CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 261:

  Which of the following documents sets requirements and metrics for a third-party response during an event?

  A. BIA
  B. DRP
  C. SLA
  D. MOU
  C. SLA

  ---

  Explanation

  Comprehensive Detailed Explanation:A Service Level Agreement (SLA) defines the expectations, requirements, and metrics for third-party services, including response times and responsibilities during an event. Here's an overview of each option:

  A. BIA (Business Impact Analysis)

  B. DRP (Disaster Recovery Plan)

  C. SLA (Service Level Agreement)

  D. MOU (Memorandum of Understanding) References: NIST SP 800-37: Risk Management Framework, on the role of SLAs in managing third-party risk. ITIL Service Design: Importance of SLAs for defining service performance and response requirements.

• Question 262:

  An application security analyst needs to test a web application for input validation vulnerabilities. The analyst does not have the source code and does not have documentation for the APIs.

  Which of the following techniques will best aid the analyst in vulnerability testing?

  A. Fuzzing operation
  B. Agentless scanning
  C. Reverse engineering
  D. Use of a SAST tool
  D. Use of a SAST tool

• Question 263:

  An analyst is designing a message system for a bank. The analyst wants to include a feature that allows the recipient of a message to prove to a third party that the message came from the sender.

  Which of the following information security goals is the analyst most likely trying to achieve?

  A. Non-repudiation
  B. Authentication
  C. Authorization
  D. Integrity
  A. Non-repudiation

  ---

  Explanation

  Non-repudiation ensures that a message sender cannot deny the authenticity of their sent message. This is crucial in banking communications for legal and security reasons. The goal of allowing a message recipient to prove the message's origin is non-repudiation. This ensures that the sender cannot deny the authenticity of their message. Non-repudiation is a fundamental aspect of secure messaging systems, especially in banking and financial communications.

• Question 264:

  Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?

  A. Mean time to detect
  B. Number of exploits by tactic
  C. Alert volume
  D. Quantity of intrusion attempts
  A. Mean time to detect

  ---

  Explanation

  Mean time to detect (MTTD) is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system. MTTD is a metric that measures how long it takes to detect a security incident or threat from the time it occurs. MTTD can be improved by using tools and processes that can collect, correlate, analyze, and alert on security data from various sources. SIEM, SOAR, and ticketing systems are examples of such tools and processes that can help reduce MTTD and enhance security operations.

  Official

  https://www.eccouncil.org/cybersecurityexchange/threat-intelligence/cyber-kill-chain-seven-steps-cyberattack

• Question 265:

  A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning.

  Which of following best fits the type of scanning activity requested?

  A. Uncredentialed scan
  B. Discovery scan
  C. Vulnerability scan
  D. Credentialed scan
  B. Discovery scan

  ---

  Explanation

  A discovery scan is typically used to identify the scope of a web application and understand where the scan will go. This type of scan is often the first step in assessing a web application's security and helps the analyst determine which areas should be further examined or tested in-depth.

  References:

  https://qualysguard.qg2.apps.qualys.com/portal-help/en/was/scans/scanning_basics.htm

• Question 266:

  A SOC receives several alerts indicating user accounts are connecting to the company's identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed.

  Which of the following logs should the SOC use when determining malicious intent?

  A. DNS
  B. tcpdump
  C. Directory
  D. IDS
  D. IDS

  ---

  Explanation

  Intrusion Detection Systems (IDS) logs provide visibility into network traffic patterns and can help detect insecure or unusual connections. These logs will show if non-secure protocols are used, potentially revealing exposed credentials.

  According to CompTIA CySA+, IDS logs are essential for identifying malicious activity related to communications and network intrusions. Options like DNS (A) and tcpdump (B) provide network details, but IDS specifically monitors for intrusions and unusual activities relevant to security incidents.

• Question 267:

  A security analyst reviews a SIEM alert related to a suspicious email and wants to verify the authenticity of the message:

  SPF = PASS

  DKIM = FAIL

  DMARC = FAIL

  Which of the following did the analyst most likely discover?

  A. An insider threat altered email security records to mask suspicious DNS resolution traffic.
  B. The message was sent from an authorized mail server but was not signed.
  C. Log normalization corrupted the data as it was brought into the central repository.
  D. The email security software did not process all of the records correctly.
  B. The message was sent from an authorized mail server but was not signed.

  ---

  Explanation

  Comprehensive and Detailed Step-by-Step Explanation:The SPF = PASS result confirms the email came from an authorized server, but DKIM = FAIL indicates the message was not properly signed with the expected DomainKeys Identified Mail (DKIM) signature. DMARC = FAIL suggests that because DKIM failed, the overall email authentication failed. This scenario is consistent with a legitimate server sending an unsigned email.

  References:

  CompTIA CySA+ All-in-One Guide (Chapter 5: Email Analysis) CompTIA CySA+ Practice Tests (Domain 1.3 Email Authentication)

• Question 268:

  An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior.

  Which of the following processes most likely can be performed to understand the purpose of the binary file?

  A. File debugging
  B. Traffic analysis
  C. Reverse engineering
  D. Machine isolation
  C. Reverse engineering

  ---

  Explanation

  Reverse engineering is the process of analyzing a binary file to understand its structure, functionality, and behavior. It can help to identify the purpose of the binary file, such as whether it is a malicious program, a legitimate application, or a library. Reverse engineering can involve various techniques, such as disassembling, decompiling, debugging, or extracting strings or resources from the binary file 123. Reverse engineering can also help to find vulnerabilities, backdoors, or hidden features in the binary file

• Question 269:

  An incident response team member is triaging a Linux server. The output is shown below:

  

  Which of the following is the adversary most likely trying to do?

  A. Create a backdoor root account named zsh.
  B. Execute commands through an unsecured service account.
  C. Send a beacon to a command-and-control server.
  D. Perform a denial-of-service attack on the web server.
  B. Execute commands through an unsecured service account.

• Question 270:

  Which of the following choices is most likely to cause obstacles in vulnerability remediation?

  A. Not meeting an SLA
  B. Patch prioritization
  C. Organizational governance
  D. Proprietary systems
  D. Proprietary systems

  ---