CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 141:

  A Chief Information Security Officer wants to implement security by design, starting with the implementation of a security scanning method to identify vulnerabilities, including SQL injection, FRI, XSS, etc.

  Which of the following would most likely meet the requirement?

  A. Reverse engineering
  B. Known environment testing
  C. Dynamic application security testing
  D. Code debugging
  C. Dynamic application security testing

  ---

  Explanation

  Dynamic Application Security Testing (DAST) is used to detect vulnerabilities in running applications, including common issues like SQL injection, FRI, XSS, etc. It aligns with the goal of implementing security by design.

• Question 142:

  A high volume of failed RDP authentication attempts was logged on a critical server within a one-hour period. All of the attempts originated from the same remote IP address and made use of a single valid domain user account.

  Which of the following would be the most effective mitigating control to reduce the rate of success of this brute-force attack?

  A. Enabling a user account lockout after a limited number of failed attempts
  B. Installing a third-party remote access tool and disabling RDP on all devices
  C. Implementing a firewall block for the remote system's IP address
  D. Increasing the verbosity of log-on event auditing on all devices
  A. Enabling a user account lockout after a limited number of failed attempts

  ---

  Explanation

  Enabling a user account lockout policy is a security measure that can effectively mitigate brute-force attacks. After a predetermined number of consecutive failed login attempts, the account will be locked, preventing the attacker from continuing to try different password combinations. This control directly addresses the issue of multiple failed attempts from the same IP address using a single user account, making it the most effective among the options provided. Option B suggests replacing RDP with another remote access tool, which does not address the brute-force attempt but rather avoids the RDP protocol. Option C, implementing a firewall block, could be effective but does not prevent attacks from other IP addresses and may not be as immediate. Option D, increasing log verbosity, enhances monitoring but does not prevent the attack itself.

• Question 143:

  Which of the following describes the difference between intentional and unintentional insider threats'?

  A. Their access levels will be different
  B. The risk factor will be the same
  C. Their behavior will be different
  D. The rate of occurrence will be the same
  C. Their behavior will be different

  ---

  Explanation

  The difference between intentional and unintentional insider threats is their behavior. Intentional insider threats are malicious actors who deliberately misuse their access to harm the organization or its assets. Unintentional insider threats are careless or negligent users who accidentally compromise the security of the organization or its assets. Their access levels, risk factors, and rates of occurrence may vary depending on various factors, but their behavior is the main distinction.

  References:

  CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 12; (https://www.cisa.gov/sites/default/files/publications/Insider_Threat_Mitigation_Guide_508.pdf)

• Question 144:

  An organization would like to ensure its cloud infrastructure has a hardened configuration. A requirement is to create a server image that can be deployed with a secure template.

  Which of the following is the best resource to ensure secure configuration?

  A. CIS Benchmarks
  B. PCI DSS
  C. OWASP Top Ten
  D. ISO 27001
  A. CIS Benchmarks

  ---

  Explanation

  The best resource to ensure secure configuration of cloud infrastructure is A. CIS Benchmarks. CIS Benchmarks are a set of prescriptive configuration recommendations for various technologies, including cloud providers, operating systems, network devices, and server software. They are developed by a global community of cybersecurity experts and help organizations protect their systems against threats more confidently1 PCI DSS, OWASP Top Ten, and ISO 27001 are also important standards for information security, but they are not focused on providing specific guidance for hardening cloud infrastructure. PCI DSS is a compliance scheme for payment card transactions, OWASP Top Ten is a list of common web application security risks, and ISO 27001 is a framework for establishing and maintaining an information security management system. These standards may have some relevance for cloud security, but they are not as comprehensive and detailed as CIS Benchmarks

• Question 145:

  An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server.

  Which of the following compensating controls will help contain the adversary while meeting the other requirements?

  (Choose two).

  A. Drop the tables on the database server to prevent data exfiltration.
  B. Deploy EDR on the web server and the database server to reduce the adversary's capabilities.
  C. Stop the httpd service on the web server so that the adversary can not use web exploits.
  D. Use microsegmentation to restrict connectivity to/from the web and database servers.
  E. Comment out the HTTP account in the /etc/passwd file of the web server.
  F. Move the database from the database server to the web server.
  B. Deploy EDR on the web server and the database server to reduce the adversary's capabilities.
  D. Use microsegmentation to restrict connectivity to/from the web and database servers.

