CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 241:

  Which of the following best explains the importance of the implementation of a secure software development life cycle in a company with an internal development team?

  A. Increases the product price by using the implementation as a piece of marketing
  B. Decreases the risks of the software usage and complies with regulatory requirements
  C. Improves the agile process and decreases the amount of tests before the final deployment
  D. Transfers the responsibility for security flaws to the vulnerability management team
  B. Decreases the risks of the software usage and complies with regulatory requirements

  ---

  Explanation

  A Secure Software Development Life Cycle (SDLC) integrates security measures at each stage of development to reduce vulnerabilities and improve the overall security of the software. This is essential for minimizing risks related to software usage and ensuring compliance with regulatory requirements, which is particularly important for organizations handling sensitive data. As per CompTIA standards, a Secure SDLC helps prevent security breaches and protects both the organization and its users from potential harm. Options A, C, and D do not accurately describe the primary goals of a Secure SDLC, which primarily centers on risk reduction and regulatory compliance.

• Question 242:

  Thousands of computers were compromised in a breach, but the vulnerability that caused the compromise was detected on only three computers during the latest vulnerability scan. An analyst conducts an after action review to determine why the vulnerability was not detected on more computers. The analyst recreates the following configuration that was used to scan the network:

  

  Which of the following best explains the reason the vulnerability was found only on three computers?

  A. Incorrect remote port specified
  B. Lack of concurrent threads dedicated
  C. Use of a credentialed vulnerability scan
  D. Configuring an incorrect subnet mask
  D. Configuring an incorrect subnet mask

• Question 243:

  A company is concerned with finding sensitive file storage locations that are open to the public. The current internal cloud network is flat.

  Which of the following is the best solution to secure the network?

  A. Implement segmentation with ACLs.
  B. Configure logging and monitoring to the SIEM.
  C. Deploy MFA to cloud storage locations.
  D. Roll out an IDS.
  A. Implement segmentation with ACLs.

• Question 244:

  Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus?

  A. Install a firewall.
  B. Implement vulnerability management.
  C. Deploy sandboxing.
  D. Update the application blocklist.
  C. Deploy sandboxing.

  ---

  Explanation

  Sandboxing is a technique that isolates potentially malicious programs or files in a controlled environment, preventing them from affecting the rest of the system. It can help mitigate the effects of a new ransomware attack by preventing it from encrypting or deleting important data or spreading to other devices.

  References:

  CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 202

  CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 210.

• Question 245:

  A user reports a message as suspicious to the IT security team. An analyst reviews the message and notices that the following text string becomes a hyperlink in an email:

  %77%77%77%2e%63%6f%6d%70%74%69%61%2e%63%6f%6d

  Which of the following would most likely explain this behavior?

  A. The string contains obfuscated JavaScript shellcode
  B. The text is encoded and designed to bypass spam filters.
  C. The email client has a parsing error elsewhere in the message.
  D. The sandboxed PC used for testing has non-default configurations.
  B. The text is encoded and designed to bypass spam filters.

• Question 246:

  A user downloads software that contains malware onto a computer that eventually infects numerous other systems.

  Which of the following has the user become?

  A. Hacklivist
  B. Advanced persistent threat
  C. Insider threat
  D. Script kiddie
  C. Insider threat

  ---

  Explanation

  The user has become an insider threat by downloading software that contains malware onto a computer that eventually infects numerous other systems. An insider threat is a person or entity that " or resources and uses that access to cause harm or damage to the organization. An insider threat can be intentional or unintentional, malicious or negligent, and can result from various actions or behaviors, such as downloading unauthorized software, violating security policies, stealing data, sabotaging systems, or collaborating with external attackers.

• Question 247:

  A company suspects a coordinated effort to attack their platform. Web server logs show malicious activity from many different source IP addresses located in different countries.

  Which of the following will best help a security analyst identify the requests connected to this campaign?

  A. Modify the web server logs to include the X-Forwarded-For header.
  B. Create a custom SIEM query to integrate threat intel IoCs associated with the threat actor.
  C. Enrich the web server request logs with full WHOIS data on all available sources.
  D. Add GeoIP location for the source IP addresses to the log entries.
  A. Modify the web server logs to include the X-Forwarded-For header.

• Question 248:

  A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the scan of the network.

  Which of the following would be missing from a scan performed with this configuration?

  A. Operating system version
  B. Registry key values
  C. Open ports
  D. IP address
  B. Registry key values

• Question 249:

  Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?

  A. To establish what information is allowed to be released by designated employees
  B. To designate an external public relations firm to represent the organization
  C. To ensure that all news media outlets are informed at the same time
  D. To define how each employee will be contacted after an event occurs
  A. To establish what information is allowed to be released by designated employees

  ---

  Explanation

  Communicating with staff about the official public communication plan is important to avoid unauthorized or inaccurate disclosure of information that could harm the organization's reputation, security, or legal obligations. It also helps to ensure consistency and clarity of the messages delivered to the public and other stakeholders.

  https://resources.sei.cmu.edu/asset_files/Handbook/2021_002_001_651819.pdf

• Question 250:

  Which of the following software assessment methods would be best for gathering data related to an application's availability during peak times?

  A. Security regression testing
  B. Stress testing
  C. Static analysis testing
  D. Dynamic analysis testing
  E. User acceptance testing
  B. Stress testing

  ---

  Explanation

  Stress testing is a software assessment method that tests how an application performs under peak times or extreme workloads. Stress testing can help to identify any performance issues, bottlenecks, errors or crashes that may occur when an application faces high demand or concurrent users. Stress testing can also help to determine the maximum capacity and scalability of an application .

  https://www.techopedia.com/definition39/memory-dump