CS0-002

An analyst is reviewing the following code output of a vulnerability scan: Which of the following types of vulnerabilities does this MOST likely represent?A . A insecure direct object reference vulnerabilityB . An HTTP response split vulnerabilityC . A credential bypass vulnerabilityD . A XSS vulnerabilityView AnswerAnswer: C

The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?A . Whitelisting authorized IP addressesB . Enforcing more complex password requirementsC . Blacklisting unauthorized IP addressesD . Establishing a sinkhole serviceView AnswerAnswer: C

A security analyst is investigating a malware infection that occurred on a Windows system. The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage. The security analyst is trying to determine which user caused the malware to get...

Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?A . Unauthorized, unintentional, benignB . Unauthorized, intentional, maliciousC . Authorized, intentional, maliciousD . Authorized, unintentional, benignView AnswerAnswer: C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack

Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?A . AgileB . WaterfallC . SDLCD . Dynamic code analysisView AnswerAnswer: A Explanation: Reference: https://www.cleverism.com/software-development-life-cycle-sdlc-methodologies/

A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO's...

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the:A . firewall behind the VPN serverB . VPN server parallel to the firewallC . VPN server behind the...

A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?A . Public relations must receive information promptly in...

A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?A . Development of a hypothesis as part of threat...

Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?A . Self-encrypting driveB . Bus encryptionC . TPMD . HSMView AnswerAnswer: A