CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 181:

  During the rollout of a patch to the production environment, it was discovered that required connections to remote systems are no longer possible.

  Which of the following steps would have most likely revealed this gap?

  A. Implementation
  B. User acceptance testing
  C. Validation
  D. Rollback
  C. Validation

• Question 182:

  A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server.

  Which of the following is the next step for the analyst to take?

  A. Instruct the firewall engineer that a rule needs to be added to block this external server
  B. Escalate the event to an incident and notify the SOC manager of the activity
  C. Notify the incident response team that there is a DDoS attack occurring
  D. Identify the IP/hostname for the requests and look at the related activity
  D. Identify the IP/hostname for the requests and look at the related activity

  ---

  Explanation

  Identifying the IP/hostname for the requests and looking at the related activity is the first step in understanding the nature of the issue. This step is crucial for making informed decisions about how to respond to the situation.

  Once the analyst has gathered more information, they can then decide whether further escalation or actions are necessary, such as alerting the incident response team or notifying higher management.

• Question 183:

  A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated.

  Which of the following represents the least impactful risk, given the CVSS3.1 base scores?

  A. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0
  B. AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L - Base Score 7.2
  C. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4
  D. AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5
  A. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0

  ---

  Explanation

  This option represents the least impactful risk because it has the lowest base score among the four options, and it also requires high privileges, user interaction, and high attack complexity to exploit, which reduces the likelihood of a successful attack.

  References:

  The base scores were calculated using the Common Vulnerability Scoring System Version 3.1 Calculator from FIRST. The explanation was based on the CVSS standards guide from NVD and the CVSS 3.1 Calculator Online from Calculators Hub.

• Question 184:

  When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management to cloud-based assets.

  Which of the following service models would have reduced the complexity of this project?

  A. OpenID
  B. SDN
  C. ZTNA
  D. SWG
  A. OpenID

• Question 185:

  Which of the following is a benefit of the Diamond Model of Intrusion Analysis?

  A. It provides analytical pivoting and identifies knowledge gaps.
  B. It guarantees that the discovered vulnerability will not be exploited again in the future.
  C. It provides concise evidence that can be used in court
  D. It allows for proactive detection and analysis of attack events
  A. It provides analytical pivoting and identifies knowledge gaps.

  ---

  Explanation

  The Diamond Model of Intrusion Analysis is a framework that helps analysts to understand the relationships between the adversary, the victim, the infrastructure, and the capability involved in an attack. It also enables analytical pivoting, which is the process of moving from one piece of information to another related one, and identifies knowledge gaps that need further investigation.

• Question 186:

  The website of a large retail chain is falling to enforce encrypted HTTPS connections, leaving customer account credentials exposed.

  Which of the following is the best corrective action for resolving this issue?

  A. Remove any redirect settings of HTTP connections to HTTPS.
  B. Implement HTTP Strict Transport Security Headers.
  C. Install a self-signed certificate on the web server.
  D. Reduce the default timeout period for all web-based sessions.
  D. Reduce the default timeout period for all web-based sessions.

• Question 187:

  While observing several host machines, a security analyst notices a program is overwriting data to a buffer.

  Which of the following controls will best mitigate this issue?

  A. Data execution prevention
  B. Output encoding
  C. Prepared statements
  D. Parameterized queries
  A. Data execution prevention

  ---

  Explanation

  Data execution prevention (DEP) is a security feature that prevents code from being executed in memory regions that are marked as data-only. This helps mitigate buffer overflow attacks, which are a type of attack where a program overwrites data to a buffer beyond its allocated size, potentially allowing malicious code to be executed. DEP can be implemented at the hardware or software level and can prevent unauthorized code execution in memory buffers. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 10;

  https://docs.microsoft.com/enus/windows/win32/memory/data-execution-prevention

• Question 188:

  A company creates digitally signed packages for its devices.

  Which of the following best describes the method by which the security packages are delivered to the company's customers?

  A. Antitamper mechanism
  B. SELinux
  C. Trusted firmware updates
  D. eFuse
  C. Trusted firmware updates

  ---

  Explanation

  Trusted firmware updates are a method by which security package" customers. Trusted firmware updates are digitally signed packages that contain software updates or patches for devices, such as routers, switches, or firewalls. Trusted firmware updates can help to ensure the authenticity and integrity of the packages by verifying the digital signature of the sender and preventing unauthorized or malicious modifications to the packages .

  https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_trustsec/configuration/xe-16/sec-usr-trustsec-xe-16-book/sec-trust-firm-upd.html

• Question 189:

  An incident responder is investigating a possible server data exfiltration incident with the intent to prosecute if necessary. The responder:

  1. Captures live memory and an image of the drives.

  2. Is given a copy of the firewall logs.

  3. Pulls the drives from the server.

  Which of the following would most likely create an issue?

  A. Lack of network capture
  B. Chain of custody failure
  C. Corrupt drives
  D. Encrypted files
  B. Chain of custody failure

• Question 190:

  A security analyst notices the following proxy log entries:

  

  Which of the following is the user attempting to do based on the log entries?

  A. Use a DoS attack on external hosts.
  B. Exfiltrate data.
  C. Scan the network.
  D. Relay email.
  D. Relay email.

  ---

  Explanation

  Based on the provided log entries, the user is attempting to relay email. This can be inferred from the log entries that show attempts to establish connections to external IP addresses on port 25, which is the default port for SMTP (Simple Mail Transfer Protocol) used for email transmission.