ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?
A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well. Which of the following is the most likely explanation?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?

Question 21

Report
Export
Collapse

An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?

A.
CDN
A.
CDN
Answers
B.
Vulnerability scanner
B.
Vulnerability scanner
Answers
C.
DNS
C.
DNS
Answers
D.
Web server
D.
Web server
Answers
Suggested answer: C

Explanation:

A distributed denial-of-service (DDoS) attack is a type of cyberattack that aims to overwhelm a target's network or server with a large volume of traffic from multiple sources. A common technique for launching a DDoS attack is to compromise DNS servers, which are responsible for resolving domain names into IP addresses. By flooding DNS servers with malicious requests, attackers can disrupt the normal functioning of the internet and prevent users from accessing external SaaS resources. Official

Reference: https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/cyber-kill-chain-seven-steps-cyberattack/

Question 22

Report
Export
Collapse

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

A.
Weaponization
A.
Weaponization
Answers
B.
Reconnaissance
B.
Reconnaissance
Answers
C.
Delivery
C.
Delivery
Answers
D.
Exploitation
D.
Exploitation
Answers
Suggested answer: D

Explanation:

The Cyber Kill Chain is a framework that describes the stages of a cyberattack from reconnaissance to actions on objectives. The exploitation stage is where attackers take advantage of the vulnerabilities they have discovered in previous stages to further infiltrate a target's network and achieve their objectives. In this case, the malicious actor has gained access to an internal network by means of social engineering and does not want to lose access in order to continue the attack. This indicates that the actor is in the exploitation stage of the Cyber Kill Chain. Official

Reference: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Question 23

Report
Export
Collapse

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?

A.
Exploitation
A.
Exploitation
Answers
B.
Reconnaissance
B.
Reconnaissance
Answers
C.
Command and control
C.
Command and control
Answers
D.
Actions on objectives
D.
Actions on objectives
Answers
Suggested answer: B

Explanation:

Reconnaissance is the first stage in the Cyber Kill Chain and involves researching potential targets before carrying out any penetration testing. The reconnaissance stage may include identifying potential targets, finding their vulnerabilities, discovering which third parties are connected to them (and what data they can access), and exploring existing entry points as well as finding new ones. Reconnaissance can take place both online and offline. In this case, an analyst finds that an IP address outside of the company network is being used to run network and vulnerability scans across external-facing assets. This indicates that the analyst is witnessing reconnaissance activity by an attacker. Official

Reference: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Question 24

Report
Export
Collapse

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)

A.
Beaconinq
A.
Beaconinq
Answers
B.
Domain Name System hijacking
B.
Domain Name System hijacking
Answers
C.
Social engineering attack
C.
Social engineering attack
Answers
D.
On-path attack
D.
On-path attack
Answers
E.
Obfuscated links
E.
Obfuscated links
Answers
F.
Address Resolution Protocol poisoning
F.
Address Resolution Protocol poisoning
Answers
Suggested answer: C, E

Explanation:

A social engineering attack is a type of cyberattack that relies on manipulating human psychology rather than exploiting technical vulnerabilities. A social engineering attack may involve deceiving, persuading, or coercing users into performing actions that benefit the attacker, such as clicking on malicious links, divulging sensitive information, or granting access to restricted resources. An obfuscated link is a link that has been disguised or altered to hide its true destination or purpose. Obfuscated links are often used by attackers to trick users into visiting malicious websites or downloading malware. In this case, an incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. This indicates that the analyst is witnessing a social engineering attack using obfuscated links.

Question 25

Report
Export
Collapse

During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?

A.
Conduct regular red team exercises over the application in production
A.
Conduct regular red team exercises over the application in production
Answers
B.
Ensure that all implemented coding libraries are regularly checked
B.
Ensure that all implemented coding libraries are regularly checked
Answers
C.
Use application security scanning as part of the pipeline for the CI/CDflow
C.
Use application security scanning as part of the pipeline for the CI/CDflow
Answers
D.
Implement proper input validation for any data entry form
D.
Implement proper input validation for any data entry form
Answers
Suggested answer: C

Explanation:

Application security scanning is a process that involves testing and analyzing applications for security vulnerabilities, such as injection flaws, broken authentication, cross-site scripting, and insecure configuration. Application security scanning can help identify and fix security issues before they become exploitable by attackers. Using application security scanning as part of the pipeline for the continuous integration/continuous delivery (CI/CD) flow can help mitigate the problem of finding the same vulnerabilities in a critical application during security scanning. This is because application security scanning can be integrated into the development lifecycle and performed automatically and frequently as part of the CI/CD process.

Question 26

Report
Export
Collapse

An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?

A.
Proprietary systems
A.
Proprietary systems
Answers
B.
Legacy systems
B.
Legacy systems
Answers
C.
Unsupported operating systems
C.
Unsupported operating systems
Answers
D.
Lack of maintenance windows
D.
Lack of maintenance windows
Answers
Suggested answer: A

Explanation:

Proprietary systems are systems that are owned and controlled by a specific vendor or manufacturer, and that use proprietary standards or protocols that are not compatible with other systems. Proprietary systems can pose a challenge for vulnerability management, as they may not allow users to access or modify their configuration, update their software, or patch their vulnerabilities. In this case, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. This indicates that these systems and associated vulnerabilities are examples of proprietary systems as inhibitors to remediation

Question 27

Report
Export
Collapse

The security team reviews a web server for XSS and runs the following Nmap scan:

Which of the following most accurately describes the result of the scan?

