An organization discovered a data breach that resulted in Pll being released to the public. During the lessons learned review, the panel identified discrepancies regarding who was responsible for external reporting, as well as the timing requirements. Which of the following actions would best address the reporting issue?

Researching federal laws, regulatory compliance requirements, and organizational policies to document specific reporting SLAs

Creating a playbook denoting specific SLAs and containment actions per incident type

Researching federal laws, regulatory compliance requirements, and organizational policies to document specific reporting SLAs

Defining which security incidents require external notifications and incident reporting in addition to internal stakeholders

Designating specific roles and responsibilities within the security team and stakeholders to streamline tasks

Which of the following would an organization use to develop a business continuity plan?

A prioritized list of critical systems defined by executive leadership

A diagram of all systems and interdependent applications

A repository for all the software used by the organization

A prioritized list of critical systems defined by executive leadership

A configuration management database in print at an off-site location

A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the following is the most likely scenario occurring with the time stamps?

The NTP server is not configured on the host.

The cybersecurity analyst is looking at the wrong information.

The firewall is using UTC time.

The host with the logs is offline.

Each time a vulnerability assessment team shares the regular report with other teams, inconsistencies regarding versions and patches in the existing infrastructure are discovered. Which of the following is the best solution to decrease the inconsistencies?

Implementing a central place to manage IT assets

Implementing credentialed scanning

Changing from a passive to an active scanning approach

Implementing a central place to manage IT assets

While configuring a SIEM for an organization, a security analyst is having difficulty correlating incidents across different systems. Which of the following should be checked first?

NTP configuration on each system

If appropriate logging levels are set

NTP configuration on each system

Behavioral correlation settings

An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue?

The scanner is running in active mode.

The scanner is running without an agent installed.

The scanner is running in active mode.

The scanner is segmented improperly.

The scanner is configured with a scanning window.

A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks?

Block the attacks using firewall rules.

Deploy an IPS in the perimeter network.

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

Deploying an additional layer of access controls to verify authorized individuals

Running regular penetration tests to identify and address new vulnerabilities

Conducting regular security awareness training of employees to prevent social engineering attacks

Deploying an additional layer of access controls to verify authorized individuals

Implementing intrusion detection software to alert security teams of unauthorized access attempts

A company is concerned with finding sensitive file storage locations that are open to the public. The current internal cloud network is flat. Which of the following is the best solution to secure the network?

Implement segmentation with ACLs.

Configure logging and monitoring to the SIEM.

Deploy MFA to cloud storage locations.

A systems administrator notices unfamiliar directory names on a production server. The administrator reviews the directory listings and files, and then concludes the server has beencompromised. Which of the following steps should the administrator take next?

Follow the company's incident response plan.

Inform the internal incident response team.

Follow the company's incident response plan.

Review the lessons learned for the best approach.

Determine when the access started.

A Chief Information Security Officer wants to implement security by design, starting ...... vulnerabilities, including SQL injection, FRI, XSS, etc. Which of the following would most likely meet the requirement?

Dynamic application security testing

A security analyst reviews the following extract of a vulnerability scan that was performed against the web server: Which of the following recommendations should the security analyst provide to harden the web server?

Remove the version information on http-server-header.

Delete the /wp-login.php folder.

A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?

Identify the IP/hostname for the requests and look at the related activity.

Instruct the firewall engineer that a rule needs to be added to block this external server.

Escalate the event to an incident and notify the SOC manager of the activity.

Notify the incident response team that a DDoS attack is occurring.

Identify the IP/hostname for the requests and look at the related activity.

A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?

An administrator executed a new database replication process without notifying the SOC.

A local red team member is enumerating the local RFC1918 segment to enumerate hosts.

A threat actor has a foothold on the network and is sending out control beacons.

An administrator executed a new database replication process without notifying the SOC.

An insider threat actor is running Responder on the local segment, creating traffic replication.

A security analyst has identified a new malware file that has impacted the organization. The malware is polymorphic and has built-in conditional triggers that require a connection to the internet. The CPU has an idle process of at least 70%. Which of the following best describes how the security analyst can effectively review the malware without compromising the organization's network?

Subscribe to an online service to create a sandbox environment.

Utilize an RDP session on an unused workstation to evaluate the malware.

Disconnect and utilize an existing infected asset off the network.

Create a virtual host for testing on the security analyst workstation.

Subscribe to an online service to create a sandbox environment.

CompTIA CS0-003 Practice Test 7 - Free Online Exam Prep & Questions

During a security test, a security analyst found a critical application with a buffer overflow vulnerability. Which of the following would be best to mitigate the vulnerability at the application level?

Become a Premium Member for full access

Unlock Premium Member

CompTIA CS0-003 Practice Test 7

Question

CompTIA CS0-003 Practice Tests

Practice Tests