CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 4 of 14.
- Question #151Incident Response and Management
A security analyst is investigating a reported phishing attempt that was received by many users throughout the company. The text of one of the emails is shown below: Due to the siz...
phishing investigationDNS lookupthreat intelligence gatheringincident response tools - Question #152Security Operations
A company's legal and accounting teams have decided it would be more cost-effective to offload the risks of data storage to a third party. The IT management team has decided to imp...
CASBcloud securitydata storagerisk offloadingSaaS security - Question #153Incident Response and Management
While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps shou...
log analysisattack identificationweb server security - Question #154Incident Response and Management
A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the tea...
incident response planroles and responsibilitieslessons learned - Question #155Security Operations
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation te...
geoblockingnetwork securityfirewall rulesthreat mitigation - Question #156Vulnerability Management
An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several...
zero-day exploitIPS/SIEMapplication securityaccess control - Question #157Vulnerability Management
A penetration tester submitted data to a form in a web application, which enabled the penetration tester to retrieve user credentials. Which of the following should be recommended...
web application securityinput validationpenetration testingvulnerability remediation - Question #158Reporting and Communication
A cybersecurity team lead is developing metrics to present in the weekly executive briefs. Executives are interested in knowing how long it takes to stop the spread of malware that...
security metricsincident response metricsmean time to containreporting - Question #159Incident Response and Management
An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has: - created the initial evidence log. - disabled the...
malware remediationincident responsereimagingsystem recovery - Question #160Security Operations
A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that cryptomining is occurring. Which of the followin...
cloud securitycryptominingindicators of compromiseresource utilization - Question #161Reporting and Communication
A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations...
incident escalationreporting policylegal departmentinappropriate use - Question #162Vulnerability Management
Given the following CVSS string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Which of the following attributes correctly describes this vulnerability?
CVSSvulnerability scoringattack vectorvulnerability attributes - Question #163Vulnerability Management
A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabi...
vulnerability prioritizationCVSSv3.1data integrityrisk assessment - Question #164Vulnerability Management
Patches for two highly exploited vulnerabilities were released on the same Friday afternoon. Information about the systems and vulnerabilities is shown in the tables below: Which o...
vulnerability prioritizationpatch managementrisk assessmentexploitability - Question #165Incident Response and Management
A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not mo...
digital forensicsevidence preservationhashingdisk imagingchain of custody - Question #166Incident Response and Management
Which of the following best describes the goal of a tabletop exercise?
tabletop exerciseincident response testingscenario planning - Question #167Security Operations
A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the...
web server securitydigital certificatesself-signed certificatesuser trust - Question #168Security Operations
A zero-day command injection vulnerability was published. A security administrator is analyzing the following logs for evidence of adversaries attempting to exploit the vulnerabili...
log analysiscommand injectionzero-dayexploit detection - Question #169Vulnerability Management
A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the res...
asset valuationdata classificationrisk managementsecurity prioritizationconfidentiality, integrity, availability - Question #170Security Operations
A security analyst is reviewing the following alert that was triggered by FIM on a critical system: Which of the following best describes the suspicious activity that is occurring?
FIM (File Integrity Monitoring)alert analysismalware persistenceindicators of compromise - Question #171Reporting and Communication
Which of the following best describes the document that defines the expectation to network customers that patching will only occur between 2:00 a.m. and 4:00 a.m.?
SLAservice level agreementpatching windowoperational agreements - Question #172Security Operations
A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server. Which of the following best desc...
SIEM analysisbeaconingindicators of compromisenetwork traffic analysis - Question #173Incident Response and Management
An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement com...
Incident containmentCompensating controlsMicrosegmentationEDR - Question #174Incident Response and Management
An incident response team member is triaging a Linux server. The output is shown below: Which of the following is the adversary most likely trying to do?
Linux forensicsAdversary tacticsService account compromiseIncident analysis - Question #175Vulnerability Management
A SOC analyst identifies the following content while examining the output of a debugger command over a client-server application: getConnection(database01,"alpha" ,"AxTv.127GdCx94G...