A.
An output of characters > and ' as the parameters used m the attempt
A.
An output of characters > and ' as the parameters used m the attempt
Answers
B.
The vulnerable parameter ID hccp://l72.31.15.2/1.php?id-2 and unfiltered characters returned
B.
The vulnerable parameter ID hccp://l72.31.15.2/1.php?id-2 and unfiltered characters returned
Answers
C.
The vulnerable parameter and unfiltered or encoded characters passed > and ' as unsafe
C.
The vulnerable parameter and unfiltered or encoded characters passed > and ' as unsafe
Answers
D.
The vulnerable parameter and characters > and ' with a reflected XSS attempt
D.
The vulnerable parameter and characters > and ' with a reflected XSS attempt
Answers
Suggested answer: D

Explanation:

A cross-site scripting (XSS) attack is a type of web application attack that injects malicious code into a web page that is then executed by the browser of a victim user. A reflected XSS attack is a type of XSS attack where the malicious code is embedded in a URL or a form parameter that is sent to the web server and then reflected back to the user's browser. In this case, the Nmap scan shows that the web server is vulnerable to a reflected XSS attack, as it returns the characters > and ' without any filtering or encoding. The vulnerable parameter is id in the URL http://172.31.15.2/1.php?id=2.

Question 28

Report
Export
Collapse

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?

A.
function w() { a=$(ping -c 1 $1 | awk-F ''/'' 'END{print $1}') && echo ''$1 | $a'' }
A.
function w() { a=$(ping -c 1 $1 | awk-F ''/'' 'END{print $1}') && echo ''$1 | $a'' }
Answers
B.
function x() { b=traceroute -m 40 $1 | awk 'END{print $1}') && echo ''$1 | $b'' }
B.
function x() { b=traceroute -m 40 $1 | awk 'END{print $1}') && echo ''$1 | $b'' }
Answers
C.
function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ''.in-addr'' '{print $1}').origin.asn.cymru.com TXT +short }
C.
function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ''.in-addr'' '{print $1}').origin.asn.cymru.com TXT +short }
Answers
D.
function z() { c=$(geoiplookup$1) && echo ''$1 | $c'' }
D.
function z() { c=$(geoiplookup$1) && echo ''$1 | $c'' }
Answers
Suggested answer: C

Explanation:

The shell script function that could help identify possible network addresses from different source networks belonging to the same company and region is:

function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ''.in-addr'' '{print $1}').origin.asn.cymru.com TXT +short }

This function takes an IP address as an argument and performs two DNS lookups using the dig command. The first lookup uses the -x option to perform a reverse DNS lookup and get the hostname associated with the IP address. The second lookup uses the origin.asn.cymru.com domain to get the autonomous system number (ASN) and other information related to the IP address, such as the country code, registry, or allocation date. The function then prints the IP address and the ASN information, which can help identify any network addresses that belong to the same ASN or region

Question 29

Report
Export
Collapse

A security analyst is writing a shell script to identify IP addresses from the same country. Which of the following functions would help the analyst achieve the objective?

A.
function w() { info=$(ping -c 1 $1 | awk -F ''/'' 'END{print $1}') && echo ''$1 | $info'' }
A.
function w() { info=$(ping -c 1 $1 | awk -F ''/'' 'END{print $1}') && echo ''$1 | $info'' }
Answers
B.
function x() { info=$(geoiplookup $1) && echo ''$1 | $info'' }
B.
function x() { info=$(geoiplookup $1) && echo ''$1 | $info'' }
Answers
C.
function y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) && echo ''$1 | $info'' }
C.
function y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) && echo ''$1 | $info'' }
Answers
D.
function z() { info=$(traceroute -m 40 $1 | awk 'END{print $1}') && echo ''$1 | $info'' }
D.
function z() { info=$(traceroute -m 40 $1 | awk 'END{print $1}') && echo ''$1 | $info'' }
Answers
Suggested answer: B

Explanation:

The function that would help the analyst identify IP addresses from the same country is:

function x() { info=$(geoiplookup $1) && echo ''$1 | $info'' }

This function takes an IP address as an argument and uses the geoiplookup command to get the geographic location information associated with the IP address, such as the country name, country code, region, city, or latitude and longitude. The function then prints the IP address and the geographic location information, which can help identify any IP addresses that belong to the same country.

Question 30

Report
Export
Collapse

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment:

Which of the following should be completed first to remediate the findings?

A.
Ask the web development team to update the page contents
A.
Ask the web development team to update the page contents
Answers
B.
Add the IP address allow listing for control panel access
B.
Add the IP address allow listing for control panel access
Answers
C.
Purchase an appropriate certificate from a trusted root CA
C.
Purchase an appropriate certificate from a trusted root CA
Answers
D.
Perform proper sanitization on all fields
D.
Perform proper sanitization on all fields
Answers
Suggested answer: D

Explanation:

The first action that should be completed to remediate the findings is to perform proper sanitization on all fields. Sanitization is a process that involves validating, filtering, or encoding any user input or data before processing or storing it on a system or application. Sanitization can help prevent various types of attacks, such as cross-site scripting (XSS), SQL injection, or command injection, that exploit unsanitized input or data to execute malicious scripts, commands, or queries on a system or application. Performing proper sanitization on all fields can help address the most critical and common vulnerability found during the vulnerability assessment, which is XSS.

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms