Browse Exams Pricing

ExamsCS0-003Questions

CS0-003 Exam Questions

658 real CS0-003 exam questions with expert-verified answers and explanations. Page 5 of 14.

Question #202Security Operations
A security analyst must review a suspicious email to determine its legitimacy. Which of the following should be performed? (Choose two.)
email analysisemail headersSPF DKIM DMARCphishing investigation
Question #203Vulnerability Management
A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sp...
CVSSv3.1vulnerability prioritizationrisk assessmentimpact evaluation
Question #204Vulnerability Management
A recent vulnerability scan resulted in an abnormally large number of critical and high findings that require patching. The SLA requires that the findings be remediated within a sp...
vulnerability remediationpatch managementSLAticketing system
Question #205Security Operations
Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address?
SIEMthreat intelligenceIP reputationdata enrichment
Question #206Incident Response and Management
An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the im...
post-compromise remediationMFApassword leakageidentity protection
Question #207Vulnerability Management
A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of u...
vulnerability scanningnetwork segmentationagent-based scanningcredentialed scans
Question #208Security Operations
A security analyst is looking for information that would serve as an indicator that a given IP address is Involved in other attacks. Which of the following sources of information s...
threat intelligenceIP reputationOSINTAbuseIPDB
Question #209Security Operations
A security administrator needs to import PII data records from the production environment to the test environment for testing purposes. Which of the following would best protect da...
PII data protectiondata confidentialitydata maskingtest environment
Question #210Security Operations
The email system administrator for an organization configured DKIM signing for all email legitimately sent by the organization. Which of the following would most likely indicate an...
email authenticationDKIMDMARCmalicious email detection
Question #211Incident Response and Management
During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this inf...
phishing incidentemail sourceheader analysisincident investigation
Question #212Security Operations
An analyst wants to ensure that users only leverage web-based software that has been pre- approved by the organization. Which of the following should be deployed?
application controlallowlistingblocklistingweb-based software
Question #213Incident Response Management
During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?
ransomwarecontainmentincident responseperimeter security
Question #214Incident Response Management
An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?
BC/DR planstabletop exerciseincident response testingbusiness continuity
Question #215Security Operations
Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughou...
SIEMcentralized loggingsecurity monitoringlog aggregation
Question #216Reporting and Communication
Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal i...
security metricsMTTDlateral movementdata exfiltration
Question #217Vulnerability Management
After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the com...
risk managementpatch managementvulnerability remediationmitigate
Question #218Incident Response Management
A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file from the email and isolates the affected wo...
ransomwareincident responsecontainmentphishing analysis
Question #219Vulnerability Management
The security analyst received the monthly vulnerability report. The following findings were included in the report: - Five of the systems only required a reboot to finalize the pat...
compensating controlsrisk mitigationoutdated systemsvulnerability management
Question #220Vulnerability Management
The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company: Which of the following vulnerabili...
threat intelligencevulnerability prioritizationsocial engineeringend-user risk
Question #221Incident Response Management
An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most i...
incident responseincident handoverinvestigation processcontinuity
Question #222Vulnerability Management
A company recently removed administrator rights from all of its end user workstations. An analyst uses CVSSv3.1 exploitability metrics to prioritize the vulnerabilities for the wor...
vulnerability prioritizationCVSSrisk assessmentprivilege management
Question #223Security Operations
A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls...
social engineeringsecurity awarenessuser trainingpenetration testing
Question #224Security Operations
A security analyst at a company is reviewing an alert from the file integrity monitoring indicating a mismatch in the login. html file hash. After comparing the code with the previ...
file integrity monitoringweb defacementexfiltrationunauthorized changes
Question #225Vulnerability Management
A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods sh...
vulnerability scanningcredentialed scanvulnerability reportingasset discovery
Question #226Security Operations
An organization enabled a SIEM rule to send an alert to a security analyst distribution list when ten failed logins occur within one minute. However, the control was unable to dete...
SIEMalert tuningfalse negativesecurity monitoring
Question #227Vulnerability Management
A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-dept...
web application scanningdiscovery scanattack surface mappingvulnerability assessment
Question #228Reporting and Communication
Which of the following best describes the process of requiring remediation of a known threat within a given time frame?
SLAremediationthreat managementservice agreements
