ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 28

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?
The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?

Question 271

Report
Export
Collapse

A penetration tester is conducting a test on an organization's software development website. The penetration tester sends the following request to the web interface:

Which of the following exploits is most likely being attempted?

A.
SQL injection
A.
SQL injection
Answers
B.
Local file inclusion
B.
Local file inclusion
Answers
C.
Cross-site scripting
C.
Cross-site scripting
Answers
D.
Directory traversal
D.
Directory traversal
Answers
Suggested answer: A

Explanation:

SQL injection is a type of attack that injects malicious SQL statements into a web application's input fields or parameters, in order to manipulate or access the underlying database. The request shown in the image contains an SQL injection attempt, as indicated by the ''UNION SELECT'' statement, which is used to combine the results of two or more queries. The attacker is trying to extract information from the database by appending the malicious query to the original one

Question 272

Report
Export
Collapse

An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?

A.
File debugging
A.
File debugging
Answers
B.
Traffic analysis
B.
Traffic analysis
Answers
C.
Reverse engineering
C.
Reverse engineering
Answers
D.
Machine isolation
D.
Machine isolation
Answers
Suggested answer: C

Explanation:

Reverse engineering is the process of analyzing a binary file to understand its structure, functionality, and behavior. It can help to identify the purpose of the binary file, such as whether it is a malicious program, a legitimate application, or a library.Reverse engineering can involve various techniques, such as disassembling, decompiling, debugging, or extracting strings or resources from the binary file123.Reverse engineering can also help to find vulnerabilities, backdoors, or hidden features in the binary file

Question 273

Report
Export
Collapse

A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning. Which of following best fits the type of scanning activity requested?

A.
Uncredentialed scan
A.
Uncredentialed scan
Answers
B.
Discqyery scan
B.
Discqyery scan
Answers
C.
Vulnerability scan
C.
Vulnerability scan
Answers
D.
Credentialed scan
D.
Credentialed scan
Answers
Suggested answer: B

Explanation:

A discovery scan is a type of web application scanning that involves identifying active, internet-facing web applications and their URIs, without performing any intrusive or in-depth tests. This type of scan can help to understand the scope and structure of a web application before conducting more comprehensive vulnerability scans12.

Reference: 1: OWASP Vulnerability Scanning Tools 2: CISA Web Application Scanning

Question 274

Report
Export
Collapse

Which of the following threat actors is most likely to target a company due to its questionable environmental policies?

A.
Hacktivist
A.
Hacktivist
Answers
B.
Organized crime
B.
Organized crime
Answers
C.
Nation-state
C.
Nation-state
Answers
D.
Lone wolf
D.
Lone wolf
Answers
Suggested answer: A

Explanation:

Hacktivists are threat actors who use cyberattacks to promote a social or political cause, such as environmentalism, human rights, or democracy. They may target companies that they perceive as violating their values or harming the public interest. Hacktivists often use techniques such as defacing websites, launching denial-of-service attacks, or leaking sensitive data to expose or embarrass their targets12.

Reference: An introduction to the cyber threat environment, page 3; What is a Threat Actor? Types & Examples of Cyber Threat Actors, section 2.

Question 275

Report
Export
Collapse

A company has decided to expose several systems to the internet, The systems are currently available internally only. A security analyst is using a subset of CVSS3.1 exploitability metrics to prioritize the vulnerabilities that would be the most exploitable when the systems are exposed to the internet. The systems and the vulnerabilities are shown below:

Which of the following systems should be prioritized for patching?

A.
brown
A.
brown
Answers
B.
grey
B.
grey
Answers
C.
blane
C.
blane
Answers
D.
sullivan
D.
sullivan
Answers
Suggested answer: C

Explanation:

The system ''blane'' with the vulnerability name ''snakedoctor'' should be prioritized for patching as it has a network attack vector (AV:N), low attack complexity (AC:L), and high availability (A:H). These metrics indicate that it would be relatively easy to exploit this vulnerability over the internet, and the system is highly available.

Reference: According to the CVSS v3.1 Specification Document, the exploitability metrics for CVSS are Attack Vector, Attack Complexity, Privileges Required, User Interaction, and Scope. These metrics measure how the vulnerability is accessed, the complexity of the attack, and the level of interaction and privileges required to exploit the vulnerability. The image shows a table with the values of these metrics for each system and vulnerability. Based on these values, the system ''blane'' has the highest exploitability score, as it has the most favorable conditions for an attacker. The other systems have either a lower attack vector, higher attack complexity, or lower availability, which make them less exploitable. Therefore, the system ''blane'' should be patched first.

