Free CS0-002 Exam Braindumps

- (Exam Topic 1)
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

1. A. Tool A is agent based.
2. B. Tool A used fuzzing logic to test vulnerabilities.
3. C. Tool A is unauthenticated.
4. D. Tool B utilized machine learning technology.
5. E. Tool B is agent based.
6. F. Tool B is unauthenticated.

Correct Answer: CE

- (Exam Topic 3)
During an Incident, it Is determined that a customer database containing email addresses, first names, and last names was exfiltrated. Which ot the following should the security analyst do NEXT?

1. A. Consult with the legal department for regulatory impact.
2. B. Encrypt the database with available tools.
3. C. Email the customers to inform them of the breach.
4. D. Follow the incident communications process.

Correct Answer: D

- (Exam Topic 3)
In SIEM software, a security analysis selected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

1. A. Fully segregate the affected servers physically in a network segment, apart from the production network.
2. B. Collect the network traffic during the day to understand if the same activity is also occurring during business hours
3. C. Check the hash signatures, comparing them with malware databases to verify if the files are infected.
4. D. Collect all the files that have changed and compare them with the previous baseline

Correct Answer: A

- (Exam Topic 3)
While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

1. A. On a private VLAN
2. B. Full disk encrypted
3. C. Powered off
4. D. Backed up hourly
5. E. VPN accessible only
6. F. Air gapped

Correct Answer: EF

- (Exam Topic 1)
An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?

1. A. A simulated breach scenario involving the incident response team
2. B. Completion of annual information security awareness training by all employees
3. C. Tabletop activities involving business continuity team members
4. D. Completion of lessons-learned documentation by the computer security incident response team
5. E. External and internal penetration testing by a third party

Correct Answer: A