CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 301:

  Which component identifies and evaluates the effects of disruptions on business operations?

  A. Disaster recovery plan
  B. Business impact analysis
  C. Playbook
  D. Backup plan
  B. Business impact analysis

• Question 302:

  A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers.

  The sales team has been granted an exception to share sales presentation files with third parties.

  Which of the following would allow the IT team to determine which devices are USB enabled?

  A. Asset tagging
  B. Device encryption
  C. Data loss prevention
  D. SIEMIogs
  D. SIEMIogs

  ---

  Explanation

  A security information and event management (SIEM) system is a tool that collects and analyzes log data from various sources and provides alerts and reports on security incidents and events. A SIEM system can help the IT team to determine which devices are USB enabled by querying the log data for events related to USB device insertion, removal, or usage. The other options are not relevant or effective for this purpose. CompTIA Cybersecurity Analyst (CySA+)

  Certification Exam Objectives (CS0-002), page 15;

  https://www.sans.org/reading-room/whitepapers/analyst/securityinformation-event-management-siem-implementation-33969

• Question 303:

  The Chief Information Security Officer wants the same level of security to be present whether a remote worker logs in at home or at a coffee shop.

  Which of the following should be recommended as a starting point?

  A. Non-persistent virtual desktop infrastructures
  B. Passwordless authentication
  C. Standard-issue laptops
  D. Serverless workloads
  A. Non-persistent virtual desktop infrastructures

  ---

  Explanation

  Comprehensive and Detailed Step-by-Step Explanation:Non-persistent virtual desktop infrastructures (VDIs) are the most suitable choice to ensure consistent security across different locations. Non-persistent VDIs revert to their original state after a session, reducing the risk of data leakage or malware persistence. These systems are centrally managed, ensuring uniform security policies regardless of the user's location.

  References:

  CompTIA CySA+ All-in-One Guide (Chapter 1: System and Network Architecture) CompTIA CySA+ Objectives (Domain 1.1 - Infrastructure Concepts)

• Question 304:

  A security analyst is responding to an incident that involves a malicious attack on a network data closet.

  Which of the following best explains how the analyst should properly document the incident?

  A. Back up the configuration file for all network devices.
  B. Record and validate each connection.
  C. Create a full diagram of the network infrastructure.
  D. Take photos of the impacted items.
  D. Take photos of the impacted items.

• Question 305:

  Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue.

  Which of the following is the first step the incident response staff members should take when they arrive?

  A. Turn on all systems, scan for infection, and back up data to a USB storage device.
  B. Identify and remove the software installed on the impacted systems in the department.
  C. Explain that malware cannot truly be removed and then reimage the devices.
  D. Log on to the impacted systems with an administrator account that has privileges to perform backups.
  E. Segment the entire department from the network and review each computer offline.
  E. Segment the entire department from the network and review each computer offline.

  ---

  Explanation

  Segmenting the entire department from the network and reviewing each computer offline is the first step the incident response staff members should take when they arrive. This step can help contain the malware infection and prevent it from spreading to other systems or networks. Reviewing each computer offline can help identify the source and scope of the infection, and determine the best course of action for recovery 12. Turning on all systems, scanning for infection, and backing up data to a USB storage device is a risky step, as it can activate the malware and cause further damage or data loss. It can also compromise the USB storage device and any other system that connects to it. Identifying and removing the software installed on the impacted systems in the department is a possible step, but it should be done after segmenting the department from the network and reviewing each computer offline. Explaining that malware cannot truly be removed and then reimaging the devices is a drastic step, as it can result in data loss and downtime. It should be done only as a last resort, and after backing up the data and verifying its integrity. Logging on to the impacted systems with an administrator account that has privileges to perform backups is a dangerous step, as it can expose the administrator credentials and privileges to the malware, and allow it to escalate its access and capabilities 34.

  References:

  Incident Response: Processes, Best Practices & Tools - Atlassian, Incident Response Best Practices | SANS Institute, Malware Removal: How to Remove Malware from Your Device, How to Remove Malware From Your PC | PCMag

• Question 306:

  Which of the following provides an automated approach to checking a system configuration?

