CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 11 of 14.
- Question #509Security Operations
A newly hired security manager in a SOC wants to improve efficiency by automating routine tasks. Which of the following SOC tasks is most suitable for automation?
SOC automationSOARincident reportingworkflow automation - Question #510Security Operations
Which of the following is a circumstance in which a security operations manager would most likely consider using automation?
security automationthreat intelligenceNIDSSTIX - Question #511Incident Response Management
A system that provides the user interface for a critical server has potentially been corrupted by malware. Which of the following is the best recommendation to ensure business cont...
system isolationmalware containmentbusiness continuityincident response - Question #512Security operations
Which of following attack methodology frameworks should a cybersecurity analyst use to identify similar TTPs utilized by nation-state actors?
MITRE ATT&CKthreat intelligenceTTPs - Question #513Vulnerability Management
During a training exercise, a security analyst must determine the vulnerabilities to prioritize. The analyst reviews the following vulnerability scan output: Which of the following...
vulnerability prioritizationvulnerability scanningrisk assessment - Question #514Security operations
An analyst is trying to capture anomalous traffic from a compromised host. Which of the following are the best tools for achieving this objective? (Choose two.)
network traffic analysispacket capturetcpdumpWireshark - Question #515Reporting and Communication
Executives want to compare certain metrics from the most recent and last reporting periods to determine whether the metrics are increasing or decreasing. Which of the following wou...
Trending analysisMetricsReportingPerformance monitoring - Question #516Vulnerability Management
A security analyst is reviewing a recent vulnerability scan report for a new server infrastructure. The analyst would like to make the best use of time by resolving the most critic...
vulnerability prioritizationrisk assessmentvulnerability management - Question #517Incident Response and Management
A SOC manager reviews metrics from the last four weeks to investigate a recurring availability issue. The manager finds similar events correlating to the times of the reported issu...
root cause analysisincident analysisproblem management - Question #518Vulnerability Management
A security analyst must assist the IT department with creating a phased plan for vulnerability patching that meets established SLAs. Which of the following vulnerability management...
vulnerability prioritizationrisk scorepatch managementSLAs - Question #519Reporting and Communication
A Chief Information Security Officer has requested a dashboard to share critical vulnerability management goals with company leadership. Which of the following would be the best to...
KPIsreportingvulnerability management metricsleadership communication - Question #520Security operations
Numerous emails were sent to a company's customer distribution list. The customers reported that the emails contained a suspicious link. The company's SOC determined the links were...
email securityDMARCphishing preventionemail authentication - Question #521Vulnerability Management
A security analyst is conducting a vulnerability assessment of a company's online store. The analyst discovers a critical vulnerability in the payment processing system that could...
vulnerability remediationcritical vulnerabilityincident responsepayment security - Question #522Vulnerability Management
Thousands of computers were compromised in the compromise was detected on only three computers during the latest vulnerability scan. An analyst conducts an after action review to d...
vulnerability scanningscan configurationnetwork scanningoperational efficiency - Question #523Incident Response and Management
A WAF weekly report shows that a daily spike occurs from the same subnet. An open-source review indicates the IP addresses belong to a legitimate internet service provider but have...
incident analysistraffic spikeWAF logsthreat intelligence - Question #524Security operations
A Chief Information Security Officer (CISO) has decided the cost to protect an asset is greater than the cost of losing the asset. Which of the following risk management principles...
risk managementrisk acceptancerisk assessment - Question #525Security operations
A company was able to reduce triage time by focusing on historical trend analysis. The business partnered with the security team to achieve a 50% reduction in phishing attempts yea...
security awareness trainingphishingrisk reductiontrend analysis - Question #526Vulnerability Management
Several incidents have occurred with a legacy web application that has had little development work completed. Which of the following is the most likely cause of the incidents?
legacy applicationsvulnerabilitiesoutdated librariesweb application security - Question #527Incident Response and Management
An incident response team is assessing attack vectors of malware that is encrypting data with ransomware. There are no indications of a network-based intrusion. Which of the follow...
ransomwareattack vectorsUSB dropincident response - Question #528Security operations
A security analyst needs to block vulnerable ports and disable legacy protocols. The analyst has ensured NetBIOS trio, Telnet, SMB, and TFTP are blocked and/or disabled. Which of t...
secure configurationprotocol securitylegacy protocolsnetwork hardening - Question #530Security Operations / Threat and Vulnerability Management - Understanding how improper input validation in XML configurations can cause application errors and how XML schema constraints (XSD) can enforce data integrity to mitigate these issues (CompTIA CySA+ or Security+ Domain: Software and Systems Security / Incident Response)
The SOC receives a number of complaints regarding a recent uptick in desktop error messages that are associated with workstation access to an internal web application. An analyst,...
XML Schema ValidationInput ValidationWeb Application SecurityXSD Constraints - Question #531Vulnerability Management
Which of the following choices is most likely to cause obstacles in vulnerability remediation?
vulnerability remediationpatch managementproprietary systemsoperational challenges - Question #532Vulnerability Management
A security analyst needs to identify services in a small, critical infrastructure ICS network. Many components in the network are likely to break if they receive malformed or unusu...
ICS securityvulnerability scanningservice identificationnetwork reconnaissance - Question #533Security operations
An analyst would like to start automatically ingesting IoCs into the EDR tool. Which of the following sources would be the most cost effective for the analyst to use?
