CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 331:

  An organization has tracked several incidents that are listed in the following table:

  

  Which of the following is the organization's MTTD?

  A. 140
  B. 150
  C. 160
  D. 180
  C. 160

  ---

  Explanation

  The MTTD (Mean Time To Detect) is calculated by averaging the time elapsed in detecting incidents. From the given data: (180+150+170+140)/4 = 160 minutes. This is the correct answer according to the CompTIA CySA+ CS0-003 Certification Study Guide1, Chapter 4, page 161.

  References:

  CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 4, page 153

  CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 4, page 161.

• Question 332:

  A security team is concerned about recent Layer 4 DDoS attacks against the company website.

  Which of the following controls would best mitigate the attacks?

  A. Block the attacks using firewall rules.
  B. Deploy an IPS in the perimeter network.
  C. Roll out a CDN.
  D. Implement a load balancer.
  C. Roll out a CDN.

  ---

  Explanation

  Rolling out a CDN is the best control to mitigate the Layer 4 DDoS attacks against the company website. A CDN is a Content Delivery Network, which is a system of distributed servers that deliver web content to users based on their geographic location, the origin of the web page, and the content delivery server. A CDN can help protect against Layer 4 DDoS attacks, which are volumetric attacks that aim to exhaust the network bandwidth or resources of the target website by sending a large amount of traffic, such as SYN floods, UDP floods, or ICMP floods. A CDN can mitigate these attacks by distributing the traffic across multiple servers, caching the web content closer to the users, filtering out malicious or unwanted traffic, and providing scalability and redundancy for the website 12.

  References:

  How to Stop a DDoS Attack: Mitigation Steps for Each OSI Layer, Application layer DDoS attack | Cloudflare

• Question 333:

  An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware.

  Which of the following factors would an analyst most likely communicate as the reason for this escalation?

  A. Scope
  B. Weaponization
  C. CVSS
  D. Asset value
  B. Weaponization

  ---

  Explanation

  Weaponization is a factor that describes how an adversary develops or acquires an exploit or payload that can take advantage of a vulnerability and deliver a malicious effect. Weaponization can increase the severity or impact of a vulnerability, as it makes it easier or more likely for an attacker to exploit it successfully and cause damage or harm. Weaponization can also indicate the level of sophistication or motivation of an attacker, as well as the availability or popularity of an exploit or payload in the cyber threat landscape. In this case, an older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. This indicates that weaponization was the reason for this escalation.

• Question 334:

  Numerous emails were sent to a company's customer distribution list. The customers reported that the emails contained a suspicious link. The company's SOC determined the links were malicious.

  Which of the following is the best way to decrease these emails?

  A. DMARC
  B. DKIM
  C. SPF
  D. SMTP
  A. DMARC

  ---

  Explanation

  DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps organizations prevent email spoofing and phishing by enforcing policies based on SPF and DKIM.

  Option B (DKIM - DomainKeys Identified Mail) verifies message integrity but does not enforce policies.

  Option C (SPF - Sender Policy Framework) prevents spoofing but is not as comprehensive as DMARC.

  Option D (SMTP - Simple Mail Transfer Protocol) is just an email delivery protocol, not a security control.

  Thus, A (DMARC) is the correct answer, as it combines SPF and DKIM to prevent spoofing and phishing attacks.

• Question 335:

  A security analyst is trying to validate the results of a web application scan with Burp Suite.

  The security analyst performs the following:

  

  Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

  A. SQL injection
  B. LFI
  C. XSS
  D. CSRF
  B. LFI

  ---

  Explanation

  The security analyst is validating a Local File Inclusion (LFI) vulnerability, as indicated by the "/.../.../.../" in the GET request which is a common indicator of directory traversal attempts associated with LFI. The other options are not relevant for this purpose:

  SQL injection involves injecting malicious SQL statements into a database query; XSS involves injecting malicious scripts into a web page; CSRF involves tricking a user into performing an unwanted action on a web application.

