CSO-002 V2 STUDY GUIDE QUESTIONS
AND VERIFIED ANSWERS|| 2024\2025
Which of the following is the software development process by which
function, usability, and scenarios are tested against a known set of base
requirements?
A. Security regression testing
B. Code review
C. User acceptance testing
D. Stress testing - ANSWER- C. User acceptance testing
A security analyst discovers the following firewall log entries during an
incident:
Which of the following is MOST likely occurring?
A. Banner grabbing
,B. Port scanning
C. Beaconing
D. Data exfiltration - ANSWER- B. Port scanning
A security analyst is revising a company's MFA policy to prohibit the
use of short message service (SMS) tokens. The Chief Information
Officer has
questioned this decision and asked for justification. Which of the
following should the analyst provide as justification for the new policy?
A. SMS relies on untrusted, third-party carrier networks.
B. SMS tokens are limited to eight numerical characters.
C. SMS is not supported on all handheld devices in use.
D. SMS is a cleartext protocol and does not support encryption. -
ANSWER- D. SMS is a cleartext protocol and does not support
encryption.
During an incident response procedure, a security analyst collects a hard
drive to analyze a possible vector of compromise. There is a Linux swap
partition on the hard drive that needs to be checked. Which of the
following should the analyst use to extract human-readable content from
the
partition?
A. strings
B. head
C. fsstat
,D. dd - ANSWER- A. strings
A consultant is evaluating multiple threat intelligence feeds to assess
potential risks for a client. Which of the following is the BEST approach
for
the consultant to consider when modeling the client's attack surface?
A. Ask for external scans from industry peers, look at the open ports,
and compare information with the client.
B. Discuss potential tools the client can purchase to reduce the
likelihood of an attack.
C. Look at attacks against similar industry peers and assess the
probability of the same attacks happening.
D. Meet with the senior management team to determine if funding is
available for recommended solutions. - ANSWER- C. Look at attacks
against similar industry peers and assess the probability of the same
attacks happening.
A development team has asked users to conduct testing to ensure an
application meets the needs of the business. Which of the following
types
of testing does this describe?
A. Acceptance testing
B. Stress testing
C. Regression testing
D. Penetration testing - ANSWER- A. Acceptance testing
, An analyst receives artifacts from a recent intrusion and is able to pull a
domain, IP address, email address, and software version. Which of the
following points of the Diamond Model of Intrusion Analysis does this
intelligence represent?
A. Infrastructure
B. Capabilities
C. Adversary
D. Victims - ANSWER- A. Infrastructure
While conducting a network infrastructure review, a security analyst
discovers a laptop that is plugged into a core switch and hidden behind a
desk. The analyst sees the following on the laptop's screen:
[*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-
SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-
SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-
SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.115
[SMBv2] NTLMv2-SSP Username : CORP\jsmith
[SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7...
[*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-
SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-
SHARE-A
AND VERIFIED ANSWERS|| 2024\2025
Which of the following is the software development process by which
function, usability, and scenarios are tested against a known set of base
requirements?
A. Security regression testing
B. Code review
C. User acceptance testing
D. Stress testing - ANSWER- C. User acceptance testing
A security analyst discovers the following firewall log entries during an
incident:
Which of the following is MOST likely occurring?
A. Banner grabbing
,B. Port scanning
C. Beaconing
D. Data exfiltration - ANSWER- B. Port scanning
A security analyst is revising a company's MFA policy to prohibit the
use of short message service (SMS) tokens. The Chief Information
Officer has
questioned this decision and asked for justification. Which of the
following should the analyst provide as justification for the new policy?
A. SMS relies on untrusted, third-party carrier networks.
B. SMS tokens are limited to eight numerical characters.
C. SMS is not supported on all handheld devices in use.
D. SMS is a cleartext protocol and does not support encryption. -
ANSWER- D. SMS is a cleartext protocol and does not support
encryption.
During an incident response procedure, a security analyst collects a hard
drive to analyze a possible vector of compromise. There is a Linux swap
partition on the hard drive that needs to be checked. Which of the
following should the analyst use to extract human-readable content from
the
partition?
A. strings
B. head
C. fsstat
,D. dd - ANSWER- A. strings
A consultant is evaluating multiple threat intelligence feeds to assess
potential risks for a client. Which of the following is the BEST approach
for
the consultant to consider when modeling the client's attack surface?
A. Ask for external scans from industry peers, look at the open ports,
and compare information with the client.
B. Discuss potential tools the client can purchase to reduce the
likelihood of an attack.
C. Look at attacks against similar industry peers and assess the
probability of the same attacks happening.
D. Meet with the senior management team to determine if funding is
available for recommended solutions. - ANSWER- C. Look at attacks
against similar industry peers and assess the probability of the same
attacks happening.
A development team has asked users to conduct testing to ensure an
application meets the needs of the business. Which of the following
types
of testing does this describe?
A. Acceptance testing
B. Stress testing
C. Regression testing
D. Penetration testing - ANSWER- A. Acceptance testing
, An analyst receives artifacts from a recent intrusion and is able to pull a
domain, IP address, email address, and software version. Which of the
following points of the Diamond Model of Intrusion Analysis does this
intelligence represent?
A. Infrastructure
B. Capabilities
C. Adversary
D. Victims - ANSWER- A. Infrastructure
While conducting a network infrastructure review, a security analyst
discovers a laptop that is plugged into a core switch and hidden behind a
desk. The analyst sees the following on the laptop's screen:
[*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-
SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-
SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-
SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.115
[SMBv2] NTLMv2-SSP Username : CORP\jsmith
[SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7...
[*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-
SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-
SHARE-A