IoC ingestionEDRThreat intelligence sourcesCost-effectiveness - Question #534Incident Response and Management
A user clicks on a malicious adware link, and the malware successfully downloads to the machine. The malware has a script that invokes command-and-control activity. Which of the fo...
Incident containmentMalware C2Firewall rulesProxy blocking - Question #535Incident Response and Management
Which of the following should be performed first when creating a BCP to ensure that all critical functions and financial implications have been considered?
BCPBusiness Impact AnalysisCritical functionsFinancial implications - Question #536Incident Response and Management
Which of the following best describes root cause analysis?
Root cause analysisIncident resolutionProblem solving - Question #537Security operations
A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The...
Threat actor typesNetwork pivotingC2 trafficNation-state - Question #538Vulnerability Management
Based on an internal assessment, a vulnerability management team wants to proactively identify risks to the infrastructure prior to production deployments. Which of the following b...
Threat modelingProactive securityVulnerability identificationSDLC security - Question #539Incident Response and Management
Which of the following best explains the importance of utilizing an incident response playbook?
Incident response playbookStandard operating proceduresEvent handling - Question #540Incident Response and Management
Which of the following defines the proper sequence of data volatility regarding the evidence collection process, from the most to least volatile?
Data volatilityEvidence collectionForensicsDigital forensics - Question #541Incident Response and Management
A security analyst needs to support an organization's legal case against a threat actor. Which of the following processes provides the best way to assist in the prosecution of the...
Chain of custodyLegal evidenceForensicsIncident documentation - Question #542Security operations
An end user forwarded an email with a file attachment to the SOC for review. The SOC analysts think the file was specially crafted for the target. Which of the following investigat...
Malware analysisSandbox environmentWiresharkEmail attachments - Question #543Security operations
Which of the following is instituting a security policy that users must lock their systems when stepping away from their desks an example of?
Administrative controlsSecurity policiesPhysical securityUser behavior - Question #544Security operations
A cybersecurity analyst is recommending a solution to ensure emails that contain links or attachments are tested before they reach a mail server. Which of the following will the an...
Email securitySandboxingMalware analysisThreat prevention - Question #545Vulnerability Management
A security analyst needs to identify an asset that should be remediated based on the following information: Which of the following assets should the analyst remediate first?
Vulnerability prioritizationAsset criticalityRisk assessmentRemediation strategy - Question #546Security operations
A security analyst runs tcpdump on the 10.203.10.22 machine and observes thousands of packets as shown below: Which of the following activities explains the tcpdump output?
Network traffic analysistcpdumpMalware beaconingC2 communication - Question #547Incident Response and Management
Which of the following is the best metric to use when reviewing and addressing findings that caused an incident?
Incident metricsMean time to remediatePost-incident analysisContinuous improvement - Question #548Security operations
A cybersecurity analyst is setting up a security control that monitors network traffic and produces an active response to a security event. Which of the following tools is the anal...
Network security controlsIntrusion Prevention SystemActive responseNetwork monitoring - Question #549Vulnerability Management
A security analyst working for an airline is prioritizing vulnerabilities found on a system. The system has the following requirements: - Can store periodically audited documents r...
Vulnerability prioritizationRisk assessmentData integrityBusiness impact - Question #550Reporting and Communication
Which of the following best describe the external requirements that are imposed for incident management communication? (Choose two).
Incident communicationRegulatory complianceFramework guidelinesExternal requirements - Question #551Security operations
A security analyst observes a high volume of SYN flags from an unexpected source toward a web application server within one hour. The traffic is not flagging for any exploit signat...
Network traffic analysisSYN floodReconnaissancePort scanning - Question #552Security operations
Which of the following features is a key component of Zero Trust architecture?
Zero Trust ArchitectureIdentity managementAuthentication - Question #553Incident Response and Management
An organization wants to establish a disaster recovery plan for critical applications that are hosted on premises. Which of the following is the first step to prepare for supportin...
Disaster recoveryBusiness continuityPrioritizationDR planning - Question #554Security operations
A junior security analyst opened ports on the company's firewall, and the company experienced a data breach. Which of the following most likely caused the data breach?
Insider threatHuman errorData breachFirewall misconfiguration - Question #555Reporting and Communication
An analyst produces a weekly endpoint status report for the management team. The report Includes specific details for each endpoint in relation to organizational baselines. Which o...
Compliance reportingEndpoint securitySecurity baselines - Question #556Security operations
A user is suspected of violating policy by logging in to a Linux VM during non-business hours. Which of the following system files is the best way to track the user's activities?
Linux loggingLog analysisUser activity monitoring/var/log/secure - Question #557Incident Response and Management
A user's computer is performing slower than the day before, and unexpected windows continually open and close. The user did not install any new programs, and after the user restart...
Incident responseMalware containmentNetwork isolationEndpoint security - Question #558Security operations
A security analyst finds an application that cannot enforce the organization's password policy. An exception is granted. As a compensating control, all users must confirm that thei...
Compensating controlsManagerial controlsPassword policySecurity controls - Question #559Incident Response and Management
A security analyst provides the management team with an after action report for a security incident. Which of the following is the management team most likely to review in order to...
Incident responseLessons learnedAfter-action reviewProcess improvement