CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 561:

  An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner.

  Which of the following is the cause of this issue?

  A. The scanner is running without an agent installed.
  B. The scanner is running in active mode.
  C. The scanner is segmented improperly
  D. The scanner is configured with a scanning window
  B. The scanner is running in active mode.

  ---

  Explanation

  The scanner is running in active mode, which is the cause of this issue. Active mode is a type of vulnerability scanning that sends probes or requests to the target systems to test their responses and identify potential vulnerabilities. Active mode can provide more accurate and comprehensive results, but it can also cause more network traffic, performance degradation, or system instability. In some cases, active mode can trigger denial-of-service (DoS) conditions or crash the target systems, especially if they are not configured to handle the scanning requests or if they have underlying vulnerabilities that can be exploited by the scanner 12. Therefore, the analyst should use caution when performing active mode scanning, and avoid scanning business-critical or sensitive systems without proper authorization and preparation 3.

  References:

  Vulnerability Scanning for my Server - Spiceworks Community, Negative Impacts of Automated Vulnerability Scanners and How ... - Acunetix, Vulnerability Scanning Best Practices

• Question 562:

  A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack.

  Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

  A. Weaponization
  B. Reconnaissance
  C. Delivery
  D. Exploitation
  D. Exploitation

  ---

  Explanation

  The Cyber Kill Chain is a framework that describes the stages of a cyberattack from reconnaissance to actions on objectives. The exploitation stage is where attackers take advantage of the vulnerabilities they have discovered in previous stages to further infiltrate a" objectives. In this case, the malicious actor has gained access to an internal network by means of social engineering and does not want to lose access in order to continue the attack. This indicates that the actor is in the exploitation stage of the Cyber Kill Chain.

  References:

  https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

• Question 563:

  Which of the following activities is designed to handle a control failure that leads to a breach?

  A. Risk assessment
  B. Incident management
  C. Root cause analysis
  D. Vulnerability management
  B. Incident management

  ---

  Explanation

  Incident management is a process that aims to handle a control failure that leads to a breach by restoring normal operations as quickly as possible and minimizing the impact and damage of the incident. Incident management involves activities such as identifying, analyzing, containing, eradicating, recovering, and learning from security incidents. Risk assessment, root cause analysis, and vulnerability management are other processes related to security management, but they are not designed to handle a control failure that leads to a breach.

  References:

  https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

• Question 564:

  A development team is discussing the implementation of parameterized queries to address several software vulnerabilities.

  Which of the following is the most likely type of vulnerability the team is trying to remediate?

  A. SQL injection
  B. CSRF
  C. On-path attack
  D. XSS
  A. SQL injection

• Question 565:

  A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper.

  Which of the following parts of the Cyber Kill Chain does this act exhibit?

  A. Reconnaissance
  B. Weaponization
  C. Exploitation
  D. Installation
  B. Weaponization

  ---

  Explanation

  Weaponization is the stage of the Cyber Kill Chain where the attacker creates or modifies a malicious payload to use against a target. In this case, the disgruntled open-source developer has created a logic bomb that will act as a wiper, which is a type of malware that destroys data on a system. This is an example of weaponization, as the developer has prepared a cyberweapon to sabotage the code repository.

  References:

  The answer was based on the web search results from Bing, especially the following sources: Cyber Kill Chain?| Lockheed Martin, which states: "In the weaponization step, the adversary creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities." The Cyber Kill Chain: The Seven Steps of a Cyberattack - EC-Council, which states: "In the weaponization stage, all of the attacker's preparatory work culminates in the creation of malware to be used against an identified target." What is the Cyber Kill Chain? Introduction Guide - CrowdStrike, which states:

  "Weaponization: The attacker creates a malicious payload that will be delivered to the target."

• Question 566:

  HOTSPOT

  A systems administrator is reviewing the output of a vulnerability scan.

  INSTRUCTIONS

  Review the information in each tab.

  Based on the organization's environment architecture and remediation standards, select the server to be patched within 14 days and select the appropriate technique and mitigation.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  

  

• Question 567:

  A Chief Information Security Officer (CISO) has decided the cost to protect an asset is greater than the cost of losing the asset.

  Which of the following risk management principles is the CISO following?

  A. Accept
  B. Avoid
  C. Transfer
  D. Mitigate
  A. Accept

• Question 568:

  A web application has a function to retrieve content from an internal URL to identify CSRF attacks in the logs. The security analyst is building a regular expression that will filter out the correctly formatted requests. The target URL is https://10.1.2.3/api, and the receiving API only accepts GET requests and uses a single integer argument named "id."

  Which of the following regular expressions should the analyst use to achieve the objective?

  A. ^(?!https://10\.1\.2\.3/api\?id=[0-9]+)
  B. ^https://10\.1\.2\.3/api\?id=\d+
  C. (?:^https://10\.1\.2\.3/api\?id=[0-9]+)
  D. ^https://10\.1\.2\.3/api\?id=[0-9]+$
  D. ^https://10\.1\.2\.3/api\?id=[0-9]+$

• Question 569:

  When undertaking a cloud migration of multiple SaaS application, an organizations system administrator struggled ... identity and access management to cloud-based assets.

  Which of the following service models would have reduced the complexity of this project?

  A. CASB
  B. SASE
  C. ZTNA
  D. SWG
  A. CASB

  ---

  Explanation

  A Cloud Access Security Broker (CASB) would have reduced the complexity of identity and access management in cloud-based assets. CASBs provide visibility into cloud application usage, data protection, and governance for cloud-based services.

• Question 570:

  An application must pass a vulnerability assessment to move to the next gate. Consequently, any security issues that are found must be remediated prior to the next gate.

  Which of the following best describes the method for end-to-end vulnerability assessment?

  A. Security regression testing
  B. Static analysis
  C. Dynamic analysis
  D. Stress testing
  C. Dynamic analysis