  References:

  According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to "use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities". The book also covers the usage and syntax of Burp Suite, a tool used for testing web application security, in chapter 6. Specifically, it explains the meaning and function of each component in Burp Suite, such as Repeater, which allows the security analyst to modify and resend individual requests1, page 239. Therefore, this is a reliable source to verify the answer to the question.

• Question 336:

  A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office).

  Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?

  A. Help desk
  B. Law enforcement
  C. Legal department
  D. Board member
  C. Legal department

  ---

  Explanation

  When updating a reporting policy that pertains to inappropriate use of resources, it's important to involve the legal department as one of the first steps. Inappropriate use of resources can have legal implications, and involving the legal department ensures that the policy aligns with legal regulations and requirements. They can provide guidance on the appropriate actions to take and help ensure that the policy is comprehensive and legally sound.

• Question 337:

  A cybersecurity analyst is concerned about attacks that use advanced evasion techniques.

  Which of the following would best mitigate such attacks?

  A. Keeping IPS rules up to date
  B. Installing a proxy server
  C. Applying network segmentation
  D. Updating the antivirus software
  A. Keeping IPS rules up to date

  ---

  Explanation

  Keeping IPS rules up to date is the best way to mitigate attacks that use advanced evasion techniques. An IPS (intrusion prevention system) is a security device that monitors network traffic and blocks or prevents malicious activity based on predefined rules or signatures. Advanced evasion techniques are cyberattacks that combine various evasion methods to bypass security detection and protection tools, such as IPS. Keeping IPS rules up to date can help to ensure that the IPS can recognize and block the latest advanced evasion techniques and prevent them from compromising the network .

• Question 338:

  HOTSPOT

  A security analyst performs various types of vulnerability scans.

  Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

  INSTRUCTIONS

  Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

  For ONLY the credentialed and non-credentialed scans, evaluate the results for False Positives and check the Findings that display false positives.

  NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

  Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results. The Linux Web Server, File-Print Server, and Directory Server are draggable.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

• Question 339:

  A security analyst found the following vulnerability on the company's website:

  <INPUT TYPE="IMAGE" SRC="javascript:alert(`test');">

  Which of the following should be implemented to prevent this type of attack in the future?

  A. Input sanitization
  B. Output encoding
  C. Code obfuscation
  D. Prepared statements
  A. Input sanitization

  ---

  Explanation

  This is a type of web application vulnerability called cross-site scripting (XSS), which allows an attacker to inject malicious code into a web page that is viewed by other users. XSS can be used to steal cookies, session tokens, credentials, or other sensitive information, or to perform actions on behalf of the victim.

  Input sanitization is a technique that prevents XSS attacks by checking and filtering the user input before processing it. Input sanitization can remove or encode any characters or strings that may be interpreted as code by the browser, such as <, >, ", ', or javascript:. Input sanitization can also validate the input against a predefined format or range of values, and reject any input that does not match. Output encoding is a technique that prevents XSS attacks by encoding the output before sending it to the browser. Output encoding can convert any characters or strings that may be interpreted as code by the browser into harmless entities, such as <, >, ", ', or javascript:. Output encoding can also escape any special characters that may have a different meaning in different contexts, such as , /, or ;. Code obfuscation is a technique that makes the source code of a web application more difficult to read and understand by humans. Code obfuscation can use techniques such as renaming variables and functions, removing comments and whitespace, replacing literals with expressions, or adding dummy code. Code obfuscation can help protect the intellectual property and trade secrets of a web application, but it does not prevent XSS attacks.

• Question 340:

  A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8.

  Which of the following best practices should the company follow with this proxy?

  A. Leave the proxy as is.
  B. Decomission the proxy.
  C. Migrate the proxy to the cloud.
  D. Patch the proxy.
  B. Decomission the proxy.

  ---

  Explanation

  Since the proxy is not in use and has a critical vulnerability with a high CVSS score, the best course of action is to decommission the proxy. Patching the proxy might be an option if it were actively being used and could not be replaced, but since a new proxy is already in place, decommissioning is the most appropriate action.