ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?

Question 171

Report
Export
Collapse

A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

A.
Scan the employee's computer with virus and malware tools.
A.
Scan the employee's computer with virus and malware tools.
Answers
B.
Review the actions taken by the employee and the email related to the event
B.
Review the actions taken by the employee and the email related to the event
Answers
C.
Contact human resources and recommend the termination of the employee.
C.
Contact human resources and recommend the termination of the employee.
Answers
D.
Assign security awareness training to the employee involved in the incident.
D.
Assign security awareness training to the employee involved in the incident.
Answers
Suggested answer: B

Explanation:

In case of a phishing attack, it's crucial to review what actions were taken by the employee and analyze the phishing email to understand its nature and impact.

Reference:CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 246;CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 255.

Question 172

Report
Export
Collapse

Which of the following is the most important reason for an incident response team to develop a formal incident declaration?

A.
To require that an incident be reported through the proper channels
A.
To require that an incident be reported through the proper channels
Answers
B.
To identify and document staff who have the authority to declare an incident
B.
To identify and document staff who have the authority to declare an incident
Answers
C.
To allow for public disclosure of a security event impacting the organization
C.
To allow for public disclosure of a security event impacting the organization
Answers
D.
To establish the department that is responsible for responding to an incident
D.
To establish the department that is responsible for responding to an incident
Answers
Suggested answer: B

Explanation:

The formal incident declaration is crucial to identify and document the staff who have the authority to declare an incident, ensuring that incidents are handled by authorized personnel.Reference:CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5: Incident Response, page 197.

Question 173

Report
Export
Collapse

During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this information?

A.
Header analysis
A.
Header analysis
Answers
B.
Packet capture
B.
Packet capture
Answers
C.
SSL inspection
C.
SSL inspection
Answers
D.
Reverse engineering
D.
Reverse engineering
Answers
Suggested answer: A

Explanation:

Header analysis is the technique of examining the metadata of an email, such as the sender, recipient, date, subject, and routing information. It can help to identify the source of a malicious email by revealing the IP address and domain name of the originator, as well as any spoofing or redirection attempts.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 240; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 249.

Question 174

Report
Export
Collapse

A security analyst needs to provide evidence of regular vulnerability scanning on the company's network for an auditing process. Which of the following is an example of a tool that can produce such evidence?

A.
OpenVAS
A.
OpenVAS
Answers
B.
Burp Suite
B.
Burp Suite
Answers
C.
Nmap
C.
Nmap
Answers
D.
Wireshark
D.
Wireshark
Answers
Suggested answer: A

Explanation:

OpenVAS is an open-source tool that performs comprehensive vulnerability scanning and assessment on the network. It can generate reports and evidence of the scan results, which can be used for auditing purposes.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 199; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 207.

Question 175

Report
Export
Collapse

An employee downloads a freeware program to change the desktop to the classic look of legacy Windows. Shortly after the employee installs the program, a high volume of random DNS queries begin to originate from the system. An investigation on the system reveals the following:

Add-MpPreference -ExclusionPath '%Program Filest\ksysconfig'

Which of the following is possibly occurring?

A.
Persistence
A.
Persistence
Answers
B.
Privilege escalation
B.
Privilege escalation
Answers
C.
Credential harvesting
C.
Credential harvesting
Answers
D.
Defense evasion
D.
Defense evasion
Answers
Suggested answer: D

Explanation:

Defense evasion is the technique of avoiding detection or prevention by security tools or mechanisms. In this case, the freeware program is likely a malware that generates random DNS queries to communicate with a command and control server or exfiltrate data. The command Add-MpPreference -ExclusionPath '%Program Filest\ksysconfig' is used to add an exclusion path to Windows Defender, which is a built-in antivirus software, to prevent it from scanning the malware folder.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 204; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 212. pr

Question 176

Report
Export
Collapse

A cybersecurity analyst has recovered a recently compromised server to its previous state. Which of the following should the analyst perform next?

A.
Eradication
A.
Eradication
Answers
B.
Isolation
B.
Isolation
Answers
C.
Reporting
C.
Reporting
Answers
D.
Forensic analysis
D.
Forensic analysis
Answers
Suggested answer: D

Explanation:

After recovering a compromised server to its previous state, the analyst should perform forensic analysis to determine the root cause, impact, and scope of the incident, as well as to identify any indicators of compromise, evidence, or artifacts that can be used for further investigation or prosecution.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 244; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 253.

Question 177

Report
Export
Collapse

Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus?

A.
Install a firewall.
A.
Install a firewall.
Answers
B.
Implement vulnerability management.
B.
Implement vulnerability management.
Answers
C.
Deploy sandboxing.
C.
Deploy sandboxing.
Answers
D.
Update the application blocklist.
D.
Update the application blocklist.
Answers
Suggested answer: C

Explanation:

Sandboxing is a technique that isolates potentially malicious programs or files in a controlled environment, preventing them from affecting the rest of the system. It can help mitigate the effects of a new ransomware attack by preventing it from encrypting or deleting important data or spreading to other devices.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 202; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 210.

Question 178

Report
Export
Collapse

During an internal code review, software called 'ACE' was discovered to have a vulnerability that allows the execution of arbitrary code. The vulnerability is in a legacy, third-party vendor resource that is used by the ACE software. ACE is used worldwide and is essential for many businesses in this industry. Developers informed the Chief Information Security Officer that removal of the vulnerability will take time. Which of the following is the first action to take?

A.
Look for potential loCs in the company.
A.
Look for potential loCs in the company.
Answers
B.
Inform customers of the vulnerability.
B.
Inform customers of the vulnerability.
Answers
C.
Remove the affected vendor resource from the ACE software.
C.
Remove the affected vendor resource from the ACE software.
Answers
D.
Develop a compensating control until the issue can be fixed permanently.
D.
Develop a compensating control until the issue can be fixed permanently.
Answers
Suggested answer: D

Explanation:

A compensating control is an alternative measure that provides a similar level of protection as the original control, but is used when the original control is not feasible or cost-effective. In this case, the CISO should develop a compensating control to mitigate the risk of the vulnerability in the ACE software, such as implementing additional monitoring, firewall rules, or encryption, until the issue can be fixed permanently by the developers.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 197; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 205.


Question 179

Report
Export
Collapse

A small company does no! have enough staff to effectively segregate duties to prevent error and fraud in payroll management. The Chief Information Security Officer (CISO) decides to maintain and review logs and audit trails to mitigate risk. Which of the following did the CISO implement?

A.
Corrective controls
A.
Corrective controls
Answers
B.
Compensating controls
B.
Compensating controls
Answers
C.
Operational controls
C.
Operational controls
Answers
D.
Administrative controls
D.
Administrative controls
Answers
Suggested answer: B

Explanation:

Compensating controls are alternative controls that provide a similar level of protection as the original controls, but are used when the original controls are not feasible or cost-effective. In this case, the CISO implemented compensating controls by reviewing logs and audit trails to mitigate the risk of error and fraud in payroll management, since segregating duties was not possible due to the small staff size

Question 180

Report
Export
Collapse

Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?

A.
Mean time to detect
A.
Mean time to detect
Answers
B.
Mean time to respond
B.
Mean time to respond
Answers
C.
Mean time to remediate
C.
Mean time to remediate
Answers
D.
Service-level agreement uptime
D.
Service-level agreement uptime
Answers
Suggested answer: A

Explanation:

Mean time to detect (MTTD) is a metric that measures how quickly an organization can identify a security incident or a malicious actor in the environment. Reducing MTTD can improve visibility and reporting of threats, as well as prevent lateral movement and data exfiltration by detecting them sooner.

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms