Which of the following characteristics ensures the security of an automated information system is the most effective and economical?

Originally designed to provide necessary security

Subjected to intense security testing

Customized to meet specific security threats

Optimized prior to the addition of security

An employee received a phishing email that contained malware targeting the company. Which of the following is the best way for a security analyst to get more details about the malware and avoid disclosing information?

Use a local sandbox in a microsegmented environment

Upload the malware to the VirusTotal website

Share the malware with the EDR provider

Hire an external consultant to perform the analysis

Use a local sandbox in a microsegmented environment

An organization is planning to adopt a zero-trust architecture. Which of the following is most aligned with this approach?

Network segmentation to separate sensitive systems from the rest of the network.

Whitelisting specific IP addresses that are allowed to access the network.

Trusting users who successfully authenticate once with multifactor authentication.

Automatically trusting internal network communications over external traffic.

An analyst reviews the following web server log entries:%2E%2E/%2E%2E/%2ES2E/%2E%2E/%2E%2E/%2E%2E/etc/passwdNo attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?

Directory traversal was performed to obtain a sensitive file for further reconnaissance.

A SQL injection query took place to gather information from a sensitive file.

A PHP injection was leveraged to ensure that the sensitive file could be accessed.

Base64 was used to prevent the IPS from detecting the fully encoded string.

Directory traversal was performed to obtain a sensitive file for further reconnaissance.

An analyst receives an alert for suspicious IIS log activity and reviews the following entries:2024-05-23 15:57:05 10.203.10.16 HEAT / - 80 - 10.203.10.17 DirBuster-1.0-RC1+(http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)...Which of the following will the analyst infer from the logs?

An attacker is conducting reconnaissance of the website.

An attacker is performing network lateral movement.

An attacker is conducting reconnaissance of the website.

An attacker is exfiltrating data from the network.

An attacker is cloning the website.

A security analyst reviews a SIEM alert related to a suspicious email and wants to verify the authenticity of the message:SPF = PASSDKIM = FAILDMARC = FAILWhich of the following did the analyst most likely discover?

The message was sent from an authorized mail server but was not signed.

An insider threat altered email security records to mask suspicious DNS resolution traffic.

The message was sent from an authorized mail server but was not signed.

Log normalization corrupted the data as it was brought into the central repository.

The email security software did not process all of the records correctly.

The Chief Information Security Officer wants the same level of security to be present whether a remote worker logs in at home or at a coffee shop. Which of the following should be recommended as a starting point?

Non-persistent virtual desktop infrastructures

Which of the following is the best use of automation in cybersecurity?

Ensure faster incident detection, analysis, and response.

Eliminate configuration errors when implementing new hardware.

Lower costs by reducing the number of necessary staff.

Reduce the time for internal user access requests.

A security analyst reviews a packet capture and identifies the following output as anomalous:13:49:57.553161 TP10.203.10.17.45701>10.203.10.22.12930:Flags[FPU],seq108331482,win1024,urg0,length013:49:57.553162 IP10.203.10.17.45701>10.203.10.22.48968:Flags[FPU],seq108331482,win1024,urg0,length0...Which of the following activities explains the output?

Socat's proxying traffic using the urgent flag

The architecture team has been given a mandate to reduce the triage time of phishing incidents by 20%. Which of the following solutions will most likely help with this effort?

Increase the budget to the security awareness program.

Install a button in the mail clients to report phishing.

A vulnerability scan shows the following issues:Asset TypeCVSS ScoreExploit VectorWorkstations6.5RDP vulnerabilityStorage Server9.0Unauthorized access due to server application vulnerabilityFirewall8.9Default password vulnerabilityWeb Server10.0Zero-day vulnerability (vendor working on patch)Which of the following actions should the security analyst take first?

Contact the web systems administrator and request that they shut down the asset.

Monitor the patch releases for all items and escalate patching to the appropriate team.

Run the vulnerability scan again to verify the presence of the critical finding.

Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.

A security analyst identifies a device on which different malware was detected multiple times, even after the systems were scanned and cleaned several times. Which of the following actions would be most effective to ensure the device does not have residual malware?

Replace the hard drive and reimage the device.

Update the device and scan offline in safe mode.

Replace the hard drive and reimage the device.

Upgrade the device to the latest OS version.

Download a secondary scanner and rescan the device.

The DevSecOps team is remediating a Server-Side Request Forgery (SSRF) issue on the company's public-facing website. Which of the following is the best mitigation technique to address this issue?

Place a Web Application Firewall (WAF) in front of the web server.

Install a Cloud Access Security Broker (CASB) in front of the web server.

Put a forward proxy in front of the web server.

Implement MFA in front of the web server.

The Chief Information Security Officer (CISO) wants the same level of security to be present whether a remote worker logs in at home or at a coffee shop. Which of the following should be recommended as a starting point?

Non-persistent virtual desktop infrastructures (VDI)

Which of the following is the best authentication method to secure access to sensitive data?

Biometrics and a device with a personalized code for login

An assigned device that generates a randomized code for login

Biometrics and a device with a personalized code for login

Alphanumeric/special character username and passphrase for login

A one-time code received by email and push authorization for login

A security analyst wants to implement new monitoring controls in order to find abnormal account activity for traveling employees. Which of the following techniques would deliver the expected results?

Malicious command interpretation

A vulnerability scan shows several vulnerabilities. At the same time, a zero-day vulnerability with a CVSS score of 10 has been identified on a web server. Which of the following actions should the security analyst take first?

Contact the web systems administrator and request that they shut down the asset.

Monitor the patch releases for all items and escalate patching to the appropriate team.

Run the vulnerability scan again to verify the presence of the critical finding and the zero-day vulnerability.

Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.

CompTIA CS0-003 Practice Test 10 - Free Online Exam Prep & Questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).

Become a Premium Member for full access

Unlock Premium Member

CompTIA CS0-003 Practice Test 10

Question

CompTIA CS0-003 Practice Tests

Practice Tests