CS0-002 Free Practice Test

- (Exam Topic 1)
A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

1. A. Escalate the incident to management ,who will then engage the network infrastructure team to keep them informed
2. B. Depending on system critically remove each affected device from the network by disabling wired and wireless connections
3. C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation
4. D. Identify potentially affected system by creating a correlation search in the SIEM based on the networktraffic.

Correct Answer: D

- (Exam Topic 1)
A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised Which of the following would provide the BEST results?

1. A. Baseline configuration assessment
2. B. Uncredentialed scan
3. C. Network ping sweep
4. D. External penetration test

Correct Answer: D

- (Exam Topic 1)
An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

1. A. A simulated breach scenario evolving the incident response team
2. B. Completion of annual information security awareness training by ail employees
3. C. Tabtetop activities involving business continuity team members
4. D. Completion of lessons-learned documentation by the computer security incident response team
5. E. External and internal penetration testing by a third party

Correct Answer: A

- (Exam Topic 1)
A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal?

1. A. To create a system baseline
2. B. To reduce the attack surface
3. C. To optimize system performance
4. D. To improve malware detection

Correct Answer: B
Reducing the attack surface area means limiting the features and functions that are available to an attacker. For example, if I lock all doors to the facility with the exception of one, I have reduced the attack surface. Another term for reducing the attack surface area is system hardening because it involves ensuring that all systems have been hardened to the extent that is possible and still provide functionality

- (Exam Topic 2)
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:

Which of the following is the MOST likely reason for this vulnerability?

1. A. The developer set input validation protection on the specific field of search.aspx.
2. B. The developer did not set proper cross-site scripting protections in the header.
3. C. The developer did not implement default protections in the web application build.
4. D. The developer did not set proper cross-site request forgery protections.

Correct Answer: A