ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?
A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well. Which of the following is the most likely explanation?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?

Question 11

Report
Export
Collapse

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?

A.
CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/1: K/A: L
A.
CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/1: K/A: L
Answers
B.
CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
B.
CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Answers
C.
CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
C.
CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
Answers
D.
CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
D.
CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
Answers
Suggested answer: A

Explanation:

This answer matches the description of the zero-day threat. The attack vector is network (AV:N), the attack complexity is low (AC:L), no privileges are required (PR:N), no user interaction is required (UI:N), the scope is unchanged (S:U), the confidentiality and integrity impacts are high (C:H/I:H), and the availability impact is low (A:L). Official

Reference: https://nvd.nist.gov/vuln-metrics/cvss

Question 12

Report
Export
Collapse

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

A.
PAM
A.
PAM
Answers
B.
IDS
B.
IDS
Answers
C.
PKI
C.
PKI
Answers
D.
DLP
D.
DLP
Answers
Suggested answer: D

Explanation:

Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting, and blocking sensitive data in motion, in use, or at rest.

Question 13

Report
Export
Collapse

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

A.
Set an HttpOnlvflaq to force communication by HTTPS
A.
Set an HttpOnlvflaq to force communication by HTTPS
Answers
B.
Block requests without an X-Frame-Options header
B.
Block requests without an X-Frame-Options header
Answers
C.
Configure an Access-Control-Allow-Origin header to authorized domains
C.
Configure an Access-Control-Allow-Origin header to authorized domains
Answers
D.
Disable the cross-origin resource sharing header
D.
Disable the cross-origin resource sharing header
Answers
Suggested answer: C

Explanation:


Question 14

Report
Export
Collapse

Which of the following items should be included in a vulnerability scan report? (Choose two.)

A.
Lessons learned
A.
Lessons learned
Answers
B.
Service-level agreement
B.
Service-level agreement
Answers
C.
Playbook
C.
Playbook
Answers
D.
Affected hosts
D.
Affected hosts
Answers
E.
Risk score
E.
Risk score
Answers
F.
Education plan
F.
Education plan
Answers
Suggested answer: D, E

Explanation:

A vulnerability scan report should include information about the affected hosts, such as their IP addresses, hostnames, operating systems, and services. It should also include a risk score for each vulnerability, which indicates the severity and potential impact of the vulnerability on the host and the organization. Official

Reference: https://www.first.org/cvss/

Question 15

Report
Export
Collapse

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

A.
A mean time to remediate of 30 days
A.
A mean time to remediate of 30 days
Answers
B.
A mean time to detect of 45 days
B.
A mean time to detect of 45 days
Answers
C.
A mean time to respond of 15 days
C.
A mean time to respond of 15 days
Answers
D.
Third-party application testing
D.
Third-party application testing
Answers
Suggested answer: A

Explanation:

A mean time to remediate (MTTR) is a metric that measures how long it takes to fix a vulnerability after it is discovered. A MTTR of 30 days would best protect the organization from the new attacks that are exploited 45 days after a patch is released, as it would ensure that the vulnerabilities are fixed before they are exploited

Question 16

Report
Export
Collapse

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script:

Which of the following scripting languages was used in the script?

A.
PowerShel
A.
PowerShel
Answers
B.
Ruby
B.
Ruby
Answers
C.
Python
C.
Python
Answers
D.
Shell script
D.
Shell script
Answers
Suggested answer: A

Explanation:

The script uses PowerShell syntax, such as cmdlets, parameters, variables, and comments. PowerShell is a scripting language that can be used to automate tasks and manage systems.

Question 17

Report
Export
Collapse

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

A.
There is an issue with the SSL certificate causinq port 443 to become unavailable for HTTPS access
A.
There is an issue with the SSL certificate causinq port 443 to become unavailable for HTTPS access
Answers
B.
An on-path attack is being performed by someone with internal access that forces users into port 80
B.
An on-path attack is being performed by someone with internal access that forces users into port 80
Answers
C.
The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
C.
The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
Answers
D.
An error was caused by BGP due to new rules applied over the company's internal routers
D.
An error was caused by BGP due to new rules applied over the company's internal routers
Answers
Suggested answer: B

Explanation:

An on-path attack is a type of man-in-the-middle attack where an attacker intercepts and modifies network traffic between two parties. In this case, someone with internal access may be performing an on-path attack by forcing users into port 80, which is used for HTTP communication, instead of port 443, which is used for HTTPS communication. This would allow the attacker to compromise the user accounts and access the company's internal portal.

Question 18

Report
Export
Collapse

A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:

Security Policy 1006: Vulnerability Management

1- The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.

2- In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.

3- The Company shall prioritize patching of publicly available systems and services over patching of internally available system.

According to the security policy, which of the following vulnerabilities should be the highest priority to patch?

A)

B)

C)

D)

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: C

Explanation:

According to the security policy, the company shall use the CVSSv3.1 Base Score Metrics to prioritize the remediation of security vulnerabilities. Option C has the highest CVSSv3.1 Base Score of 9.8, which indicates a critical severity level. The company shall also prioritize confidentiality of data over availability of systems and data, and option C has a high impact on confidentiality (C:H). Finally, the company shall prioritize patching of publicly available systems and services over patching of internally available systems, and option C affects a public-facing web server. Official

Reference: https://www.first.org/cvss/

Question 19

Report
Export
Collapse

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?

A.
Business continuity plan
A.
Business continuity plan
Answers
B.
Vulnerability management plan
B.
Vulnerability management plan
Answers
C.
Disaster recovery plan
C.
Disaster recovery plan
Answers
D.
Asset management plan
D.
Asset management plan
Answers
Suggested answer: C

Question 20

Report
Export
Collapse

The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?

A.
Deploy a CASB and enable policy enforcement
A.
Deploy a CASB and enable policy enforcement
Answers
B.
Configure MFA with strict access
B.
Configure MFA with strict access
Answers
C.
Deploy an API gateway
C.
Deploy an API gateway
Answers
D.
Enable SSO to the cloud applications
D.
Enable SSO to the cloud applications
Answers
Suggested answer: A

Explanation:

A cloud access security broker (CASB) is a tool that can help reduce the risk of shadow IT in the enterprise by providing visibility and control over cloud applications and services. A CASB can enable policy enforcement by blocking unauthorized or risky cloud applications, enforcing data loss prevention rules, encrypting sensitive data, and detecting anomalous user behavior.

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms