CS0-002 V1

A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output: Which of the following lines indicates the computer may be compromised?A . Line 1B . Line 2C ....

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?A . Create a full disk image of the server's hard drive to look for the file containing the malware.B . Run a manual antivirus...

Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below: POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/"> <request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance"></s:Body></s:Envelope> 192.168.1.22 --api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/> <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>[email protected]</a:Username></request></Login></s:Body></s:Envelope> 192.168.5.66 --api.somesite.com...

A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan: Which of the following is MOST likely a false positive?A . ICMP timestamp request remote date disclosureB . Windows SMB service enumeration via srvsvcC . Anonymous FTP enabledD ....

Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections?A . Compatibility modeB . Secure boot modeC . Native modeD . Fast boot modeView AnswerAnswer:...

A malicious hacker wants to gather guest credentials on a hotel 802.11 network. Which of the following tools is the malicious hacker going to use to gain access to information found on the hotel network?A . NiktoB . Aircrak-ngC . NessusD . tcpdumpView AnswerAnswer: B

A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack. The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices. Which of the following would BEST mitigate and improve the...

Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?A . Reverse engineeringB . FuzzingC . Penetration testingD . Network mappingView AnswerAnswer: C

An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets. Which of the following should be considered FIRST prior to disposing of the electronic data?A . Sanitization policyB . Data sovereigntyC . Encryption policyD . Retention standardsView AnswerAnswer: D

Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet. Which of the following would BEST provide this solution?A . File fingerprintingB . Decomposition of malwareC . Risk evaluationD . SandboxingView AnswerAnswer: A