Application securityHard-coded credentialsVulnerability identificationCode review - Question #176Vulnerability Management
A technician is analyzing output from a popular network mapping tool for a PCI audit: Which of the following best describes the output?
Network scanningCipher suitesPCI complianceVulnerability assessment - Question #177Security operations
A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network....
Security automationSOARSecurity operationsWorkload management - Question #178Incident Response and Management
An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step t...
Digital forensicsEvidence preservationLegal holdForensic imaging - Question #179Security operations
An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat acto...
Threat intelligenceThreat actorsNation-state actorsAPT - Question #180Security operations
A systems analyst is limiting user access to system configuration keys and values in a Windows environment. Which of the following describes where the analyst can find these config...
Windows securitySystem configurationRegistryAccess control - Question #181Security operations
While reviewing web server logs, a security analyst found the following line: < IMG SRC='vbscript:msgbox("test")' > Which of the following malicious activities was attempted?
Web vulnerabilitiesCross-site scripting (XSS)Web log analysisInput validation - Question #182Security operations
A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site's standard VPN lo...
Social engineeringPhishingNetwork traffic analysisIncident detection - Question #183Vulnerability Management
A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the scan of the network. W...
Vulnerability scanningNon-credentialed scanAsset visibilityRegistry enumeration - Question #184Incident Response and Management
A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst us...
Local File Inclusion (LFI)Web server logsExploit patternsLinux security - Question #185Vulnerability Management
A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices...
Vulnerability scanningOT/ICS securityPassive scanningRisk minimization - Question #186Vulnerability Management
A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a ra...
Vulnerability managementAsset decommissioningRisk assessmentPatch management - Question #187Security operations
An analyst is examining events in multiple systems but is having difficulty correlating data points. Which of the following is most likely the issue with the system?
Log correlationEvent managementTime synchronizationSIEM - Question #188Security operations
An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the en...
Security automationSOAREDR integrationThreat blocking - Question #189Vulnerability Management
An end-of-life date was announced for a widely used OS. A business-critical function is performed by some machinery that is controlled by a PC, which is utilizing the OS that is ap...
End-of-life softwareVulnerability managementPatchingRisk assessment - Question #190Incident Response and Management
Which of the following describes the best reason for conducting a root cause analysis?
Root cause analysisIncident response processProcess improvementPost-incident activities - Question #191Security operations
Which of the following concepts is using an API to insert bulk access requests from a file into an identity management system an example of?
AutomationAPI integrationIdentity managementOrchestration - Question #192Security operations
A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device's operating system. Which of the fol...
Endpoint securityEDRThreat detectionSecurity controls - Question #194Security Operations
A company is concerned with finding sensitive file storage locations that are open to the public. The current internal cloud network is flat. Which of the following is the best sol...
network segmentationACLscloud securitysensitive data protection - Question #195Vulnerability Management
A security analyst is reviewing the findings of the latest vulnerability report for a company's web application. The web application accepts files for a Bash script to be processed...
vulnerability mitigationhash collisionMD5 vs SHA-256web application security - Question #196Vulnerability Management
A security analyst needs to mitigate a known, exploited vulnerability related to an attack vector that embeds software through the USB interface. Which of the following should the...
vulnerability mitigationUSB securityremovable media policysecurity configuration - Question #197Security Operations
A systems administrator receives reports of an internet-accessible Linux server that is running very sluggishly. The administrator examines the server, sees a high amount of memory...
DoS attackTCP sessionsmemory utilizationnetwork analysis tools - Question #198Vulnerability Management
A security analyst is validating a particular finding that was reported in a web application vulnerability scan to make sure it is not a false positive. The security analyst uses t...
vulnerability validationfalse positiveweb application vulnerabilityXXE - Question #199Reporting and Communication
Which of the following is the most important factor to ensure accurate incident response reporting?
incident response reportingtimelinedocumentationaccuracy - Question #200Security Operations
A security analyst is trying to detect connections to a suspicious IP address by collecting the packet captures from the gateway. Which of the following commands should the securit...
packet capturetcpdumpnetwork traffic analysissuspicious IP - Question #201Vulnerability Management
A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following...
CVSSv3vulnerability prioritizationattack vectorremediation