ExamGecko
Search Search Login
Home Home / CompTIA / CS0-003

CompTIA CS0-003 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).
An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application. Which of the following best describes this testing methodology?
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?
A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?
The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack frameworks?
Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?

Question 301

Report
Export
Collapse

Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?

A.
To establish what information is allowed to be released by designated employees
A.
To establish what information is allowed to be released by designated employees
Answers
B.
To designate an external public relations firm to represent the organization
B.
To designate an external public relations firm to represent the organization
Answers
C.
To ensure that all news media outlets are informed at the same time
C.
To ensure that all news media outlets are informed at the same time
Answers
D.
To define how each employee will be contacted after an event occurs
D.
To define how each employee will be contacted after an event occurs
Answers
Suggested answer: A

Explanation:

Communicating with staff about the official public communication plan is important to avoid unauthorized or inaccurate disclosure of information that could harm the organization's reputation, security, or legal obligations. It also helps to ensure consistency and clarity of the messages delivered to the public and other stakeholders.

https://resources.sei.cmu.edu/asset_files/Handbook/2021_002_001_651819.pdf

Question 302

Report
Export
Collapse

An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most likely performed?

A.
RFI
A.
RFI
Answers
B.
LFI
B.
LFI
Answers
C.
CSRF
C.
CSRF
Answers
D.
XSS
D.
XSS
Answers
Suggested answer: C

Explanation:

CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. An attacker may trick the user into clicking a malicious link or submitting a forged form that performs an action on the user's behalf, such as changing their password or transferring funds. If the user has several tabs open in the browser, they may not notice the CSRF request or the resulting change in their account. Updating the browser may have cleared the user's cache or cookies, preventing them from logging in to their account after the CSRF attack.

Question 303

Report
Export
Collapse

An analyst investigated a website and produced the following:

Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?

A.
nmap -sS -T4 -F insecure.org
A.
nmap -sS -T4 -F insecure.org
Answers
B.
nmap -o insecure.org
B.
nmap -o insecure.org
Answers
C.
nmap -sV -T4 -F insecure.org
C.
nmap -sV -T4 -F insecure.org
Answers
D.
nmap -A insecure.org
D.
nmap -A insecure.org
Answers
Suggested answer: C

Question 304

Report
Export
Collapse

A security analyst scans a host and generates the following output:

Which of the following best describes the output?

A.
The host is unresponsive to the ICMP request.
A.
The host is unresponsive to the ICMP request.
Answers
B.
The host Is running a vulnerable mall server.
B.
The host Is running a vulnerable mall server.
Answers
C.
The host Is allowlng unsecured FTP connectlons.
C.
The host Is allowlng unsecured FTP connectlons.
Answers
D.
The host is vulnerable to web-based exploits.
D.
The host is vulnerable to web-based exploits.
Answers
Suggested answer: D

Explanation:

The output shows that port 80 is open and running an HTTP service, indicating that the host could potentially be vulnerable to web-based attacks.The other options are not relevant for this purpose: the host is responsive to the ICMP request, as shown by the ''Host is up'' message; the host is not running a mail server, as there is no SMTP or POP3 service detected; the host is not allowing unsecured FTP connections, as there is no FTP service detected.

Reference:According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition123, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of nmap, a popular network scanning tool, in chapter 5.Specifically, it explains the meaning and function of each option in nmap, such as ''-sV'' for version detection2, page 195. Therefore, this is a reliable source to verify the answer to the question.

Question 305

Report
Export
Collapse

A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following:

Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

A.
SQL injection
A.
SQL injection
Answers
B.
LFI
B.
LFI
Answers
C.
XSS
C.
XSS
Answers
D.
CSRF
D.
CSRF
Answers
Suggested answer: B

Explanation:

The security analyst is validating a Local File Inclusion (LFI) vulnerability, as indicated by the ''/.../.../.../'' in the GET request which is a common indicator of directory traversal attempts associated with LFI. The other options are not relevant for this purpose: SQL injection involves injecting malicious SQL statements into a database query; XSS involves injecting malicious scripts into a web page; CSRF involves tricking a user into performing an unwanted action on a web application.

According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of Burp Suite, a tool used for testing web application security, in chapter 6. Specifically, it explains the meaning and function of each component in Burp Suite, such as Repeater, which allows the security analyst to modify and resend individual requests1, page 239. Therefore, this is a reliable source to verify the answer to the question.