Question 276

Report
Export
Collapse

An organization needs to bring in data collection and aggregation from various endpoints. Which of the following is the best tool to deploy to help analysts gather this data?

A.
DLP
A.
DLP
Answers
B.
NAC
B.
NAC
Answers
C.
EDR
C.
EDR
Answers
D.
NIDS
D.
NIDS
Answers
Suggested answer: C

Explanation:

EDR stands for Endpoint Detection and Response, which is a tool that collects and aggregates data from various endpoints, such as laptops, servers, or mobile devices. EDR helps analysts monitor, detect, and respond to threats and incidents on the endpoints. EDR is more suitable than DLP (Data Loss Prevention), NAC (Network Access Control), or NIDS (Network Intrusion Detection System) for data collection and aggregation from endpoints.

Question 277

Report
Export
Collapse

A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the team create to address this issue?

A.
Service-level agreement
A.
Service-level agreement
Answers
B.
Change management plan
B.
Change management plan
Answers
C.
Incident response plan
C.
Incident response plan
Answers
D.
Memorandum of understanding
D.
Memorandum of understanding
Answers
Suggested answer: C

Explanation:

An incident response plan (IRP) is a document that defines the roles and responsibilities, procedures, and guidelines for responding to a security incident. It helps the security team to act quickly and effectively, minimizing the impact and cost of the incident. An IRP should specify who should conduct the next steps following a security event, such as containment, eradication, recovery, and analysis12.

Reference: CompTIA CySA+ CS0-003 Certification Study Guide, page 362; 6 Incident Response Steps to Take After a Security Event, section 2.

Question 278

Report
Export
Collapse

Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization's endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor's actions?

A.
Delivery
A.
Delivery
Answers
B.
Reconnaissance
B.
Reconnaissance
Answers
C.
Exploitation
C.
Exploitation
Answers
D.
Weaponizatign
D.
Weaponizatign
Answers
Suggested answer: D

Explanation:

Weaponization is the stage of the Cyber Kill Chain where the threat actor creates or modifies a malicious tool to use against a target. In this case, the threat actor compiles and tests a malicious downloader, which is a type of weaponized malware.

Reference: Cybersecurity 101, The Cyber Kill Chain: The Seven Steps of a Cyberattack

Question 279

Report
Export
Collapse

A security analyst has identified a new malware file that has impacted the organization. The malware is polymorphic and has built-in conditional triggers that require a connection to the internet. The CPU has an idle process of at least 70%. Which of the following best describes how the security analyst can effectively review the malware without compromising the organization's network?

A.
Utilize an RDP session on an unused workstation to evaluate the malware.
A.
Utilize an RDP session on an unused workstation to evaluate the malware.
Answers
B.
Disconnect and utilize an existing infected asset off the network.
B.
Disconnect and utilize an existing infected asset off the network.
Answers
C.
Create a virtual host for testing on the security analyst workstation.
C.
Create a virtual host for testing on the security analyst workstation.
Answers
D.
Subscribe to an online service to create a sandbox environment.
D.
Subscribe to an online service to create a sandbox environment.
Answers
Suggested answer: D

Explanation:

A sandbox environment is a safe and isolated way to analyze malware without affecting the organization's network. An online service can provide a sandbox environment without requiring the security analyst to set up a virtual host or use an RDP session. Disconnecting and using an existing infected asset is risky and may not provide accurate results.

Reference: Malware Analysis: Steps & Examples, Dynamic Analysis

Question 280

Report
Export
Collapse

The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled. Which of the following should the organization utilize to best centralize the workload for the internal security team? (Select two).

A.
SOAR
A.
SOAR
Answers
B.
SIEM
B.
SIEM
Answers
C.
MSP
C.
MSP
Answers
D.
NGFW
D.
NGFW
Answers
E.
XDR
E.
XDR
Answers
F.
DLP
F.
DLP
Answers
Suggested answer: A, B

Explanation:

SOAR (Security Orchestration, Automation and Response) and SIEM (Security Information and Event Management) are solutions that can help centralize the workload for the internal security team by collecting, correlating, and analyzing alerts from different sources, such as EDR. SOAR can also automate and streamline incident response workflows, while SIEM can provide dashboards and reports for security monitoring and compliance.

Reference: What is EDR? Endpoint Detection & Response, How Does the Cyber Kill Chain Protect Against Attacks?; What is EDR Solution?, EDR solutions secure diverse endpoints through central monitoring



Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms