CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 10 of 14.
- Question #458Incident Response and Management
Which of the following in the digital forensics process is considered a critical activity that often includes a graphical representation of process and operating system events?
digital forensicstimeline analysisincident investigationevent correlation - Question #459Security operations
A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst. Which of the following is the best way to re...
SOPsknowledge managementtrainingincident response procedures - Question #460Vulnerability management
An organization identifies a method to detect unexpected behavior, crashes, or resource leaks in a system by feeding invalid, unexpected, or random data to stress the application....
fuzzingapplication security testingvulnerability testingsoftware testing - Question #461Security operations
An organization is planning to adopt a zero-trust architecture. Which of the following is most aligned with this approach?
zero trustnetwork segmentationleast privilegeaccess control - Question #462Security operations
A systems administrator needs to gather security events with repeatable patterns from Linux log files. Which of the following would the administrator most likely use for this task?
log analysisregular expressionsBash scriptingLinux security - Question #464Incident Response and Management
A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that t...
incident responsethreat blockingEDRIP reputation - Question #465Security operations
Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target's information assets?
threat intelligenceintrusion analysisDiamond Modelattack frameworks - Question #466Incident Response and Management
In the last hour, a high volume of failed RDP authentication attempts has been logged on a critical server. All of the authentication attempts originated from the same remote IP ad...
brute-force attackRDP securityaccount lockoutfirewall rulesincident response - Question #467Incident Response and Management
A SOC receives several alerts indicating user accounts are connecting to the company's identity provider through non-secure communications. User credentials for accessing sensitive...
IDS logsincident investigationcredential theftnetwork security monitoring - Question #468Security operations
Which of the following characteristics ensures the security of an automated information system is the most effective and economical?
security by designsecure development lifecyclesystem architecturecost-effectiveness - Question #469Vulnerability management
An XSS vulnerability was reported on one of the public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application...
XSSweb application securityvulnerability remediationWAFsecure coding - Question #470Vulnerability management
A security analyst needs to identify a computer based on the following requirements to be mitigated: - The attack method is network-based with low complexity. - No privileges or us...
CVSSvulnerability assessmentrisk prioritizationvulnerability metrics - Question #471Security operations
Which of the following are process improvements that can be realized by implementing a SOAR solution? (Choose two.)
SOARsecurity automationprocess improvementsecurity orchestration - Question #472Security operations
After an upgrade to a new EDR, a security analyst received reports that several endpoints were not communicating with the SaaS provider to receive critical threat signatures. To co...
network connectivityEDR troubleshootingPowerShellTNC - Question #473Incident Response and Management
An employee received a phishing email that contained malware targeting the company. Which of the following is the best way for a security analyst to get more details about the malw...
malware analysissandboxingthreat intelligenceincident containment - Question #474Security operations
A security analyst needs to develop a solution to protect a high-value asset from an exploit like a recent zero-day attack. Which of the following best describes this risk manageme...
risk managementmitigationzero-day exploitasset protection - Question #475Reporting and Communication
Which of the following documents sets requirements and metrics for a third-party response during an event?
SLAthird-party riskincident response agreementmetrics - Question #476Vulnerability Management
A security analyst runs the following command: Which of the following should the analyst recommend first to harden the system?
system hardeningnetwork protocolsunencrypted servicesvulnerability remediation - Question #477Security operations
An analyst reviews the following web server log entries: %2E%2E/%2E%2E/%2ES2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd No attacks or malicious attempts have been discovered. Which of the fo...
directory traversalURL encodingweb server logsreconnaissance - Question #478Security operations
The Chief Information Security Officer wants the same level of security to be present whether a remote worker logs in at home or at a coffee shop. Which of the following should be...
remote work securityVDIsecurity architectureendpoint security - Question #479Incident Response and Management
Which of the following is the best use of automation in cybersecurity?
security automationSOAR benefitsincident response efficiency - Question #480Incident Response and Management
Which of the following is the appropriate phase in the incident response process to perform a vulnerability scan to determine the effectiveness of corrective actions?
incident response phasesrecovery phasevulnerability scanningcorrective actions - Question #481Security operations
Which of the following risk management decisions should be considered after evaluating all other options?
risk managementrisk acceptancerisk strategy - Question #482Security operations
An analyst receives an alert for suspicious IIS log activity and reviews the following entries: 2024-05-23 15:57:05 10.203.10.16 HEAT / - 80 - 10.203.10.17 DirBuster- 1.0- .. Which...
web server logsreconnaissanceDirBusterattack inference - Question #483Security operations
A security analyst reviews a SIEM alert related to a suspicious email and wants to verify the authenticity of the message: SPF = PASS DKIM = FAIL DMARC = FAIL Which of the followin...
email securitySPFDKIMDMARCemail spoofing - Question #484Reporting and Communication
Which of the following is a KPI that is used to monitor or report on the effectiveness of an incident response reporting and communication program?
