ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?

Question 101

Report
Export
Collapse

A company is in the process of implementing a vulnerability management program. no-lich of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?

A.
Non-credentialed scanning
A.
Non-credentialed scanning
Answers
B.
Passive scanning
B.
Passive scanning
Answers
C.
Agent-based scanning
C.
Agent-based scanning
Answers
D.
Credentialed scanning
D.
Credentialed scanning
Answers
Suggested answer: B

Explanation:

Passive scanning is a method of vulnerability identification that does not send any packets or probes to the target devices, but rather observes and analyzes the network traffic passively. Passive scanning can minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process, as it does not interfere with the normal operation of the devices or cause any network disruption. Passive scanning can also detect vulnerabilities that active scanning may miss, such as misconfigured devices, rogue devices or unauthorized traffic. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

https://www.comptia.org/certifications/cybersecurity-analyst

Question 102

Report
Export
Collapse

A security analyst must preserve a system hard drive that was involved in a litigation request Which of the following is the best method to ensure the data on the device is not modified?

A.
Generate a hash value and make a backup image.
A.
Generate a hash value and make a backup image.
Answers
B.
Encrypt the device to ensure confidentiality of the data.
B.
Encrypt the device to ensure confidentiality of the data.
Answers
C.
Protect the device with a complex password.
C.
Protect the device with a complex password.
Answers
D.
Perform a memory scan dump to collect residual data.
D.
Perform a memory scan dump to collect residual data.
Answers
Suggested answer: A

Explanation:

Generating a hash value and making a backup image is the best method to ensure the data on the device is not modified, as it creates a verifiable copy of the original data that can be used for forensic analysis. Encrypting the device, protecting it with a password, or performing a memory scan dump do not prevent the data from being altered or deleted. Verified

Reference:CompTIA CySA+ CS0-002 Certification Study Guide, page 3291

Question 103

Report
Export
Collapse

A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue?

A.
The server was configured to use SSI- to securely transmit data
A.
The server was configured to use SSI- to securely transmit data
Answers
B.
The server was supporting weak TLS protocols for client connections.
B.
The server was supporting weak TLS protocols for client connections.
Answers
C.
The malware infected all the web servers in the pool.
C.
The malware infected all the web servers in the pool.
Answers
D.
The digital certificate on the web server was self-signed
D.
The digital certificate on the web server was self-signed
Answers
Suggested answer: D

Explanation:

A digital certificate is a document that contains the public key and identity information of a web server, and is signed by a trusted third-party authority called a certificate authority (CA). A digital certificate allows the web server to establish a secure connection with the clients using the HTTPS protocol, and also verifies the authenticity of the web server. A self-signed certificate is a digital certificate that is not signed by a CA, but by the web server itself. A self-signed certificate can cause issues with the website, as it may not be trusted by the clients or their browsers. Clients may receive warnings or errors when trying to access the website, indicating that the site could not be trusted or that the connection is not secure. Official

Reference:

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.techtarget.com/searchsecurity/quiz/Sample-CompTIA-CySA-test-questions-with-answers

Question 104

Report
Export
Collapse

A security analyst is reviewing the following alert that was triggered by FIM on a critical system:

Which of the following best describes the suspicious activity that is occurring?

A.
A fake antivirus program was installed by the user.
A.
A fake antivirus program was installed by the user.
Answers
B.
A network drive was added to allow exfiltration of data
B.
A network drive was added to allow exfiltration of data
Answers
C.
A new program has been set to execute on system start
C.
A new program has been set to execute on system start
Answers
D.
The host firewall on 192.168.1.10 was disabled.
D.
The host firewall on 192.168.1.10 was disabled.
Answers
Suggested answer: C

Explanation:

A new program has been set to execute on system start is the most likely cause of the suspicious activity that is occurring, as it indicates that the malware has modified the registry keys of the system to ensure its persistence. File Integrity Monitoring (FIM) is a tool that monitors changes to files and registry keys on a system and alerts the security analyst of any unauthorized or malicious modifications. The alert triggered by FIM shows that the malware has created a new registry key under the Run subkey, which is used to launch programs automatically when the system starts. The new registry key points to a file named ''update.exe'' in the Temp folder, which is likely a malicious executable disguised as a legitimate update file. Official

Reference:

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/training/books/cysa-cs0-002-study-guide

Question 105

Report
Export
Collapse

A security analyst is trying to detect connections to a suspicious IP address by collecting the packet captures from the gateway. Which of the following commands should the security analyst consider running?

