CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 6 of 14.
- Question #253Vulnerability Management
An organization would like to ensure its cloud infrastructure has a hardened configuration. A requirement is to create a server image that can be deployed with a secure template. W...
Cloud SecuritySecurity HardeningConfiguration ManagementSecurity Standards - Question #254Incident Response and Management
A systems administrator notices unfamiliar directory names on a production server. The administrator reviews the directory listings and files, and then concludes the server has bee...
Incident response planCompromise detectionNext stepsSecurity incident - Question #255Vulnerability Management
A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effec...
Secure codingOWASPCode reviewApplication security - Question #256Vulnerability Management
A security audit for unsecured network services was conducted, and the following output was generated: Which of the following services should the security team investigate further?...
Insecure protocolsNetwork servicesPort securitySecurity audit - Question #257Security operations
Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?
Alert managementSIEMSecurity monitoringThresholds - Question #258Security operations
Which of the following is described as a method of enforcing a security policy between cloud customers and cloud services?
CASBCloud securitySecurity policy enforcementCloud access - Question #259Reporting and Communication
Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system application, or user base is affected by an uptime av...
Reporting metricsOutage impactAvailabilityIncident reporting - Question #260Vulnerability Management
A security analyst needs to provide evidence of regular vulnerability scanning on the company's network for an auditing process. Which of the following is an example of a tool that...
Vulnerability scanningSecurity toolsAudit evidenceOpenVAS - Question #261Incident Response and Management
An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the best step for th...
Legal holdData preservationE-discoveryCompliance - Question #262Vulnerability Management
A company has the following security requirements: - No public IPs - All data secured at rest - No insecure ports/protocols After a cloud scan is completed a security analyst recei...
Cloud securityVulnerability prioritizationSecurity misconfigurationData at rest encryption - Question #263Incident Response and Management
Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for fu...
Lessons learnedIncident post-mortemIncident response process - Question #264Incident Response and Management
An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the in...
Incident prioritizationIncident impact assessmentIncident response - Question #265Security operations
To minimize the impact of a security incident, a cybersecurity analyst has configured audit settings in the organization's cloud services. Which of the following security controls...
Security controlsDetective controlsCloud auditing - Question #266Security operations
A web developer reports the following error that appeared on a development server when testing a new application: Which of the following tools can be used to identify the applicati...
Application debuggingSoftware analysis toolsIncident forensics - Question #267Security operations
A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks?
DDoS mitigationCDNNetwork securityLayer 4 attacks - Question #268Security operations
An analyst is reviewing system logs while threat hunting: Which of the following hosts should be investigated first?
Threat huntingLog analysisIncident prioritizationSecurity operations - Question #269Security operations
An organization needs to bring in data collection and aggregation from various endpoints. Which of the following is the best tool to deploy to help analysts gather this data?
Endpoint securityEDRSecurity monitoringData aggregation - Question #270Reporting and Communication
A regulated organization experienced a security breach that exposed a list of customer names with corresponding PII data. Which of the following is the best reason for developing t...
Incident communicationRegulatory compliancePII breachIncident response - Question #271Incident Response and Management
Following an incident, a security analyst needs to create a script for downloading the configuration of all assets from the cloud tenancy. Which of the following authentication met...
Cloud automationAPI authenticationKey pair authenticationIncident forensics - Question #272Vulnerability Management
A penetration tester is conducting a test on an organization's software development website. The penetration tester sends the following request to the web interface: Which of the f...
Penetration testingWeb application securitySQL injectionVulnerability identification - Question #273Incident Response and Management
Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These...
Incident response stepsContainmentForensic readinessMalware - Question #274Vulnerability Management
A manufacturer has hired a third-party consultant to assess the security of an OT network that includes both fragile and legacy equipment. Which of the following must be considered...
OT securityVulnerability scanningPassive scanningFragile systems - Question #275Security operations
A team of analysts is developing a new internal system that correlates information from a variety of sources, analyzes that information, and then triggers notifications according t...
SIEMSecurity monitoringLog correlationAlerting - Question #276Security operations
Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus?
Ransomware mitigationSandboxingEndpoint protectionAdvanced threat protection - Question #277Vulnerability Management
A Chief Information Security Officer wants to implement security by design, starting with the implementation of a security scanning method to identify vulnerabilities, including SQ...
