CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 131:

  Which of the following does "federation" most likely refer to within the context of identity and access management?

  A. Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access
  B. An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains
  C. Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user
  D. Correlating one's identity with the attributes and associated applications the user has access to
  B. An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains

  ---

  Explanation

  Federation is a system of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources. By using federation, a user can use one set of credentials to access multiple domains that trust each other.

• Question 132:

  After reviewing the final report for a penetration test, a cybersecurity analyst prioritizes the remediation for input validation vulnerabilities.

  Which of the following attacks is the analyst seeking to prevent?

  A. DNS poisoning
  B. Pharming
  C. Phishing
  D. Cross-site scripting
  D. Cross-site scripting

  ---

  Explanation

  Cross-site scripting (XSS): This attack exploits input validation vulnerabilities. XSS allows attackers to inject malicious scripts into webpages viewed by other users. Proper input validation and sanitization of user inputs are essential to prevent

  XSS attacks.

• Question 133:

  Which of the following is the best authentication method to secure access to sensitive data?

  A. An assigned device that generates a randomized code for login
  B. Biometrics and a device with a personalized code for login
  C. Alphanumeric/special character username and passphrase for login
  D. A one-time code received by email and push authorization for login
  B. Biometrics and a device with a personalized code for login

  ---

  Explanation

  The best practice for securing access to sensitive data is to implement multifactor authentication (MFA), which combines multiple factors of authentication to enhance security.

  Option B (Biometrics + Device with a Personalized Code) uses two strong factors:

  Option A (Randomized Code) is good but weaker than biometrics because it relies only on something you have.

  Option C (Passphrase) is single-factor authentication, which is susceptible to brute-force attacks.

  Option D (One-time Code + Push Notification) is useful, but email-based authentication can be vulnerable to phishing and MITM attacks.

• Question 134:

  A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script:

  

  Which of the following scripting languages was used in the script?

  A. PowerShel
  B. Ruby
  C. Python
  D. Shell script
  A. PowerShel

  ---

  Explanation

  The script uses PowerShell syntax, such as cmdlets, parameters, variables, and comments. PowerShell is a scripting language that can be used to automate tasks and manage systems.

• Question 135:

  A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated.

  Which of the following should be implemented?

  A. Offline storage
  B. Evidence collection
  C. Integrity validation
  D. Legal hold
  C. Integrity validation

  ---

  Explanation

  Integrity validation is the process of ensuring that the digital evidence has not been altered or tampered with during collection, acquisition, preservation, or analysis. It usually involves generating and verifying cryptographic hashes of the evidence, such as MD5 or SHA-1. Integrity validation is essential for maintaining the accuracy and admissibility of the digital evidence in court.

• Question 136:

  Which of the following best explains the importance of playbooks for incident response teams?

  A. Playbooks define compliance controls and help keep the monitoring process that is in place fully aligned with regulatory requirements as designed by international rules.
  B. Playbooks help implement mitigation controls to prevent the occurrence of incidents in accordance with internal policies and procedures as designed by the IT team.
  C. Playbooks set baseline requirements that are implemented before incidents happen to ensure the proper monitoring process in order to collect metrics and KPIs that will be used for lessons-learned procedures after a postmortem analysis.
  D. Playbooks help minimize negative impacts and restore data, systems, and operations through highly detailed, preplanned procedures that will be followed when particular types of incidents occur.
  D. Playbooks help minimize negative impacts and restore data, systems, and operations through highly detailed, preplanned procedures that will be followed when particular types of incidents occur.

• Question 137:

  A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event.

  Which of the following should the team create to address this issue?

  A. Service-level agreement
  B. Change management plan
  C. Incident response plan
  D. Memorandum of understanding
  C. Incident response plan

  ---

  Explanation

  An incident response plan outlines the procedures, roles, and responsibilities for responding to security incidents within an organization. It provides clear guidance on how to handle different types of incidents, including who is responsible for what actions during and after an incident.

• Question 138:

  A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging.

  Which of the following log sources will confirm the malware infection?

  A. XDR logs
  B. Firewall logs
  C. IDS logs
  D. MFA logs
  A. XDR logs

  ---

  Explanation

  XDR logs will confirm the malware infection because XDR is a system that collects and analyzes data from multiple sources, such as endpoints, networks, cloud applications, and email security, to detect and respond to advanced threats 12.

  XDR can provide a comprehensive view of the attack chain and the context of the malware infection. Firewall logs, IDS logs, and MFA logs are not sufficient to confirm the malware infection, as they only provide partial or indirect information about the network traffic, intrusion attempts, or user authentication.

  References:

  Cybersecurity Analyst+ - CompTIA, XDR: definition and benefits for MSPs| WatchGuard Blog, Extended detection and response - Wikipedia

• Question 139:

  The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide.

  Which of the following controls would BEST protect the service?

  A. Whitelisting authorized IP addresses
  B. Blacklisting unauthorized IP addresses
  C. Enforcing more complex password requirements
  D. Establishing a sinkhole service
  A. Whitelisting authorized IP addresses

• Question 140:

  A security analyst observed the following activities in chronological order:

  1. Protocol violation alerts on external firewall

  2. Unauthorized internal scanning activity

  3. Changes in outbound network performance

  Which of the following best describes the goal of the threat actor?

  A. Data exfiltration
  B. Unusual traffic spikes
  C. Rogue devices
  D. Irregular peer-to-peer communication
  A. Data exfiltration