Question 306

Report
Export
Collapse

Results of a SOC customer service evaluation indicate high levels of dissatisfaction with the inconsistent services provided after regular work hours. To address this, the SOC lead drafts a document establishing customer expectations regarding the SOC's performance and quality of services. Which of the following documents most likely fits this description?

A.
Risk management plan
A.
Risk management plan
Answers
B.
Vendor agreement
B.
Vendor agreement
Answers
C.
Incident response plan
C.
Incident response plan
Answers
D.
Service-level agreement
D.
Service-level agreement
Answers
Suggested answer: D

Explanation:

A Service-Level Agreement (SLA) is a document that establishes customer expectations regarding the performance and quality of services provided by the SOC (Security Operations Center). It defines the level of service expected, including aspects like response times, availability, and support after regular work hours. An SLA helps in setting clear expectations and improving customer satisfaction by outlining the standards and commitments of the service provider.

Question 307

Report
Export
Collapse

A cybersecurity analyst has been assigned to the threat-hunting team to create a dynamic detection strategy based on behavioral analysis and attack patterns. Which of the following best describes what the analyst will be creating?

A.
Bots
A.
Bots
Answers
B.
loCs
B.
loCs
Answers
C.
TTPs
C.
TTPs
Answers
D.
Signatures
D.
Signatures
Answers
Suggested answer: C

Explanation:

The analyst will be creating TTPs (Tactics, Techniques, and Procedures). TTPs describe the behavior, methods, and patterns used by attackers during a cyber attack. By focusing on TTPs, the analyst can develop a dynamic detection strategy that identifies malicious activities based on the observed behavior and patterns, rather than relying on static indicators like signatures or IOCs (Indicators of Compromise).

Question 308

Report
Export
Collapse

During a tabletop exercise, engineers discovered that an ICS could not be updated due to hardware versioning incompatibility. Which of the following is the most likely cause of this issue?

A.
Legacy system
A.
Legacy system
Answers
B.
Business process interruption
B.
Business process interruption
Answers
C.
Degrading functionality
C.
Degrading functionality
Answers
D.
Configuration management
D.
Configuration management
Answers
Suggested answer: A

Explanation:

The most likely cause of the issue where an ICS (Industrial Control System) could not be updated due to hardware versioning incompatibility is a legacy system. Legacy systems often have outdated hardware and software that may not be compatible with modern updates and patches. This can pose significant challenges in maintaining security and operational efficiency.

Question 309

Report
Export
Collapse

An analyst investigated a website and produced the following:

Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-21 10:21 CDT

Nmap scan report for insecure.org (45.33.49.119)

Host is up (0.054s latency).

rDNS record for 45.33.49.119: ack.nmap.org

Not shown: 95 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.4 (protocol 2.0)

25/tcp closed smtp

80/tcp open http Apache httpd 2.4.6

113/tcp closed ident

443/tcp open ssl/http Apache httpd 2.4.6

Service Info: Host: issues.nmap.org

Service detection performed. Please report any incorrect results at https://nmap .org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 20.52 seconds

Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?

A.
nmap -sS -T4 -F insecure.org
A.
nmap -sS -T4 -F insecure.org
Answers
B.
nmap -0 insecure.org
B.
nmap -0 insecure.org
Answers
C.
nmap -sV -T4 -F insecure.org
C.
nmap -sV -T4 -F insecure.org
Answers
D.
nmap -A insecure.org
D.
nmap -A insecure.org
Answers
Suggested answer: C

Question 310

Report
Export
Collapse

A list of loCs released by a government security organization contains the SHA-256 hash for a Microsoft-signed legitimate binary, svchost. exe. Which of the following best describes the result if security teams add this indicator to their detection signatures?

A.
This indicator would fire on the majority of Windows devices.
A.
This indicator would fire on the majority of Windows devices.
Answers
B.
Malicious files with a matching hash would be detected.
B.
Malicious files with a matching hash would be detected.
Answers
C.
Security teams would detect rogue svchost. exe processes in their environment.
C.
Security teams would detect rogue svchost. exe processes in their environment.
Answers
D.
Security teams would detect event entries detailing execution of known-malicious svchost. exe processes.
D.
Security teams would detect event entries detailing execution of known-malicious svchost. exe processes.
Answers
Suggested answer: A

Explanation:

Adding the SHA-256 hash of a legitimate Microsoft-signed binary like svchost.exe to detection signatures would result in the indicator firing on the majority of Windows devices. Svchost.exe is a common and legitimate system process used by Windows, and using its hash as an indicator of compromise (IOC) would generate numerous false positives, as it would match the legitimate instances of svchost.exe running on all Windows systems.

Total 368 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms