Free CS0-002 Exam Braindumps

- (Exam Topic 1)
Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

1. A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
2. B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
3. C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.
4. D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

Correct Answer: A

- (Exam Topic 1)
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

1. A. ICMP is being blocked by a firewall.
2. B. The routing tables for ping and hping3 were different.
3. C. The original ping command needed root permission to execute.
4. D. hping3 is returning a false positive.

Correct Answer: A

- (Exam Topic 3)
During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call
that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?

1. A. Wireshark
2. B. iptables
3. C. Tcpdump
4. D. Netflow

Correct Answer: D
https://learningnetwork.cisco.com/s/question/0D53i00000KszWaCAJ/netflow-vs-packet-analyzer

- (Exam Topic 1)
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

1. A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
2. B. Remove the servers reported to have high and medium vulnerabilities.
3. C. Tag the computers with critical findings as a business risk acceptance.
4. D. Manually patch the computers on the network, as recommended on the CVE website.
5. E. Harden the hosts on the network, as recommended by the NIST framework.
6. F. Resolve the monthly job issues and test them before applying them to the production network.

Correct Answer: CE

- (Exam Topic 1)
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: B