CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 421:

  During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation.

  Which of the following techniques could be used for further analysis?

  A. Fuzzing
  B. Static analysis
  C. Sandboxing
  D. Packet capture
  B. Static analysis

• Question 422:

  An analyst produces a weekly endpoint status report for the management team. The report Includes specific details for each endpoint in relation to organizational baselines.

  Which of the following best describes the report type?

  A. Forensics
  B. Mitigation
  C. Vulnerability
  D. Compliance
  D. Compliance

  ---

  Explanation

• Question 423:

  A CISO decides the cost to protect an asset exceeds the cost of losing it.

  Which risk management principle is being followed?

  A. Accept
  B. Avoid
  C. Transfer
  D. Mitigate
  A. Accept

• Question 424:

  A forensic analyst is conducting an investigation on a compromised server.

  Which of the following should the analyst do first to preserve evidence''

  A. Restore damaged data from the backup media
  B. Create a system timeline
  C. Monitor user access to compromised systems
  D. Back up all log files and audit trails
  D. Back up all log files and audit trails

  ---

  Explanation

  A forensic analyst is conducting an investigation on a compromised server. The first step that the analyst should do to preserve evidence is to back up all log files and audit trails. This will ensure that the analyst has a copy of the original data that can be used for analysis and verification. Backing up the log files and audit trails will also prevent any tampering or modification of the evidence by the attacker or other parties. The other options are not the first steps or may alter or destroy the evidence. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0- 002), page 16;

  https://www.nist.gov/publications/guide-collection-and-preservation-digital-evidence

• Question 425:

  An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to.

  Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?

  A. Proprietary systems
  B. Legacy systems
  C. Unsupported operating systems
  D. Lack of maintenance windows
  A. Proprietary systems

  ---

  Explanation

  Proprietary systems are systems that are owned and controlled by a specific vendor or manufacturer, and that use proprietary standards or protocols that are not compatible with other systems. Proprietary systems can pose a challenge for vulnerability management, as they may not allow users to access or modify their configuration, update their software, or patch their vulnerabilities. In this case, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. This indicates that these systems and associated vulnerabilities are examples of proprietary systems as inhibitors to remediation

• Question 426:

  A new prototype for a company's flagship product was leaked on the internet. As a result, the management team has locked out all USB dives. Optical drive writers are not present on company computers. The sales team has been granted an exception to share sales presentation files with third parties.

  Which of the following would allow the IT team to determine which devices are USB enabled?

  A. Asset tagging
  B. Device encryption
  C. Data loss prevention
  D. SIEM logs
  D. SIEM logs

• Question 427:

  Which of the following is the best way to provide realistic training for SOC analysts?

  A. Phishing assessments
  B. OpenVAS
  C. Attack simulation
  D. SOAR
  E. Honeypot
  C. Attack simulation

• Question 428:

  An organization adds an MSSP to supplement its security monitoring operations during weekends and holidays.

  Which of the following would best demonstrate procurement value to the Chief Information Security Officer?

  A. Stakeholder validation metrics
  B. Mean time to respond
  C. Alert volume
  D. Number of escalations per week
  B. Mean time to respond

• Question 429:

  A security analyst observes a high volume of SYN flags from an unexpected source toward a web application server within one hour. The traffic is not flagging for any exploit signatures.

  Which of the following scenarios best describes this activity?

  A. A legitimate connection is continuously attempting to establish a connection with a downed web server.
  B. A script kiddie is attempting to execute a DDoS through a ping flood attack.
  C. An attacker is executing reconnaissance activities by mapping which ports are open and closed.
  D. A web exploit attempt is likely occurring and the security analyst is not seeing it.
  C. An attacker is executing reconnaissance activities by mapping which ports are open and closed.

• Question 430:

  A company's policy is to follow NIST standards and use strong encryption to avoid disclosure of sensitive information in transit between any systems. An analyst reviews a lab web server and receives the following outputs:

  

  Which of the following should the analyst identify as the most concerning?

  A. TLS 1.0 is enabled.
  B. The certificate is self-signed.
  C. SSLv3 is disabled.
  D. TLS 1.3 is not widely supported.
  E. TLS compression is disabled.
  A. TLS 1.0 is enabled.