exam Topic 1)
Which of the following should be found within an organization's acceptable use policy?

1. A. Passwords must be eight characters in length and contain at least one special character.
2. B. Customer data must be handled properly, stored on company servers, and encrypted when possible
3. C. Administrator accounts must be audited monthly, and inactive accounts should be removed.
4. D. Consequences of violating the policy could include discipline up to and including termination.

Correct Answer: D

- (Exam Topic 2)
A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in

1. A. Strict input validation
2. B. Blacklisting
3. C. SQL patching
4. D. Content filtering
5. E. Output encoding

Correct Answer: A

- (Exam Topic 3)
Which of the following is a difference between SOAR and SCAP?

1. A. SOAR can be executed taster and with fewer false positives than SCAP because of advanced heunstics
2. B. SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope
3. C. SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does
4. D. SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts

Correct Answer: D

- (Exam Topic 2)
A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?

1. A. tcpdump –n –r internet.pcap host <suspicious ip>
2. B. strings internet.pcap | grep
3. C. grep –a internet.pcap
4. D. npcapd internet.pcap | grep

Correct Answer: A