incident response metricsKPIreportingcommunication effectiveness - Question #485Incident Response and Management
After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder. Which of the following is most likely the goal o...
forensic analysisincident responseroot cause analysispost-incident activities - Question #486Incident Response and Management
An analyst is imaging a hard drive that was obtained from the system of an employee who is suspected of going rogue. The analyst notes that the initial hash of the evidence drive d...
digital forensicsdata integritywrite blockerchain of custody - Question #487Incident Response and Management
Before adopting a disaster recovery plan, some team members need to gather in a room to review the written scenarios. Which of the following best describes what the team is doing?
disaster recoverybusiness continuitytabletop exerciseincident response planning - Question #488Vulnerability Management
During the rollout of a patch to the production environment, it was discovered that required connections to remote systems are no longer possible. Which of the following steps woul...
patch managementchange managementvalidation testingproduction environment - Question #489Reporting and Communication
Which of the following best describes the importance of KPIs in an incident response exercise?
incident response exerciseKPIperformance measurementprocess improvement - Question #490Incident Response and Management
A security team needs to demonstrate how prepared the team is in the event of a cyberattack. Which of the following would best demonstrate a real-world incident without impacting o...
incident response exercisesimulationpreparednesscyberattack readiness - Question #491Security Operations
An organization plans to use an advanced machine-learning tool as a central collection server. The tool will perform data aggregation and analysis. Which of the following should th...
SIEMlog aggregationdata analysisthreat detection - Question #492Security Operations
A corporation wants to implement an agent-based endpoint solution to help: - Flag various threats - Review vulnerability feeds - Aggregate data - Provide real-time metrics by using...
SOARautomationthreat intelligenceincident response - Question #493Vulnerability Management
After a recent vulnerability report for a server is presented, a business must decide whether to secure the company's web-based storefront or shut it down. The developer is not abl...
zero-dayWAFvulnerability mitigationweb security - Question #494Security Operations
A SOC analyst wants to improve the proactive detection of malicious emails before they are delivered to the destination inbox. Which of the following is the best approach the SOC a...
email securityDKIMSPFmalicious email detection - Question #495Vulnerability Management
A manufacturing company's assembly line machinery only functions on an end- of-life OS. Consequently, no patches exist for several highly exploitable OS vulnerabilities. Which of t...
network segmentationlegacy systemsvulnerability mitigationrisk reduction - Question #496Incident Response Management
A company is in the middle of an incident, and customer data has been breached. Which of the following should the company contact first?
incident responselegal counseldata breachcommunication plan - Question #497Security Operations
A Chief Finance Officer receives an email from someone who is possibly impersonating the company's Chief Executive Officer and requesting a financial operation. Which of the follow...
email impersonationphishingDKIMemail authentication - Question #498Vulnerability Management
A security analyst reviews the following results of a Nikto scan: Which of the following should the security administrator investigate next?
Niktovulnerability scanningweb application securityvulnerability analysis - Question #499Incident Response Management
An auditor is reviewing an evidence log associated with a cyber crime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferr...
chain of custodydigital forensicsevidence handlingcyber crime - Question #500Security Operations
A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that...
Threat IntelligenceSIEMAttack DetectionIoC Detection - Question #501Incident Response Management
Which of the following is the most likely reason for an organization to assign different internal departmental groups during the post-incident analysis and improvement process?
post-incident analysislessons learnedincident management processorganizational improvement - Question #502Security Operations
An analyst has discovered the following suspicious command: Which of the following would best describe the outcome of the command?
backdoormalware analysiscommand line analysisthreat detection - Question #503Security Operations
A company classifies security groups by risk level. Any group with a high-risk classification requires multiple levels of approval for member or owner changes. Which of the followi...
organizational governancerisk managementaccess controlsecurity policy - Question #504Security Operations
Which of the following attributes is part of the Diamond Model of Intrusion Analysis?
Diamond Modelintrusion analysisthreat intelligenceattack frameworks - Question #505Vulnerability Management
An analyst is creating the final vulnerability report for one of the company's customers. The customer asks for a scanning profile with a CVSS score of 7 or higher. The analyst has...
vulnerability scanningreportingscan integritytroubleshooting - Question #506Vulnerability Management
A security analyst is improving an organization's vulnerability management program. The analyst cross-checks the current reports with the system's infrastructure teams, but the rep...
vulnerability scanningcredentialed scanspatch managementvulnerability reporting - Question #507Security Operations
A threat intelligence analyst is updating a document according to the MITRE ATT&CK framework. The analyst detects the following behavior from a malicious actor: "The malicious acto...
MITRE ATT&CKtacticsthreat intelligenceattack frameworks - Question #508Security Operations
An analyst receives alerts that state the following traffic was identified on the perimeter network firewall: Which of the following best describes the indicator of compromise that...
Denial of Servicefirewall alertsnetwork traffic analysisIoC