CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 3 of 14.
- Question #101Security Operations
A Chief Executive Officer (CEO) is concerned the company will be exposed lo data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chie...
Data sovereigntyComplianceGeographic accessData protection - Question #102Security Operations
A security analyst needs to provide the development team with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to ser...
Secure connectivityVPNCloud networkingNetwork architecture - Question #103Vulnerability Management
A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overf...
Integer overflowSecure codingSoftware vulnerabilityInput validation - Question #104Security Operations
A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes...
Port securityMAC address filteringPhysical securityNetwork access control - Question #105Incident Response and Management
A security analyst at example.com receives SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream: Packet capture: TCP stream: Which of the follow...
Incident triageSIEM analysisPacket analysisStakeholder communication - Question #106Incident Response and Management
A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?
Digital forensicsDisk imagingdd commandEvidence collection - Question #107Incident Response and Management
While monitoring the information security notification mailbox, a security analyst notices several emails were reported as spam. Which of the following should the analyst do FIRST?
Email securityPhishing analysisIncident triageSecure sandbox - Question #108Security Operations
Company A is in the process of merging with Company B. As part of the merger, connectivity between the ERP systems must be established so pertinent financial information can be sha...
Secure integrationVPNB2B connectivityERP security - Question #109Vulnerability Management
A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before...
Vulnerability management programRisk identificationSecurity maturityProgram development - Question #110Security Operations
A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relat...
SIEMData enrichmentSecurity monitoringLog management - Question #111Incident Response and Management
A security analyst is investigating an incident related to an alert from the threat detection platform on a host (10.0.1.25) in a staging environment that could be running a crypto...
Incident containmentNetwork isolationFirewall rulesCryptomining - Question #112Incident Response and Management
An analyst is reviewing the following output as part of an incident: Which of the following is MOST likely happening?
Network traffic analysisData exfiltrationDNS tunnelingIncident analysis - Question #113Security Operations
The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or do...
DLPdata protectiondata loss prevention - Question #114Security Operations
The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of t...
BYOD security802.1Xnetwork access control - Question #115Security Operations
The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit, requests for new users at the last minute. causing the help desk...
SSOidentity managementuser onboarding - Question #116Security Operations
A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no additional security con...
IDS tuningincident detectionsecurity monitoring - Question #117Security Operations
A developer is working on a program to convert user-generated input in a web form before it is displayed by the browser. This technique is referred to as:
output encodingweb application securitycross-site scripting - Question #118Vulnerability Management
A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management...
risk acceptancerisk managementvulnerability remediation - Question #119Security Operations
Which of the following is an advantage of SOAR over SIEM?
SOARSIEMsecurity automation - Question #120Security Operations
Which of the following factors would determine the regulations placed on data under data sovereignty laws?
data sovereigntydata privacy lawsregulatory compliance - Question #121Vulnerability Management
An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to attack another vir...
hypervisor securitycloud securityvulnerability remediation - Question #122Incident Response and Management
An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following acti...
forensic analysischain of custodymemory dumpincident response - Question #123Security Operations
A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns: Which of the following...
IP addressingnetwork traffic analysissecurity monitoring - Question #124Security Operations
During the threat modeling process for a new application that a company is launching, a security analyst needs to define methods and items to take into consideration. Which of the...
threat modelingSTRIDEapplication security - Question #125Vulnerability Management
A Chief Information Security Officer has asked for a list of hosts that have critical and high- seventy findings as referenced in the CVE database. Which of the following tools wou...
vulnerability scanningNessusCVE - Question #126Security Operations
An organization wants to implement a privileged access management solution to better manage the use to emergency and privileged service accounts. Which of the following would BEST...
privileged access managementcredential vaultingservice accounts - Question #127Security Operations
A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI. Prior to the deplo...
business impact analysissensitive dataapplication deployment - Question #128Security Operations
A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country d...
supply chain securitythird-party risk managementgeopolitical risk - Question #129Security Operations
Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)
APT groupsthreat actorscyber threat intelligence - Question #130Security Operations
A security analyst was transferred to an organization's threat-hunting team to track specific activity throughout the enterprise environment. The analyst must observe and assess th...
threat huntingstack countingsecurity analytics - Question #131Security Operations
A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is th...
data minimizationdata privacycost-effective security - Question #132Incident Response and Management
An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the fol...
incident responsecontainmentcloud securitycontainer security - Question #133Vulnerability Management
A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities: Which of th...
XSS mitigationclient-side vulnerabilitiesOWASP ZAPweb application security - Question #134Vulnerability Management
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which...
secure coding practicesauthentication errorsinformation leakageapplication security - Question #135Vulnerability Management
An organization has the following risk mitigation policies: - Risks without compensating controls will be mitigated first it the risk value is greater than $50,000. - Other risk mi...
risk prioritizationrisk mitigationcompensating controlsrisk management - Question #136Security Operations
During a review of SIEM alerts, a security analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed app...
SIEM alertsfile integrity monitoringalert tuningfalse positivessecurity operations - Question #137Vulnerability Management
Which of the following is a difference between SOAR and SCAP?
SOARSCAPsecurity automationvulnerability management frameworks - Question #138Security Operations
A security analyst is reviewing WAF alerts and sees the following request: Request="GET /public/report.html?iewt=9064 AND 1=1 UNION ALL SELECT 1,NULL,table_name FROM information_sc...
SQL injectionweb application attacksWAF alertsdatabase attacks - Question #139Security Operations
A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture: Which of the following generated the above output?
packet analysistcpdumpport scanningnetwork reconnaissance - Question #140Security Operations
During routine monitoring a security analyst identified the following enterprise network traffic: Packet capture output: Which of the following BEST describes what the security ana...
packet analysisTCP connectionnetwork monitoringnetwork traffic - Question #141Incident Response and Management
An analyst is responding to an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the field. Malware w...
MDMmobile device securitymalware preventionsecurity controls - Question #142Incident Response and Management
Some hard disks need to be taken as evidence for further analysis during an incident response. Which of the following procedures must be completed FIRST for this type of evidence a...
chain of custodydigital forensicsevidence acquisitionincident response - Question #143Vulnerability Management
Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?
user acceptance testingSDLCsoftware quality assurancetesting methodologies - Question #144Security Operations
An organization wants to ensure the privacy of the data that is on its systems. Full disk encryption and DLP are already in use. Which of the following is the BEST option?
data privacygeofencingdata loss preventionsecurity controls - Question #145Security Operations
A company wants to configure the environment to allow passive network monitoring. To avoid disrupting the sensitive network, which of the following must be supported by the scanner...
network monitoringport mirroringpassive monitoringnetwork tap - Question #146Security Operations
Due to a rise in cyber attackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the custo...
MFAdata protectionPHI securityauthentication controlsaccess control - Question #147Vulnerability Management
A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported...
end-of-life systemssystem isolationair gappingunsupported softwarevulnerability mitigation - Question #148Incident Response and Management
During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware acti...
threat intelligencealert tuningsecurity automationincident response improvementIOCs - Question #149Vulnerability Management
A company uses an FTP server to support its critical business functions. The FTP server is configured as follows: - The FTP service is running with the data directory configured in...
directory traversalchrootFTP securitysecure configurationvulnerability mitigation - Question #150Security Operations
A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network. Customers are not authorized to alter the con...
change managementconfiguration managementsystem integritysecurity auditing