CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 431:

  Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for future incidents?

  A. Lessons learned
  B. Scrum review
  C. Root cause analysis
  D. Regulatory compliance
  A. Lessons learned

• Question 432:

  Exploit code for a recently disclosed critical software vulnerability was publicly available (or download for several days before being removed. Which of the following CVSS v.

  3.1 temporal metrics was most impacted by this exposure?

  A. Remediation level
  B. Exploit code maturity
  C. Report confidence
  D. Availability
  B. Exploit code maturity

  ---

  Explanation

  Exploit code maturity in the CVSS v.3.1 temporal metrics refers to the reliability and availability of exploit code for a vulnerability. Public availability of exploit code increases the exploit code maturity score. The availability of exploit code affects the 'Exploit Code Maturity' metric in CVSS v.3.1. This metric evaluates the level of maturity of the exploit that targets the vulnerability. When exploit code is readily available, it suggests a higher level of maturity, indicating that the exploit is more reliable and easier to use.

• Question 433:

  Which of the following explains the reason a security analyst would map an attack route?

  A. To find critical paths that can be used to stop an adversary from advancing
  B. To create an inventory of all IT assets to import into a database
  C. To operationalize intelligence gathered from a previous step in the investigation
  D. To categorize the tactics according to the MITRE ATT&CK framework
  A. To find critical paths that can be used to stop an adversary from advancing

• Question 434:

  The SOC received a threat intelligence notification indicating that an employee's credentials were found on the dark web. The user's web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled.

  Which of the following should be done first to mitigate impact to the business networks and assets?

  A. Perform a forced password reset.
  B. Communicate the compromised credentials to the user.
  C. Perform an ad hoc AV scan on the user's laptop.
  D. Review and ensure privileges assigned to the user's account reflect least privilege.
  E. Lower the thresholds for SOC alerting of suspected malicious activity.
  A. Perform a forced password reset.

  ---

  Explanation

  The first and most urgent step to mitigate the impact of compromised credentials on the dark web is to perform a forced password reset for the affected user. This will prevent the cybercriminals from using the stolen credentials to access the company's network and systems. Multifactor authentication is a good security measure, but it is not foolproof and can be bypassed by sophisticated attackers. Therefore, changing the password as soon as possible is the best practice to reduce the risk of a data breach or other cyber attack123

  References: 1: How to monitor the dark web for compromised employee credentials 2: How to prevent corporate credentials ending up on the dark web 3:

  Data Breach Prevention: Identifying Leaked Credentials on the Dark Web

• Question 435:

  An organization has the following risk mitigation policies

  1. Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000

  2. Other nsk mitigation will be pnontized based on risk value.

  The following risks have been identified:

  

  Which of the following is the ordei of priority for risk mitigation from highest to lowest?

  A. A, C, D, B
  B. B, C, D, A
  C. D, A, B
  E. D, C, B, A
  C. D, A, B

  ---

  Explanation

  The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.

• Question 436:

  An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle.

  Which of the following controls should the security team ensure are addressed? (Choose two.)

  A. Data classification
  B. Data destruction
  C. Data loss prevention
  D. Encryption
  E. Backups
  F. Access controls
  D. Encryption
  F. Access controls

• Question 437:

  A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst.

  Which of the following is the best way to relay the process information to the junior analyst?

  A. Ask another team member to demonstrate their process.
  B. Email a link to a website that shows someone demonstrating a similar process.
  C. Let the junior analyst research and develop a process.
  D. Write a step-by-step document on the team wiki outlining the process.
  D. Write a step-by-step document on the team wiki outlining the process.

  ---

  Explanation

  Documenting the process in a step-by-step format on the team wiki ensures the junior analyst has a clear, repeatable reference. This approach also supports consistency and accuracy, and the documentation can be updated or referenced by other team members as needed. CompTIA emphasizes the importance of procedural documentation in both CySA+ and Security+ for ensuring team members have reliable resources for task execution, which aids in knowledge retention and standardized practices across the team.

• Question 438:

  During a company's most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following:

  1. The development team used a new software language that was not supported by the security team's automated assessment tools.

  2. During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected.

  3. The current IPS did not have effective signatures and policies in place to detect and prevent runtime attacks on the new application.

  To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

  A. Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed
  B. Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically
  C. Contact the human resources department to hire new security team members who are already familiar with the new language
  D. Run the software on isolated systems so when they are compromised, the attacker cannot pivot to adjacent systems
  E. Instruct only the development team to document the remediation steps for this vulnerability
  F. Outsource development and hosting of the applications in the new language to a third-party vendor so the risk is transferred to that provider
  A. Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed
  B. Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically

  ---

  Explanation

  The solution will address the findings that the development team used a new software language that was not supported by the security team's automated assessment tools and the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. The training of the security assessment team and working with the automated assessmenttool vendor to add support for the new language will ensure that future deployments of the new technology are secure and the vulnerabilities are detected and prevented.

• Question 439:

  A security analyst discovers that, over three months, an attacker has slowly created multiple accounts on a web server while avoiding detection.

  Which of the following best describes this threat actor?

  A. Script kiddie threat actor
  B. Advanced persistent threat actor
  C. Insider threat actor
  D. Hacktivist threat actor
  B. Advanced persistent threat actor

• Question 440:

  A vulnerability scan shows the following vulnerabilities in the environment:

  

  At the same time, the following security advisory was released:

  "A zero-day vulnerability with a CVSS score of 10 may be affecting your web server. The vendor is working on a patch or workaround."

  Which of the following actions should the security analyst take first?

  A. Contact the web systems administrator and request that they shut down the asset.
  B. Monitor the patch releases for all items and escalate patching to the appropriate team.
  C. Run the vulnerability scan again to verify the presence of the critical finding and the zero-day vulnerability in the environment.
  D. Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.
  D. Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.

  ---

  References:

  CompTIA CySA+ CS0-003, Chapter 5: "Vulnerability Management," Section:

  "Zero-Day Vulnerabilities and Emergency Response."