CompTIA CompTIA CySA+ CS0-003 Questions & Answers

• Question 11:

  The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company: Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email?

  

  A. Vulnerability A

  B. Vulnerability B

  C. Vulnerability C

  D. Vulnerability D

  Correct Answer: C

  In this scenario, Vulnerability C is the one that should most concern the analyst, as it has a network attack vector, high attack complexity, and requires authentication and user interaction. This means that an attacker could exploit this vulnerability remotely, without the need for direct user interaction, making it a more critical threat in this context.In this scenario, Vulnerability C is the one that should most concern the analyst, as it has a network attack vector, high attack complexity, and requires authentication and user interaction. This means that an attacker could exploit this vulnerability remotely, without the need for direct user interaction, making it a more critical threat in this context.

• Question 12:

  After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising?

  A. Transfer

  B. Accept

  C. Mitigate

  D. Avoid

  Correct Answer: C

  Mitigate is the best term to describe the risk management principle that the company is exercising, as it means to reduce the likelihood or impact of a risk. By implementing a patch management program to remediate vulnerabilities, the company is mitigating the threat of cyberattacks that could exploit those vulnerabilities and compromise the security or functionality of the systems. The other terms are not as accurate as mitigate, as they describe different risk management principles. Transfer means to shift the responsibility or burden of a risk to another party, such as an insurer or a contractor. Accept means to acknowledge the existence of a risk and decide not to take any action to reduce it, usually because the risk is low or the cost of mitigation is too high. Avoid means to eliminate the possibility of a risk by changing the plans or activities that could cause it, such as cancelling a project or discontinuing a service

  Reference: https://safetyculture.com/topics/risk-management/

• Question 13:

  Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?

  A. Mean time to detect

  B. Mean time to respond

  C. Mean time to remediate

  D. Service-level agreement uptime

  Correct Answer: A

  Improving the Mean Time to Detect (MTTD) is the most relevant technique to achieve the goal of reducing the time to prevent lateral movement and potential data exfiltration by malicious actors.

  MTTD measures the average time it takes for an organization to detect a security incident or malicious activity once it has occurred. By reducing MTTD, you can identify security threats more quickly, which allows for a faster response to contain the threat, prevent lateral movement, and potentially stop data exfiltration before it occurs.

• Question 14:

  A. Deploy a database to aggregate the logging

  B. Configure the servers to forward logs to a SIEM

  C. Share the log directory on each server to allow local access.

  D. Automate the emailing of logs to the analysts.

  Correct Answer: B

  The best implementation to give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually is B. Configure the servers to forward logs to a SIEM.

  A SIEM (Security Information and Event Management) is a security solution that helps organizations detect, analyze, and respond to security threats before they disrupt business1. SIEM tools collect, aggregate, and correlate log data from

  various sources across an organization's network, such as applications, devices, servers, and users. SIEM tools also provide real-time alerts, dashboards, reports, and incident response capabilities to help security teams identify and mitigate

  cyberattacks.

  By configuring the servers to forward logs to a SIEM, the security analysts can have a central view of potential threats and monitor security incidents across the corporate environment without logging in to the servers individually. This can

  save time, improve efficiency, and enhance security posture.

  Deploying a database to aggregate the logging (A) may not provide the same level of analysis, correlation, and alerting as a SIEM tool. Sharing the log directory on each server to allow local access © may not be scalable or secure for a large

  number of servers. Automating the emailing of logs to the analysts (D) may not be timely or effective for real-time threat detection and response. Therefore, B is the best option among the choices given.

• Question 15:

  A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?

  A. Deploy agents on all systems to perform the scans

  B. Deploy a central scanner and perform non-credentialed scans

  C. Deploy a cloud-based scanner and perform a network scan

  D. Deploy a scanner sensor on every segment and perform credentialed scans

  Correct Answer: D

• Question 16:

  An organization's email account was compromised by a bad actor. Given the following information: Which of the following is the length of time the team took to detect the threat?

  

  A. Data masking

  B. Hashing

  C. Watermarking

  D. Encoding

  Correct Answer: C

• Question 17:

  A security administrator needs to import PII data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality?

  A. Data masking

  B. Hashing

  C. Watermarking

  D. Encoding

  Correct Answer: A

  Reference: https://aws.amazon.com/what-is/data-masking/#:~:text=Data%20masking%20creates%20fake%20versions,access%20to%20the%20original%20dataset

• Question 18:

  The email system administrator for an organization configured DKIM signing for all email legitimately sent by the organization. Which of the following would most likely indicate an email is malicious if the company's domain name is used as both the sender and the recipient?

  A. The message fails a DMARC check

  B. The sending IP address is the hosting provider

  C. The signature does not meet corporate standards

  D. The sender and reply address are different

  Correct Answer: A

  Reference: https://easydmarc.com/tools/dmarc-lookup

• Question 19:

  During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this information?

  A. Header analysis

  B. Packet capture

  C. SSL inspection

  D. Reverse engineering

  Correct Answer: A

• Question 20:

  An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed?

  A. Blocklisting

  B. Allowlisting

  C. Graylisting

  D. Webhooks

  Correct Answer: B

  Reference: https://www.sentinelone.com/cybersecurity-101/application-whitelisting/