ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?

Question 181

Report
Export
Collapse

Due to an incident involving company devices, an incident responder needs to take a mobile phone to the lab for further investigation. Which of the following tools should be used to maintain the integrity of the mobile phone while it is transported? (Select two).

A.
Signal-shielded bag
A.
Signal-shielded bag
Answers
B.
Tamper-evident seal
B.
Tamper-evident seal
Answers
C.
Thumb drive
C.
Thumb drive
Answers
D.
Crime scene tape
D.
Crime scene tape
Answers
E.
Write blocker
E.
Write blocker
Answers
F.
Drive duplicator
F.
Drive duplicator
Answers
Suggested answer: A, B

Explanation:

A signal-shielded bag and a tamper-evident seal are tools that can be used to maintain the integrity of the mobile phone while it is transported. A signal-shielded bag prevents the phone from receiving or sending any signals that could compromise the data or evidence on the device. A tamper-evident seal ensures that the phone has not been opened or altered during the transportation.Reference:Mobile device forensics, Section: Acquisition

Question 182

Report
Export
Collapse

A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches. Which of the following would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly? (Select two).

A.
Hostname
A.
Hostname
Answers
B.
Missing KPI
B.
Missing KPI
Answers
C.
CVE details
C.
CVE details
Answers
D.
POC availability
D.
POC availability
Answers
E.
loCs
E.
loCs
Answers
F.
npm identifier
F.
npm identifier
Answers
Suggested answer: C, E

Explanation:

CVE details and IoCs are information that would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly. CVE details provide the description, severity, impact, and solution of the vulnerabilities that affect the servers. IoCs are indicators of compromise that help identify and respond to potential threats or attacks on the servers.Reference:Server and Workstation Patch Management Policy, Section: Policy;Patch Management Policy: Why You Need One in 2024, Section: What is a patch management policy?

Question 183

Report
Export
Collapse

An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason the firewall feed stopped working?

A.
The firewall service account was locked out.
A.
The firewall service account was locked out.
Answers
B.
The firewall was using a paid feed.
B.
The firewall was using a paid feed.
Answers
C.
The firewall certificate expired.
C.
The firewall certificate expired.
Answers
D.
The firewall failed open.
D.
The firewall failed open.
Answers
Suggested answer: C

Explanation:

The firewall certificate expired. If the firewall uses a certificate to authenticate and encrypt the feed, and the certificate expires, the feed will stop working until the certificate is renewed or replaced. This can affect the data enrichment process and the security analysis.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4: Security Operations and Monitoring, page 161.

Question 184

Report
Export
Collapse

A security manager is looking at a third-party vulnerability metric (SMITTEN) to improve upon the company's current method that relies on CVSSv3. Given the following:

Which of the following vulnerabilities should be prioritized?

A.
Vulnerability 1
A.
Vulnerability 1
Answers
B.
Vulnerability 2
B.
Vulnerability 2
Answers
C.
Vulnerability 3
C.
Vulnerability 3
Answers
D.
Vulnerability 4
D.
Vulnerability 4
Answers
Suggested answer: B

Explanation:

Vulnerability 2 should be prioritized as it is exploitable, has high exploit activity, and is exposed externally according to the SMITTEN metric.Reference:Vulnerability Management Metrics: 5 Metrics to Start Measuring in Your Program, Section: Vulnerability Severity.

Question 185

Report
Export
Collapse

A Chief Information Security Officer has outlined several requirements for a new vulnerability scanning project:

. Must use minimal network bandwidth

. Must use minimal host resources

. Must provide accurate, near real-time updates

. Must not have any stored credentials in configuration on the scanner

Which of the following vulnerability scanning methods should be used to best meet these requirements?

A.
Internal
A.
Internal
Answers
B.
Agent
B.
Agent
Answers
C.
Active
C.
Active
Answers
D.
Uncredentialed
D.
Uncredentialed
Answers
Suggested answer: B

Explanation:

Agent-based vulnerability scanning is a method that uses software agents installed on the target systems to scan for vulnerabilities. This method meets the requirements of the project because it uses minimal network bandwidth and host resources, provides accurate and near real-time updates, and does not require any stored credentials on the scanner.

Reference: What Is Vulnerability Scanning? Types, Tools and Best Practices, Section: Types of vulnerability scanning; CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4: Security Operations and Monitoring, page 154.

Question 186

Report
Export
Collapse

A vulnerability management team found four major vulnerabilities during an assessment and needs to provide a report for the proper prioritization for further mitigation. Which of the following vulnerabilities should have the highest priority for the mitigation process?

