Free CS0-002 Exam Braindumps

- (Exam Topic 2)
During a review of vulnerability scan results an analyst determines the results may be flawed because a
control-baseline system which is used to evaluate a scanning tools effectiveness was reported as not vulnerable Consequently, the analyst verifies the scope of the scan included the control-baseline host which was available on the network during the scan. The use of a control-baseline endpoint in this scenario assists the analyst in confirming.

1. A. verification of mitigation
2. B. false positives
3. C. false negatives
4. D. the criticality index
5. E. hardening validation.

Correct Answer: A

- (Exam Topic 3)
A company experienced a security compromise due to the inappropriate disposal of one of its hardware
appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

1. A. Ensure the hardware appliance has the ability to encrypt the data before disposing of it.
2. B. Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.
3. C. Return the hardware appliance to the vendor, as the vendor is responsible for disposal.
4. D. Establish guidelines for the handling of sensitive information.

Correct Answer: B

- (Exam Topic 3)
A secutily analyst is reviewing WAF alerts and sees the following request:

Which of the following BEST describes the attack?

1. A. SQL injection
2. B. LDAP injection
3. C. Command iniection
4. D. Denial of service

Correct Answer: A

- (Exam Topic 3)
Some hard disks need to be taken as evidence for further analysis during an incident response Which of the following procedures must be completed FIRST for this type of evtdertce acquisition?

1. A. Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from non-authorized access
2. B. Build the chain-of-custody document, noting the media model senal number size vendor, date, and time of acquisition
3. C. Perform a disk sanitation using the command 8dd if=/d«T/z«ro of=/d»T/«dc b»=iM over the media that wil receive a copy of the coHected data
4. D. Execute the command #dd if=/dev/ada of=/dev/adc ba=5i2 to clone the evidence data to external media to prevent any further change

Correct Answer: B

- (Exam Topic 2)
When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

1. A. A rogue LDAP server is installed on the system and is connecting password
2. B. The analyst should recommend wiping and reinstalling the server.
3. C. A password spraying attack was used to compromise the password
4. D. The analyst should recommend that all users receive a unique password.
5. E. A rainbow tables attack was used to compromise the account
6. F. The analyst should recommend that future password hashes contains a salt.
7. G. A phishing attack was used to compromise the accoun
8. H. The analyst should recommend users install endpoint protection to disable phishing links.

Correct Answer: B