Application security testingDASTWeb vulnerabilitiesSecurity by design - Question #278Vulnerability Management
A security analyst scans a host and generates the following output: Which of the following best describes the output?
Vulnerability scanningNmapPort scanningWeb server security - Question #279Incident Response and Management
The security team at a company, which was a recent target of ransomware, compiled a list of hosts that were identified as impacted and in scope for this incident. Based on the foll...
Ransomware attack chainActive DirectoryGroup PolicyIncident forensics - Question #280Security operations
After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASE to reduce analyst alert fatigue. Which of the...
Alert fatigueFalse positivesDLPSecurity automation - Question #281Security operations
Which of the following threat actors is most likely to target a company due to its questionable environmental policies?
Threat actor typesHacktivismMotivation - Question #282Vulnerability Management
A cybersecurity analyst is recording the following details: - ID - Name - Description - Classification of information - Responsible party In which of the following documents is the...
Risk registerRisk managementInformation classification - Question #283Vulnerability Management
A SOC manager is establishing a reporting process to manage vulnerabilities. Which of the following would be the best solution to identify potential loss incurred by an issue?
Vulnerability managementRisk scoreLoss identificationReporting - Question #284Security operations
While configuring a SIEM for an organization, a security analyst is having difficulty correlating incidents across different systems. Which of the following should be checked first...
SIEMLog correlationNTPTime synchronization - Question #285Vulnerability Management
During a scan of a web server in the perimeter network, a vulnerability was identified that could be exploited over port 3389. The web server is protected by a WAF. Which of the fo...
Risk assessmentVulnerability mitigationFirewallsRDP - Question #286Vulnerability Management
Several vulnerability scan reports have indicated runtime errors as the code is executing. The dashboard that lists the errors has a command-line interface for developers to check...
Application securityRuntime errorsCode reviewDebugging - Question #287Vulnerability Management
A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following: Which of the following vulnerabilities...
Web application securityBurp SuiteLFIVulnerability testing - Question #288Vulnerability Management
A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls and two-fact...
System hardeningHost securityVulnerability mitigationIPS - Question #289Incident Response and Management
A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the follow...
Digital forensicsEvidence integrityNon-repudiation - Question #290Vulnerability Management
An analyst investigated a website and produced the following: Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?
NmapPort scanningVersion detectionReconnaissance - Question #291Security operations
A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the followi...
SIEMLog correlationTimestampsNTP - Question #292Incident Response and Management
A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated t...
PhishingIncident responseInitial investigationInformation gathering - Question #294Security operations
A small company does not have enough staff to effectively segregate duties to prevent error and fraud in payroll management. The Chief Information Security Officer (CISO) decides t...
Compensating controlsSegregation of dutiesRisk mitigationAudit trails - Question #295Security operations
An email hosting provider added a new data center with new public IP addresses. Which of the following most likely needs to be updated to ensure emails from the new data center do...
Email securitySPFAnti-spamDNS records - Question #296Security operations
A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the m...
Malware detectionXDRCentralized loggingEndpoint security - Question #297Incident Response and Management
Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?
Disaster recoveryBusiness continuityExercise planningContinuity controls - Question #298Vulnerability Management
A security analyst has prepared a vulnerability scan that contains all of the company's functional subnets. During the initial scan users reported that network printers began to pr...
Vulnerability scanningNetwork printersScan configurationBest practices - Question #299Vulnerability Management
A Chief Information Security Officer has outlined several requirements for a new vulnerability scanning project: - Must use minimal network bandwidth - Must use minimal host resour...
Vulnerability scanningAgent-based scanningResource efficiencyReal-time monitoring - Question #300Security operations
An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most l...
CSRFWeb application securityBrowser securityAuthentication attacks - Question #301Security operations
Which of the following does "federation" most likely refer to within the context of identity and access management?
Federated IdentityIdentity and Access ManagementAuthenticationSingle Sign-On (SSO) - Question #302Security operations
The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require r...
SIEMSOARSecurity OperationsAlert Management - Question #303Security operations
Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?
Insider threatThreat conceptsSecurity awarenessUser behavior