Question #229Security Operations
Which of the following risk management principles is accomplished by purchasing cyber insurance?
risk managementcyber insurancerisk transfer
Question #230Vulnerability Management
A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the...
secure codingSDLCsecurity awarenessvulnerability prevention
Question #231Security Operations
An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensu...
data securitycloud storagedata lifecycleencryptionaccess controls
Question #232Vulnerability Management
An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced b...
Vulnerability scanningActive scanning modeSystem impactVulnerability assessment
Question #233Security operations
An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows too...
Application ControlPrivilege EscalationEndpoint SecuritySystem Hardening
Question #234Vulnerability Management
A new zero-day vulnerability was released. A security analyst is prioritizing which systems should receive deployment of compensating controls deployment first. The systems have be...
Zero-day vulnerabilityVulnerability prioritizationCompensating controlsRisk management
Question #235Security operations
A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their secu...
MITRE ATT&CKThreat intelligenceSecurity frameworksSecurity controls
Question #236Incident Response and Management
Which of the following actions would an analyst most likely perform after an incident has been investigated?
Incident responsePost-incident activitiesRoot cause analysisIncident investigation
Question #237Incident Response and Management
After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email addre...
Data exfiltrationThreat huntingNetwork analysisIncident detection
Question #238Vulnerability Management
A vulnerability scanner generates the following output: The company has an SLA for patching that requires time frames to be met for high-risk vulnerabilities. Which of the followin...
Vulnerability PrioritizationVulnerability RemediationRisk ManagementSLA Compliance
Question #239Security operations
A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst t...
Security operationsIncident investigationWeb server logsHTTP 404
Question #240CompTIA Security+ Domain 4.0 – Security Operations: Specifically covers incident response procedures (4.4), analyzing indicators of compromise, and using log data to investigate and contain security incidents caused by social engineering attacks such as phishing.
SIMULATION Approximately 100 employees at your company have received a phishing email. As a security analyst, you have been tasked with handling this situation. INSTRUCTIONS Review...
Incident ResponsePhishing AnalysisLog AnalysisMalware Investigation
Question #241CompTIA Security+ Domain 4: Operations and Incident Response - specifically hardening techniques, configuration management, and interpreting scan results to ensure systems meet security baselines and compliance requirements.
SIMULATION You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and re...
Server HardeningTLS ConfigurationVulnerability ScanningCompliance Assessment
Question #242Vulnerability Management
Hotspot Question A security analyst performs various types of vulnerability scans. You must review the vulnerability scan results to determine the type of scan that was executed an...
Vulnerability scanningCredentialed scanFalse positivesCompliance scan
Question #243CompTIA PenTest+ / Security+ - Vulnerability Scanning and Penetration Testing Tools; System Hardening and Network Security Controls (e.g., PT0-002 Domain 2: Reconnaissance & Enumeration; SY0-701 Domain 4: Security Operations)
SIMULATION You are a penetration tester who is reviewing the system hardening guidelines for a company's distribution center. The company's hardening guidelines indicate the follow...
Network ScanningSystem HardeningPenetration Testing MethodologyProtocol Security
Question #244Vulnerability Management
SIMULATION The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items accordi...
Vulnerability ManagementWeb SecurityRemediationPCI DSS Compliance
Question #245Vulnerability Management
A security analyst performs a vulnerability scan. Based on the metrics from the scan results, the analyst must prioritize which hosts to patch. The analyst runs the tool and receiv...
Vulnerability prioritizationVulnerability metricsPatch managementRisk assessment
Question #246Security operations
A security analyst receives an alert for suspicious activity on a company laptop. An excerpt of the log is shown below: Which of the following has most likely occurred?
Log analysisMalware analysisSuspicious activityIncident detection
Question #247Incident Response and Management
During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external e...
Incident responseData exfiltrationLegal holdPII protection
Question #248Security operations
An attacker has just gained access to the syslog server on a LAN. Reviewing the syslog entries has allowed the attacker to prioritize possible next targets. Which of the following...
ReconnaissanceSyslog analysisPassive foot printingAttack methodology
Question #249Security operations
Several users received a phishing email containing a malicious file that bypassed the organization's email security tool. Based on the SIEM logs, users did not open the file within...
MITRE ATT&CKPhishingEmail securityAttack phases
Question #251Reporting and Communication
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?
SLAVendor managementContract managementSecurity policy
Question #252Security operations
During the log analysis phase, the following suspicious command is detected: Which of the following is being attempted?
Log analysisRemote code executionAttack detectionCommand injection

PreviousPage 5 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.