CS0-002

A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame. Which of the following is...

An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows: • Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant...

A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of...

Which of the following is the MOST important objective of a post-incident review?A . Capture lessons learned and improve incident response processesB . Develop a process for containment and continue improvement effortsC . Identify new technologies and strategies to remediateD . Identify a new management strategyView AnswerAnswer: A

A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system. Which of the following describes the type of control that is being used?A . Data encodingB . Data maskingC . Data loss preventionD . Data classificationView AnswerAnswer: C

The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST...

A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security...

An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?A . Manually log in to the service and upload data files on a regular basis.B . Have the internal...

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch. Which of the following is the MOST appropriate threat classification for these incidents?A . Known threatB . Zero dayC...

A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team’s NEXT...