A.
A vulnerability that has related threats and loCs, targeting a different industry
A.
A vulnerability that has related threats and loCs, targeting a different industry
Answers
B.
A vulnerability that is related to a specific adversary campaign, with loCs found in the SIEM
B.
A vulnerability that is related to a specific adversary campaign, with loCs found in the SIEM
Answers
C.
A vulnerability that has no adversaries using it or associated loCs
C.
A vulnerability that has no adversaries using it or associated loCs
Answers
D.
A vulnerability that is related to an isolated system, with no loCs
D.
A vulnerability that is related to an isolated system, with no loCs
Answers
Suggested answer: B

Explanation:

A vulnerability that is related to a specific adversary campaign, with IoCs found in the SIEM, should have the highest priority for the mitigation process. This is because it indicates that the vulnerability is actively being exploited by a known threat actor, and that the organization's security monitoring system has detected signs of compromise. This poses a high risk of data breach, service disruption, or other adverse impacts.

Reference: How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained, Section: How to prioritize vulnerabilities step by step to avoid drowning in sea of problems; CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4: Security Operations and Monitoring, page 156.

Question 187

Report
Export
Collapse

A security analyst is reviewing events that occurred during a possible compromise. The analyst obtains the following log:

Which of the following is most likely occurring, based on the events in the log?

A.
An adversary is attempting to find the shortest path of compromise.
A.
An adversary is attempting to find the shortest path of compromise.
Answers
B.
An adversary is performing a vulnerability scan.
B.
An adversary is performing a vulnerability scan.
Answers
C.
An adversary is escalating privileges.
C.
An adversary is escalating privileges.
Answers
D.
An adversary is performing a password stuffing attack. .
D.
An adversary is performing a password stuffing attack. .
Answers
Suggested answer: B

Explanation:

Based on the events in the log, the most likely occurrence is that an adversary is performing a vulnerability scan. The log shows LDAP read operations and EDR enumerating local groups, which are indicative of an adversary scanning the system to find vulnerabilities or sensitive information. The final entry shows SMB connection attempts to multiple hosts from a single host, which could be a sign of network discovery or lateral movement.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4: Security Operations and Monitoring, page 161; Monitor logs from vulnerability scanners, Section: Reports on Nessus vulnerability data.

Question 188

Report
Export
Collapse

AXSS vulnerability was reported on one of the non-sensitive/non-mission-critical public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).

A.
Implement an IPS in front of the web server.
A.
Implement an IPS in front of the web server.
Answers
B.
Enable MFA on the website.
B.
Enable MFA on the website.
Answers
C.
Take the website offline until it is patched.
C.
Take the website offline until it is patched.
Answers
D.
Implement a compensating control in the source code.
D.
Implement a compensating control in the source code.
Answers
E.
Configure TLS v1.3 on the website.
E.
Configure TLS v1.3 on the website.
Answers
F.
Fix the vulnerability using a virtual patch at the WAF.
F.
Fix the vulnerability using a virtual patch at the WAF.
Answers
Suggested answer: D, F

Explanation:

The best recommendations to prevent an XSS vulnerability from being exploited are to implement a compensating control in the source code and to fix the vulnerability using a virtual patch at the WAF. A compensating control is a technique that mitigates the risk of a vulnerability by adding additional security measures, such as input validation, output encoding, or HTML sanitization. A virtual patch is a rule that blocks or modifies malicious requests or responses at the WAF level, without modifying the application code. These recommendations are effective, efficient, and less disruptive than the other options.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4: Security Operations and Monitoring, page 156; Cross Site Scripting Prevention Cheat Sheet, Section: XSS Defense Philosophy.

Question 189

Report
Export
Collapse

Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?

A.
Enrich the SIEM-ingested data to include all data required for triage.
A.
Enrich the SIEM-ingested data to include all data required for triage.
Answers
B.
Schedule a task to disable alerting when vulnerability scans are executing.
B.
Schedule a task to disable alerting when vulnerability scans are executing.
Answers
C.
Filter all alarms in the SIEM with low severity.
C.
Filter all alarms in the SIEM with low severity.
Answers
D.
Add a SOAR rule to drop irrelevant and duplicated notifications.
D.
Add a SOAR rule to drop irrelevant and duplicated notifications.
Answers
Suggested answer: B

Question 190

Report
Export
Collapse

An organization has tracked several incidents that are listed in the following table:

A.
140
A.
140
Answers
B.
150
B.
150
Answers
C.
160
C.
160
Answers
D.
180
D.
180
Answers
Suggested answer: C

Explanation:

The MTTD (Mean Time To Detect) is calculated by averaging the time elapsed in detecting incidents. From the given data: (180+150+170+140)/4 = 160 minutes. This is the correct answer according to the CompTIA CySA+ CS0-003 Certification Study Guide1, Chapter 4, page 161.

Reference: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4, page 153; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 4, page 161.

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms