CS0-003 Exam Questions
658 real CS0-003 exam questions with expert-verified answers and explanations. Page 9 of 14.
- Question #407Incident Response and Management
A security analyst is responding to an indent that involves a malicious attack on a network. Data closet. Which of the following best explains how are analyst should properly docum...
Incident documentationEvidence collectionIncident response - Question #408Security Operations
While reviewing the web server logs a security analyst notices the following snippet ..\../..\../boot.ini Which of the following is being attempted?
Web server logsDirectory traversalAttack patterns - Question #409Security Operations
An analyst is designing a message system for a bank. The analyst wants to include a feature that allows the recipient of a message to prove to a third party that the message came f...
Non-repudiationSecurity principlesMessage integrity - Question #410Vulnerability Management
Exploit code for a recently disclosed critical software vulnerability was publicly available (or download for several days before being removed. Which of the following CVSS v.3.1 t...
CVSSVulnerability assessmentExploit code maturity - Question #411Vulnerability Management
Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a...
Vulnerability remediationRisk managementSLAChange management - Question #412Security Operations
Which of the following would most likely be used to update a dashboard that integrates with multiple vendor tools?
IntegrationsWebhooksDashboarding - Question #413Security Operations
Which of the following would eliminate the need for different passwords for a variety or internal application?
SSOIdentity managementAuthentication - Question #414Security Operations
During normal security monitoring activities, the following activity was observed: cd C:\Users\Documents\HR\Employees takeown/f .* SUCCESS: Which of the following best describes th...
Privilege escalationtakeown commandMalicious activitySecurity monitoring - Question #415Security Operations
An organization has established a formal change management process after experiencing several critical system failures over the past year. Which of the following are key factors th...
Change managementSystem failuresBackup strategiesDependency analysis - Question #416Vulnerability Management
An analyst reviews a recent government alert on new zero-day threats and finds the following CVE metrics for the most critical of the vulnerabilities: CVSS: 3.1/AV:N/AC: L/PR:N/UI:...
CVSSExploit code maturityVulnerability assessment - Question #417Incident Response and Management
An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following...
Malware analysisReverse engineeringIncident responseBinary analysis - Question #418Security Operations
A security analyst would like to integrate two different SaaS-based security tools so that one tool can notify the other in the event a threat is detected. Which of the following s...
API integrationSaaS securitySecurity toolsAutomation - Question #419Incident Response and Management
Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and ev...
Lessons learnedIncident reportingIncident response lifecyclePost-incident review - Question #420Vulnerability Management
Which of the following is the most appropriate action a security analyst to take to effectively identify the most security risks associated with a locally hosted server?
Vulnerability scanningRisk identificationSecurity toolsServer security - Question #421Reporting and Communication
Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?
Incident CommunicationCrisis CommunicationInformation ReleaseInternal Communication - Question #422Incident Response and Management
Which of the following documents should link to the recovery point objectives and recovery time objectives on critical services?
Business Impact Analysis (BIA)Recovery Point Objective (RPO)Recovery Time Objective (RTO)Disaster Recovery Planning - Question #423Vulnerability Management
A vulnerability analyst is writing a report documenting the newest, most critical vulnerabilities identified in the past month. Which of the following public MITRE repositories wou...
CVEVulnerability intelligenceVulnerability reporting - Question #424Incident Response and Management
An analyst is investigating a phishing incident and has retrieved the following as part of the investigation: cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -...
Malware analysisPowershell obfuscationEncoded commandsIncident investigation - Question #425Incident Response and Management
Which of the following best describes the key goal of the containment stage of an incident response process?
Incident containmentIncident response lifecycleDamage limitation - Question #426Vulnerability Management
During a tabletop exercise, engineers discovered that an ICS could not be updated due to hardware versioning incompatibility. Which of the following is the most likely cause of thi...
Legacy systemsICS securityVulnerability management challenges - Question #427Reporting and Communication
Results of a SOC customer service evaluation indicate high levels of dissatisfaction with the inconsistent services provided after regular work hours. To address this, the SOC lead...
SLASOC operationsService deliveryCustomer expectations - Question #428Security Operations
A cybersecurity analyst has been assigned to the threat-hunting team to create a dynamic detection strategy based on behavioral analysis and attack patterns. Which of the following...
Threat huntingTTPsBehavioral analysisDetection strategy - Question #429Vulnerability Management
A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-si...
web application securityvulnerability scanningOWASP ZAPSQL injection - Question #430Security Operations
An organization has a critical financial application hosted online that does not allow event logging to send to the corporate SIEM. Which of the following is the best option for th...
SIEMlog managementsecurity automationAPI integration - Question #431Security Operations
Which of the following will most likely cause severe issues with authentication and logging?
time synchronizationauthenticationloggingsystem integrity - Question #432Security Operations
A list of loCs released by a government security organization contains the SHA-256 hash for a Microsoft-signed legitimate binary, svchost. exe. Which of the following best describe...
IoCfalse positiveshash signaturessecurity detection - Question #433Security Operations
A SOC analyst determined that a significant number of the reported alarms could be closed after removing the duplicates. Which of the following could help the analyst reduce the nu...
SOARalert fatiguesecurity automationSOC efficiency - Question #434Vulnerability Management
A company is launching a new application in its internal network, where internal customers can communicate with the service desk. The security team needs to ensure the application...
fuzzingapplication security testingvulnerability discovery - Question #435CompTIA Security+ / CySA+ - Threat Detection and Incident Response: Using native OS tools (netstat, tasklist) and hash verification to identify malicious processes and compromised system files responsible for unauthorized data exfiltration.
SIMULATION An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration. INSTRUCTIONS Select th...
Network ForensicsIncident ResponseData ExfiltrationWindows CLI Tools - Question #436Vulnerability Management
A security administrator is tasked with modifying the vulnerability scan process to reduce the network traffic but maintain thorough checks. Which of the following scanning approac...
vulnerability scanningagent-based scanningnetwork traffic optimizationscanning methodologies - Question #437CompTIA Security+ Domain 4: Security Operations - Incident response procedures, identifying IoCs, and implementing appropriate corrective actions following a security incident.
SIMULATION An organization's website was maliciously altered. INSTRUCTIONS Review information in each tab to select the source IP the analyst should be concerned about, the indicat...
Incident ResponseIndicators of CompromiseWeb Application SecurityCorrective Controls - Question #438CompTIA Security+ Domain 4: Operations and Incident Response - specifically vulnerability scanning interpretation, remediation prioritization based on organizational policy, and selection of appropriate mitigations aligned to identified weaknesses.
SIMULATION A systems administrator is reviewing the output of a vulnerability scan. INSTRUCTIONS Review the information in each tab. Based on the organization's environment archite...
Vulnerability ManagementRemediation PrioritizationMulti-Factor AuthenticationRisk-Based Patching - Question #439Reporting and Communication
Which of the following explains the importance of a timeline when providing an incident response report?
incident timelineincident reportingincident documentation - Question #440Security Operations
A security administrator has found indications of dictionary attacks against the company's external-facing portal. Which of the following should be implemented to best mitigate the...
dictionary attacklockout policypassword securityauthentication - Question #441Vulnerability Management
Which of the following best explains the importance of the implementation of a secure software development life cycle in a company with an internal development team?
SSDLCsecurity by designrisk reductioncompliance - Question #442Reporting and Communication
Which of the following is the best reason to implement an MOU?
MOUsecurity responsibilitiesinter-departmental agreements - Question #443Incident Response and Management
Which of the following ensures that a team receives simulated threats to evaluate incident response performance and coordination?
Tabletop exerciseIncident response trainingIncident response evaluationSimulation - Question #444Incident Response Management
A new SOC manager reviewed findings regarding the strengths and weaknesses of the last tabletop exercise in order to make improvements. Which of the following should the SOC manage...
tabletop exerciselessons learnedincident response improvement - Question #445Vulnerability Management
K company has recently experienced a security breach via a public-facing service. Analysis of the event on the server was traced back to the following piece of code: SELECT ' From...
SQL injectioninput validationweb application security - Question #446Incident Response Management
A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application. Which of the following actions should a...
threat intelligencezero-dayIoCincident preparation - Question #447Security Operations
A web application has a function to retrieve content from an internal URL to identify CSRF attacks in the logs. The security analyst is building a regular expression that will filt...
regular expressionslog filteringweb application securityAPI security - Question #448Security Operations
Which of the following best explains the importance of network microsegmentation as part of a Zero Trust architecture?
microsegmentationZero Trustnetwork securitylateral movement - Question #449Vulnerability Management
A company's internet-facing web application has been compromised several times due to identified design flaws. The company would like to minimize the risk of these incidents from r...
penetration testingbug bountyweb application securityvulnerability discovery - Question #450Incident Response Management
A network security analyst for a large company noticed unusual network activity on a critical system. Which of the following tools should the analyst use to analyze network traffic...
network analysispacket captureWiresharkincident investigation - Question #452Security operations
A Chief Information Security Officer wants to lock down the users' ability to change applications that are installed on their Windows systems. Which of the following is the best en...
Group Policy Objectsendpoint securityaccess controlsystem hardening - Question #453Security operations
A Chief Information Security Officer (CISO) has determined through lessons learned and an associated after-action report that staff members who use legacy applications do not adequ...
security awarenessphishinguser educationsecurity policy - Question #454Security operations
Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?
SOARautomationAPIssecurity orchestration - Question #455Incident Response and Management
Which of the following responsibilities does the legal team have during an incident management event? (Choose two.)
incident response teamlegal complianceregulatory reportingcontract review - Question #456Security operations
Executives at an organization email sensitive financial information to external business partners when negotiating valuable contracts. To ensure the legal validity of these message...
digital signaturesintegritynon-repudiationemail security - Question #457Vulnerability management
A company patches its servers using automation software. Remote SSH or RDP connections are allowed to the servers only from the service account used by the automation software. All...
vulnerability prioritizationpatch managementrisk assessmentvulnerability scanning