CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 161:

  An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact.

  Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize is efforts?

  A. OS type
  B. OS or application versions
  C. Patch availability
  D. System architecture
  E. Mission criticality
  E. Mission criticality

• Question 162:

  A security analyst scans a host and generates the following output:

  

  Which of the following best describes the output?

  A. The host is unresponsive to the ICMP request.
  B. The host Is running a vulnerable mall server.
  C. The host Is allowlng unsecured FTP connectlons.
  D. The host is vulnerable to web-based exploits.
  D. The host is vulnerable to web-based exploits.

  ---

  Explanation

  The output shows that port 80 is open and running an HTTP service, indicating that the host could potentially be vulnerable to web-based attacks. The other options are not relevant for this purpose: the host is responsive to the ICMP request, as shown by the "Host is up" message; the host is not running a mail server, as there is no SMTP or POP3 service detected; the host is not allowing unsecured FTP connections, as there is no FTP service detected.

  References:

  According to

  5. Specifically, it explains the meaning and function of each option in nmap, such as "-sV" for version detection2, page

  195. Therefore, this is a reliable source to verify the answer to the question.

• Question 163:

  An analyst reviews a recent government alert on new zero-day threats and finds the following CVE metrics for the most critical of the vulnerabilities:

  CVSS: 3.1/AV:N/AC: L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:R

  Which of the following represents the exploit code maturity of this critical vulnerability?

  A. E:U
  B. S:C
  C. RC:R
  D. AV:N
  E. AC:L
  A. E:U

  ---

  Explanation

  The exploit code maturity of a vulnerability is indicated by the E metric in the CVSS temporal score. The value of U means that no exploit code is available or unknown 1. The other options are not related to the exploit code maturity, but to other aspects of the vulnerability, such as attack vector, scope, availability, and complexity 1.

• Question 164:

  While reviewing the web server logs, a security analyst notices the following snippet:

  .. \ .. / .. \ .. /boot.ini

  Which of the following Is belng attempted?

  A. Directory traversal
  B. Remote file inclusion
  C. Cross-site scripting
  D. Remote code execution
  E. Enumeration of /etc/passwd
  A. Directory traversal

  ---

  Explanation

  6. Specifically, it explains the meaning and function of each component in web server logs, such as the HTTP method, the URL, the status code, and the user agent1, page 244. It also discusses the common types and indicators of web-based attacks, such as directory traversal, which use special characters to manipulate the web server path1, page

  251. Therefore, this is a reliable source to verify the answer to the question.

• Question 165:

  A SOC analyst determined that a significant number of the reported alarms could be closed after removing the duplicates.

  Which of the following could help the analyst reduce the number of alarms with the least effort?

  A. SOAR
  B. API
  C. XDR
  D. REST
  A. SOAR

  ---

  Explanation

  Security Orchestration, Automation, and Response (SOAR) can help the SOC analyst reduce the number of alarms by automating the process of removing duplicates and managing security alerts more efficiently. SOAR platforms enable security teams to define, prioritize, and standardize response procedures, which helps in reducing the workload and improving the overall efficiency of incident response by handling repetitive and low-level tasks automatically.

• Question 166:

  A software developer has been deploying web applications with common security risks to include insufficient logging capabilities.

  Which of the following actions would be most effective to reduce risks associated with the application development?

  A. Perform static analyses using an integrated development environment.
  B. Deploy compensating controls into the environment.
  C. Implement server-side logging and automatic updates.
  D. Conduct regular code reviews using OWASP best practices.
  D. Conduct regular code reviews using OWASP best practices.

  ---

  Explanation

  Conducting regular code reviews using OWASP best practices is the most effective action to reduce risks associated with the application development. Code reviews are a systematic examination of the source code of an application to detect and fix errors, vulnerabilities, and weaknesses that may compromise the security, functionality, or performance of the application. Code reviews can help to improve the quality and security of the code, as well as to identify and remediate common security risks, such as insufficient logging capabilities. OWASP (Open Web Application Security Project) is a global nonprofit organization that provides free and open resources, tools, standards, and best practices for web application security. OWASP best practices for logging include following a common logging format and approach, logging relevant security events and data, protecting log data from unauthorized access or modification, and using log analysis and monitoring tools to detect and respond to security incidents. By following OWASP best practices for logging, developers can ensure that their web applications have sufficient and effective logging capabilities that can help to prevent, detect, and mitigate security threats.

  References:

  OWASP Logging Cheat Sheet, OWASP Logging Guide, C9: Implement Security Logging and Monitoring - OWASP Foundation

• Question 167:

  After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m.

  Which of the following is potentially occurring?

  A. Irregular peer-to-peer communication
  B. Rogue device on the network
  C. Abnormal OS process behavior
  D. Data exfiltration
  D. Data exfiltration

  ---

  Explanation

  Data exfiltration is the theft or unauthorized transfer or movement of data from a device or network. It can occur as part of an automated attack or manually, on-site or through an internet connection, and involve various methods. It can affect personal or corporate data, such as sensitive or confidential information. Data exfiltration can be prevented or detected by using compression, encryption, authentication, authorization, and other controls

  The network activity shows that a device on the network is sending an outbound email via a mail client to a non-company email address daily at 10:00 p.m. This could indicate that the device is compromised by malware or an insider threat, and that the email is used to exfiltrate data from the network to an external party.

  The email could contain attachments, links, or hidden data that contain the stolen information. The timing of the email could be designed to avoid detection by normal network monitoring or security systems.

• Question 168:

  A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned this decision and asked for justification.

  Which of the following should the analyst provide as justification for the new policy?

  A. SMS relies on untrusted, third-party carrier networks.
  B. SMS tokens are limited to eight numerical characters.
  C. SMS is not supported on all handheld devices in use.
  D. SMS is a cleartext protocol and does not support encryption.
  D. SMS is a cleartext protocol and does not support encryption.

• Question 169:

  HOTSPOT

  Welcome to the Enterprise Help Desk System.

  Please work the ticket escalated to you in the help desk ticket queue.

  INSTRUCTIONS Click on the ticket to see the ticket details.

  Additional content is available on tabs within the ticket.

  First, select the appropriate issue from the drop-down menu.

  Then, select the MOST likely root cause from second drop-down menu.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

• Question 170:

  A security analyst receives the below information about the company's systems.

  They need to prioritize which systems should be given the resources to improve security.

  

  Which of the following systems should the analyst remediate first?

  A. Computer 1
  B. Server 1
  C. Computer 2
  D. Server 2
  C. Computer 2

  ---