  A. SCAP
  B. CI/CD
  C. OVAL
  D. Scripting
  E. SOAR
  A. SCAP

  ---

  Explanation

  SCAP (Security Content Automation Protocol) is a standardized language for expressing and manipulating security data, including system configuration information. It provides a systematic, automated approach to checking a system configuration, making it easier to assess the security of a system and identify vulnerabilities. SCAP enables organizations to automate the process of security configuration management and assessment, reducing the risk of security breaches and ensuring that systems are configured securely. By using SCAP, organizations can improve their overall security posture, as well as comply with various regulations and industry standards.

• Question 307:

  An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country.

  Which of the following best describes what is happening? (Choose two.)

  A. Beaconinq
  B. Domain Name System hijacking
  C. Social engineering attack
  D. On-path attack
  E. Obfuscated links
  F. Address Resolution Protocol poisoning
  C. Social engineering attack
  E. Obfuscated links

  ---

  Explanation

  A social engineering attack is a type of cyberattack that relies on manipulating human psychology rather than exploiting technical vulnerabilities. A social engineering attack may involve deceiving, persuading, or coercing users into performing actions that benefit the attacker, such as clicking on malicious links, divulging sensitive information, or granting access to restricted resources. An obfuscated link is a link that has been disguised or altered to hide its true destination or purpose. Obfuscated links are often used by attackers to trick users into visiting malicious websites or downloading malware. In this case, an incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. This indicates that the analyst is witnessing a social engineering attack using obfuscated links.

• Question 308:

  Which of the following is a nation-state actor least likely to be concerned with?

  A. Detection by MITRE ATT&CK framework.
  B. Detection or prevention of reconnaissance activities.
  C. Examination of its actions and objectives.
  D. Forensic analysis for legal action of the actions taken
  D. Forensic analysis for legal action of the actions taken

  ---

  Explanation

  A nation-state actor is a group or individual that conducts cyberattacks on behalf of a government or a political entity. They are usually motivated by national interests, such as espionage, sabotage, or influence operations. They are often highly skilled, resourced, and persistent, and they operate with the protection or support of their state sponsors. Therefore, they are less likely to be concerned with the forensic analysis for legal action of their actions, as they are unlikely to face prosecution or extradition in their own country or by international law. They are more likely to be concerned with the detection by the MITRE ATT&CK framework, which is a knowledge base of adversary tactics and techniques based on real-world observations. The MITRE ATT&CK framework can help defenders identify, prevent, and respond to cyberattacks by nation-state actors. They are also likely to be concerned with the detection or prevention of reconnaissance activities, which are the preliminary steps of cyberattacks that involve gathering information about the target, such as vulnerabilities, network topology, or user credentials. Reconnaissance activities can expose the presence, intent, and capabilities of the attackers, and allow defenders to take countermeasures. Finally, they are likely to be concerned with the examination of their actions and objectives, which can reveal their motives, strategies, and goals, and help defenders understand their threat profile and attribution.

  References:

  1: MITRE ATT&CK?

  2: What is the MITRE ATT&CK Framework? | IBM

  3: MITRE ATT&CK | MITRE

  4: Cyber Forensics Explained: Reasons, Phases & Challenges of Cyber Forensics | Splunk

  5: Digital Forensics: How to Identify the Cause of a Cyber Attack - G2

• Question 309:

  After an incident involving a phishing email, a security analyst reviews the following email access log:

  

  Based on this information, which of the following accounts was MOST likely compromised?

  A. CARLB
  B. CINDYP
  C. GILLIANO
  D. ANDREAD
  E. LAURAB
  D. ANDREAD

• Question 310:

  A company received a shipment of new network switches. Immediately after installing the switches, a security analyst notices suspicious traffic coming from one of the new switches.

  Which of the following best describes the threat actor?

  A. Insider threat
  B. Supply chain
  C. Nation-state
  D. Organized crime
  B. Supply chain