  ---

  Explanation

  Deploying EDR on the web server and the database server to reduce the adversaries capabilities and using micro segmentation to restrict connectivity to/from the web and database servers are two compensating controls that will help contain the adversary while meeting the other requirements. A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or an attack when the primary control is not feasible or effective. EDR stands for Endpoint Detection and Response, which is a tool that monitors endpoints for malicious activity and provides automated or manual response capabilities. EDR can help contain the adversary by detecting and blocking their actions, such as data exfiltration, lateral movement, privilege escalation, or command execution. Micro segmentation is a technique that divides a network into smaller segments based on policies and rules, and applies granular access controls to each segment. Micro segmentation can help contain the adversary by isolating the web and database servers from other parts of the network, and limiting the traffic that can flow between them.

  Official References:

  https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectiveshttps://www.comptia.org/certifications/cybersecurity-analysthttps://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

• Question 146:

  A Chief Information Security Officer wants to lock down the users' ability to change applications that are installed on their Windows systems.

  Which of the following is the best enterprise-level solution?

  A. HIPS
  B. GPO
  C. Registry
  D. DLP
  B. GPO

  ---

  Explanation

  Group Policy Objects (GPO) are a feature in Windows environments that allow administrators to control settings and permissions across user accounts and computers within an organization. GPOs can restrict user permissions to prevent unauthorized installation or modification of applications, making them the best choice for centrally managing user capabilities on Windows systems. While HIPS (Host Intrusion Prevention Systems), Registry, and DLP (Data Loss Prevention) have their own uses, GPOs provide a scalable and enterprise-level solution for application control as per CompTIA Security+ guidelines.

• Question 147:

  A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization.

  Which of the following will produce the data needed for the briefing?

  A. Firewall logs
  B. Indicators of compromise
  C. Risk assessment
  D. Access control lists
  C. Risk assessment

• Question 148:

  A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to build the case for the investigation.

  Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?

  A. Create a timeline of events detailinq the date stamps, user account hostname and IP information associated with the activities
  B. Ensure that the case details do not reflect any user-identifiable information Password protect the evidence and restrict access to personnel related to the investigation
  C. Create a code name for the investigation in the ticketing system so that all personnel with access will not be able to easily identity the case as an HR-related investigation
  D. Notify the SOC manager for awareness after confirmation that the activity was intentional
  B. Ensure that the case details do not reflect any user-identifiable information Password protect the evidence and restrict access to personnel related to the investigation

  ---

  Explanation

  The best way to ensure that the investigation complies with HR or privacy policies is to ensure that the case details do not reflect any user-identifiable information, such as name, email address, phone number, or employee ID. This can help protect the privacy and confidentiality of the user and prevent any potential discrimination or retaliation. Additionally, password protecting the evidence and restricting access to personnel related to the investigation can help preserve the integrity and security of the evidence and prevent any unauthorized or accidental disclosure or modification.

• Question 149:

  An analyst has discovered the following suspicious command:

  

  Which of the following would best describe the outcome of the command?

  A. Cross-site scripting
  B. Reverse shell
  C. Backdoor attempt
  D. Logic bomb
  C. Backdoor attempt

  ---

  Explanation

  The PHP script allows remote users to execute system commands via the system() function, meaning an attacker can send arbitrary commands to the server. Option A (Cross-site scripting - XSS) is incorrect because this script does not inject JavaScript into a webpage.

  Option B (Reverse shell) is possible if an attacker sends a crafted command, but the script itself is more of a general backdoor than a dedicated reverse shell.

  Option D (Logic bomb) is incorrect because a logic bomb is typically triggered by a specific event or date rather than executing arbitrary commands on demand. Thus, C (Backdoor attempt) is the best answer, as this script grants unauthorized remote command execution.

• Question 150:

  Which of the following protocols is a legacy protocol that a security analyst should block next after disabling NetBIOS trio, Telnet, SMB, and TFTP?

  A. LDAPS v3
  B. SNMP v1
  C. TLS 1.3
  D. Kerberos v5
  B. SNMP v1