Online Access Free CS0-002 Practice Test

Which of the following are the most likely reasons to include reporting processes when updating an incident response plan after a breach? (Select two).

• A.To isolate potential insider threats
• B.To use the SLA to determine when to deliver the report
• C.To provide secure network design changes
• D.To limit reputation damage caused by the breach
• E.To meet regulatory requirements for timely reporting
• F.To remediate vulnerabilities that led to the breach

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

• A.Reverse engineering
• B.Hash signature check
• C.Dynamic analysis
• D.Memory analysis

A forensic analyst is conducting an investigation on a compromised server Which of the following should the analyst do first to preserve evidence''

• A.Back up all log files and audit trails
• B.Create a system timeline
• C.Restore damaged data from the backup media
• D.Monitor user access to compromised systems

A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details:
* Bursts of network utilization occur approximately every seven days.
* The content being transferred appears to be encrypted or obfuscated.
* A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.
* The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.
* Single file sizes are 10GB.
Which of the following describes the most likely cause of the issue?

• A.Memory consumption
• B.Botnet participant
• C.Non-standard port usage
• D.Data exfiltration
• E.System update

A security analyst is evaluating the following support ticket:
Issue: Marketing campaigns are being filtered by the customer's email servers.
Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:
* The SPF result is PermError.
* The SPF result is SoftFail or Fail.
* The 550 SPF check failed.
Which of the following should the analyst do next?

• A.Ask the marketing partner's ISP to disable the DKIM setting.
• B.Request a configuration change on the company's public DNS.
• C.Ask the customers to disable SPF validation.
• D.Request approval to disable DMARC on the company's ISP.