A.
tcpdump -n -r packets.pcap host [IP address]
A.
tcpdump -n -r packets.pcap host [IP address]
Answers
B.
strings packets.pcap | grep [IP Address]
B.
strings packets.pcap | grep [IP Address]
Answers
C.
grep [IP address] packets.pcap
C.
grep [IP address] packets.pcap
Answers
D.
cat packets.pcap | grep [IP Address]
D.
cat packets.pcap | grep [IP Address]
Answers
Suggested answer: A

Explanation:

tcpdump is a command-line tool that can capture and analyze network packets from a given interface or file. The -n option prevents tcpdump from resolving hostnames, which can speed up the analysis. The -r option reads packets from a file, in this case packets.pcap. The host [IP address] filter specifies that tcpdump should only display packets that have the given IP address as either the source or the destination. This command can help the security analyst detect connections to a suspicious IP address by collecting the packet captures from the gateway. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.techtarget.com/searchsecurity/quiz/Sample-CompTIA-CySA-test-questions-with-answers

https://www.reddit.com/r/CompTIA/comments/tmxx84/passed_cysa_heres_my_experience_and_how_i_studied/

Question 106

Report
Export
Collapse

Given the following CVSS string-

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/3:U/C:K/I:K/A:H

Which of the following attributes correctly describes this vulnerability?

A.
A user is required to exploit this vulnerability.
A.
A user is required to exploit this vulnerability.
Answers
B.
The vulnerability is network based.
B.
The vulnerability is network based.
Answers
C.
The vulnerability does not affect confidentiality.
C.
The vulnerability does not affect confidentiality.
Answers
D.
The complexity to exploit the vulnerability is high.
D.
The complexity to exploit the vulnerability is high.
Answers
Suggested answer: B

Explanation:

The vulnerability is network based is the correct attribute that describes this vulnerability, as it can be inferred from the CVSS string. CVSS stands for Common Vulnerability Scoring System, which is a framework that assigns numerical scores and ratings to vulnerabilities based on their characteristics and severity. The CVSS string consists of several metrics that define different aspects of the vulnerability, such as the attack vector, the attack complexity, the privileges required, the user interaction, the scope, and the impact on confidentiality, integrity and availability. The first metric in the CVSS string is the attack vector (AV), which indicates how the vulnerability can be exploited. The value of AV in this case is N, which stands for network. This means that the vulnerability can be exploited remotely over a network connection, without physical or logical access to the target system. Therefore, the vulnerability is network based. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/certifications/cybersecurity-analyst

https://packitforwarding.com/index.php/2019/01/10/comptia-cysa-common-vulnerability-scoring-system-cvss/

Question 107

Report
Export
Collapse

An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server. Which of the following compensating controls will help contain the adversary while meeting the other requirements? (Select two).

A.
Drop the tables on the database server to prevent data exfiltration.
A.
Drop the tables on the database server to prevent data exfiltration.
Answers
B.
Deploy EDR on the web server and the database server to reduce the adversaries capabilities.
B.
Deploy EDR on the web server and the database server to reduce the adversaries capabilities.
Answers
C.
Stop the httpd service on the web server so that the adversary can not use web exploits
C.
Stop the httpd service on the web server so that the adversary can not use web exploits
Answers
D.
use micro segmentation to restrict connectivity to/from the web and database servers.
D.
use micro segmentation to restrict connectivity to/from the web and database servers.
Answers
E.
Comment out the HTTP account in the / etc/passwd file of the web server
E.
Comment out the HTTP account in the / etc/passwd file of the web server
Answers
F.
Move the database from the database server to the web server.
F.
Move the database from the database server to the web server.
Answers
Suggested answer: B, D

