CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 251:

  A company classifies security groups by risk level. Any group with a high-risk classification requires multiple levels of approval for member or owner changes.

  Which of the following inhibitors to remediation is the company utilizing?

  A. Organizational governance
  B. MOU
  C. SLA
  D. Business process interruption
  A. Organizational governance

  ---

  Explanation

  This scenario describes a strict governance policy requiring multiple approvals for high-risk security group changes. Organizational governance refers to policies that enforce security controls and approval workflows.

  Option B (MOU - Memorandum of Understanding) refers to agreements between parties, not internal security processes.

  Option C (SLA - Service Level Agreement) refers to service guarantees, not security governance.

  Option D (Business process interruption) might be a consequence, but it is not the primary inhibitor to remediation in this case.

  Thus, A is correct, as governance rules are restricting remediation speed.

• Question 252:

  A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device's operating system.

  Which of the following best meets this requirement?

  A. SIEM
  B. CASB
  C. SOAR
  D. EDR
  D. EDR

  ---

  Explanation

  EDR stands for Endpoint Detection and Response, which is a layer of defense that monitors endpoints for malicious activity and provides automated or manual response capabilities. EDR can protect against external threats regardless of the device's operating system, as it can detect and respond to attacks based on behavioral analysis and threat intelligence. EDR is also one of the tools that CompTIA CySA+ covers in its exam objective

  https://www.comptia.org/certifications/cybersecurity-analyst

  https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

  https://resources.infosecinstitute.com/certification/cysa-plus-ia-levels/

• Question 253:

  When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management to cloud-based assets.

  Which of the following service models would have reduced the complexity of this project?

  A. OpenID
  B. SASE
  C. ZTNA
  D. SWG
  A. OpenID

• Question 254:

  An MSSP received several alerts from customer 1, which caused a missed incident response deadline for customer 2.

  Which of the following best describes the document that was violated?

  A. KPI
  B. SLO
  C. SLA
  D. MOU
  C. SLA

  ---

  Explanation

  SLA (Service Level Agreement): An SLA is a formal contract between a service provider (in this case, the MSSP) and a customer that outlines the expected level of service, including incident response times and deadlines. Missing an incident response deadline for customer 2 indicates a breach of the SLA, as it would have specified the response time commitments.

• Question 255:

  Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current supervisor yet.

  Which of the following would be the best action for the incident response team to recommend?

  A. Isolate Joe's PC from the network
  B. Reimage the PC based on standard operating procedures
  C. Initiate a remote wipe of Joe's PC using mobile device management
  D. Perform no action until HR or legal counsel advises on next steps
  D. Perform no action until HR or legal counsel advises on next steps

  ---

  Explanation

  The best action for the incident response team to recommend in this scenario is to perform no action until HR or legal counsel advises on next steps. This action can help avoid any potential legal or ethical issues, such as violating employee privacy rights, contractual obligations, or organizational policies. This action can also help ensure that any evidence or information collected from the "of any legal action or dispute. The incident response team should consult with HR or legal counsel before taking any action that may "

• Question 256:

  Which of the following entities should an incident manager work with to ensure correct processes are adhered to when communicating incident reporting to the general public, as a best practice? (Select two).

  A. Law enforcement
  B. Governance
  C. Legal
  D. Manager
  E. Public relations
  F. Human resources
  C. Legal
  E. Public relations

  ---

  Explanation

  An incident manager should work with the legal and public relations entities to ensure correct processes are adhered to when communicating incident reporting to the general public, as a best practice. The legal entity can provide guidance on the legal implications and obligations of disclosing the incident, such as compliance with data protection laws, contractual obligations, and liability issues. The public relations entity can help craft the appropriate message and tone for the public communication, as well as manage the reputation and image of the organization in the aftermath of the incident. These two entities can help the incident manager balance the need for transparency and accountability with the need for confidentiality and security 12.

  References:

  Incident Communication Templates, Incident Management: Processes, Best Practices & Tools - Atlassian

• Question 257:

  An organization wants to establish a disaster recovery plan for critical applications that are hosted on premises.

  Which of the following is the first step to prepare for supporting this new requirement?

  A. Choose a vendor to utilize for the disaster recovery location.
  B. Establish prioritization of continuity from data and business owners.
  C. Negotiate vendor agreements to support disaster recovery capabilities.
  D. Advise the leadership team that a geographical area for recovery must be defined.
  B. Establish prioritization of continuity from data and business owners.

• Question 258:

  A DevOps analyst implements a webhook to trigger code vulnerability scanning for submissions to the repository.

  Which of the following is the primary benefit of this enhancement?

  A. To increase coverage by making the process occur automatically with uploads
  B. To create a single pane of glass dashboard for the vulnerability management process
  C. To include a threat feed component into the software development life cycle
  D. To employ data enrichment for new code commits to enhance project documentation
  A. To increase coverage by making the process occur automatically with uploads

• Question 259:

  An analyst is reviewing an SSLscan from a web server in an environment: The analyst needs to immediately disable ciphers that do not comply with company security standards.

  

  Which of the following ciphers is the least secure and should be disabled?

  A. AES128-SHA
  B. 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  C. ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
  D. ECDHE-RSA-AES256-GCM-SHA384 Curve P-384 DHE 384
  E. DES-CBC3-SHA
  F. AES256-GCM-SHA384
  E. DES-CBC3-SHA

• Question 260:

  A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time.

  Which of the following inhibitors to remediation does this scenario illustrate?

  A. Service-level agreement
  B. Business process interruption
  C. Degrading functionality
  D. Proprietary system
  B. Business process interruption

  ---

  Explanation

  Business process interruption is the inhibitor to remediation that this scenario illustrates. Business process interruption is when the remediation of a vulnerability or an incident requires the disruption or suspension of a critical or essential business process, such as the point-of-sale application. This can cause operational, financial, or reputational losses for the organization, and may outweigh the benefits of the remediation. Therefore, the organization may decide to postpone or avoid the remediation until a more convenient time, such as a change freeze window, which is a period of time when no changes are allowed to the IT environment 12. Service-level agreement, degrading functionality, and proprietary system are other possible inhibitors to remediation, but they are not relevant to this scenario. Service-level agreement is when the remediation of a vulnerability or an incident violates or affects the contractual obligations or expectations of the service provider or the customer. Degrading functionality is when the remediation of a vulnerability or an incident reduces or impairs the performance or usability of a system or an application. Proprietary system is when the remediation of a vulnerability or an incident involves a system or an application that is owned or controlled by a third party, and the organization has limited or no access or authority to modify it3.

  References:

  Inhibitors to Remediation -- SOC Ops Simplified, Remediation Inhibitors - CompTIA CySA+, Information security Vulnerability Management Report (Remediation...