CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 171:

  A cybersecurity analyst is recording the following details

  1. ID

  2. Name

  3. Description

  4. Classification of information

  5. Responsible party

  In which of the following documents is the analyst recording this information?

  A. Risk register
  B. Change control documentation
  C. Incident response playbook
  D. Incident response plan
  A. Risk register

  ---

  Explanation

  A risk register typically contains details like ID, name, description, classification of information, and responsible party. It's used for tracking identified risks and managing them.Recording details like ID, Name, Description, Classification of information, and Responsible party is typically done in a Risk Register. This document is used to identify, assess, manage, and monitor risks within an organization. It's not directly related to incident response or change control documentation.

• Question 172:

  An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets.

  Which of the following steps of an attack framework is the analyst witnessing?

  A. Exploitation
  B. Reconnaissance
  C. Command and control
  D. Actions on objectives
  B. Reconnaissance

  ---

  Explanation

  Reconnaissance is the first stage in the Cyber Kill Chain and involves researching potential targets before carrying out any penetration testing. The reconnaissance stage may include identifying potential targets, finding their vulnerabilities, discovering which third parties are connected to them (and what data they can access), and exploring existing entry points as well as finding new ones. Reconnaissance can take place both online and offline. In this case, an analyst finds that an IP address outside of the company network is being used to run network and vulnerability scans across external-facing assets. This indicates that the analyst is witnessing reconnaissance activity by an attacker. Official

  https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-killchain.html

• Question 173:

  Which of the following best explains the importance of network microsegmentation as part of a Zero Trust architecture?

  A. To allow policies that are easy to manage and less granular
  B. To increase the costs associated with regulatory compliance
  C. To limit how far an attack can spread
  D. To reduce hardware costs with the use of virtual appliances
  C. To limit how far an attack can spread

  ---

  Explanation

  Microsegmentation involves dividing a network into smaller, isolated segments to restrict lateral movement within the network. This is crucial within a Zero Trust architecture, which assumes that no entity (internal or external) is inherently trustworthy. By limiting access to only necessary network segments, microsegmentation reduces the impact of a potential breach by containing it within a limited area. CompTIA emphasizes microsegmentation as an effective strategy to minimize risk and improve security posture by isolating resources based on the principle of least privilege.

• Question 174:

  A SOC analyst is reviewing the weekly EDR report. The report shows that the same application was blocked once every 24 hours.

  Which of the following tools should the analyst use to further investigate the incident?

  A. Registry Editor
  B. services.msc
  C. Task Scheduler
  D. MSConfig
  C. Task Scheduler

• Question 175:

  Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?

  A. MITRE ATTACK
  B. Cyber Kill Cham
  C. OWASP
  D. STIXTAXII
  A. MITRE ATTACK

  ---

  Explanation

  MITRE ATT&CK is a framework and knowledge base that describes the tactics, techniques, and procedures (TTPs) used by various adversaries in cyberattacks. MITRE ATT&CK can help security analysts compare TTPs between different known adversaries of an organization, as well as identify patterns, gaps, or trends in adversary behavior. MITRE ATT&CK can also help security analysts improve threat detection, analysis, and response capabilities, as well as share threat intelligence with other organizations or communities

• Question 176:

  Which of the following would likely be used to update a dashboard that integrates.....

  ?

  A. Webhooks
  B. Extensible Markup Language
  C. Threat feed combination
  D. JavaScript Object Notation
  D. JavaScript Object Notation

  ---

  Explanation

  JavaScript Object Notation (JSON) is commonly used for transmitting data in web applications and would be suitable for updating dashboards that integrate various data sources. It's lightweight and easy to parse and generate.

• Question 177:

  An analyst is creating the final vulnerability report for one of the company's customers. The customer asks for a scanning profile with a CVSS score of 7 or higher. The analyst has confirmed there is no finding for missing database patches, even if false positives have been eliminated by manual checks.

  Which of the following is the most probable reason for the missing scan result?

  A. The server was offline at the moment of the scan.
  B. The system was not patched appropriately before the scan.
  C. The scan finding does not match the requirement.
  D. The output of the scan is corrupted.
  C. The scan finding does not match the requirement.

• Question 178:

  A user's computer is performing slower than the day before, and unexpected windows continually open and close. The user did not install any new programs, and after the user restarted the desktop, the issue was not resolved.

  Which of the following incident response actions should be taken next?

  A. Restart in safe mode and start a virus scan.
  B. Disconnect from the network and leave the PC turned on.
  C. Contain the device and implement a legal hold.
  D. Reformat and reimage the OS.
  B. Disconnect from the network and leave the PC turned on.

• Question 179:

  A systems administrator needs to gather security events with repeatable patterns from Linux log files.

  Which of the following would the administrator most likely use for this task?

  A. A regular expression in Bash
  B. Filters in the vi editor
  C. Variables in a PowerShell script
  D. A playbook in a SOAR tool
  A. A regular expression in Bash

  ---

  Explanation

  Regular expressions are powerful tools for searching text based on specific patterns, making them ideal for parsing Linux log files to detect security events with repeatable patterns. In Bash, regular expressions can be used in commands like grep or awk to efficiently filter log data. CompTIA CySA+ emphasizes the use of regular expressions in log analysis for pattern matching, a common requirement for identifying suspicious activities in log files. Options B, C, and D are less suited for this specific task due to their limited pattern-matching capabilities or platform constraints.

• Question 180:

  An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several web servers. The exploit contained the following snippet:

  /wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role=administrator

  Which of the following controls would work best to mitigate the attack represented by this snippet?

  A. Limit user creation to administrators only.
  B. Limit layout creation to administrators only.
  C. Set the directory trx_addons to read only for all users.
  D. Set the directory V2 to read only for all users.
  A. Limit user creation to administrators only.

  ---

  Explanation

  The provided snippet represents an attempt to exploit a vulnerability using a crafted URL to target the /wp-json/trx_addons/V2/get/sc_layout endpoint, with parameters indicating a potential attack on WordPress to insert a user with an administrator role. To mitigate this attack, you would want to focus on preventing unauthorized user creation and limiting access to sensitive endpoints.