Explanation:

Deploying EDR on the web server and the database server to reduce the adversaries capabilities and using micro segmentation to restrict connectivity to/from the web and database servers are two compensating controls that will help contain the adversary while meeting the other requirements. A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or an attack when the primary control is not feasible or effective. EDR stands for Endpoint Detection and Response, which is a tool that monitors endpoints for malicious activity and provides automated or manual response capabilities. EDR can help contain the adversary by detecting and blocking their actions, such as data exfiltration, lateral movement, privilege escalation, or command execution. Micro segmentation is a technique that divides a network into smaller segments based on policies and rules, and applies granular access controls to each segment. Micro segmentation can help contain the adversary by isolating the web and database servers from other parts of the network, and limiting the traffic that can flow between them. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/certifications/cybersecurity-analyst

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

Question 108

Report
Export
Collapse

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?

A.
Increasing training and awareness for all staff
A.
Increasing training and awareness for all staff
Answers
B.
Ensuring that malicious websites cannot be visited
B.
Ensuring that malicious websites cannot be visited
Answers
C.
Blocking all scripts downloaded from the internet
C.
Blocking all scripts downloaded from the internet
Answers
D.
Disabling all staff members' ability to run downloaded applications
D.
Disabling all staff members' ability to run downloaded applications
Answers
Suggested answer: A

Explanation:

Increasing training and awareness for all staff is the best way to address the issue of employees being enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. This issue is an example of social engineering, which is a technique that exploits human psychology and behavior to manipulate people into performing actions or divulging information that benefit the attackers. Social engineering can take many forms, such as phishing, vishing, baiting, quid pro quo, or impersonation. The best defense against social engineering is to educate and train the staff on how to recognize and avoid common social engineering tactics, such as:

Verifying the identity and legitimacy of the caller or sender before following their instructions or clicking on any links or attachments

Being wary of unsolicited or unexpected requests for information or action, especially if they involve urgency, pressure, or threats

Reporting any suspicious or anomalous activity to the security team or the appropriate authority

Following the organization's policies and procedures on security awareness and best practices

Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/certifications/cybersecurity-analyst

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

Question 109

Report
Export
Collapse

Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?

A.
MOU
A.
MOU
Answers
B.
NDA
B.
NDA
Answers
C.
BIA
C.
BIA
Answers
D.
SLA
D.
SLA
Answers
Suggested answer: D

Explanation:

SLA stands for Service Level Agreement, which is a contract that defines the various levels of maintenance to be provided by an external business vendor in a secure environment. An SLA specifies the expectations, responsibilities, and obligations of both parties, such as the scope, quality, availability, and performance of the service, as well as the metrics and methods for measuring and reporting the service level. An SLA also outlines the penalties or remedies for any breach or failure of the service level. An SLA can help ensure that the external business vendor delivers the service in a timely, consistent, and secure manner, and that the customer receives the service that meets their needs and requirements. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/certifications/cybersecurity-analyst

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

Question 110

Report
Export
Collapse

Which of the following risk management principles is accomplished by purchasing cyber insurance?

A.
Accept
A.
Accept
Answers
B.
Avoid
B.
Avoid
Answers
C.
Mitigate
C.
Mitigate
Answers
D.
Transfer
D.
Transfer
Answers
Suggested answer: D

Explanation:

Transfer is the risk management principle that is accomplished by purchasing cyber insurance. Transfer is a strategy that involves shifting the risk or its consequences to another party, such as an insurance company, a vendor, or a partner. Transfer does not eliminate the risk, but it reduces the potential impact or liability of the risk for the original party. Cyber insurance is a type of insurance that covers the losses and damages resulting from cyberattacks, such as data breaches, ransomware, denial-of-service attacks, or network disruptions. Cyber insurance can help transfer the risk of cyber incidents by providing financial compensation, legal assistance, or recovery services to the insured party. Official

Reference:

https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives

https://www.comptia.org/certifications/cybersecurity-analyst

https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms