CompTIA CS0-003 Online Practice Questions and Exam Preparation

CompTIA CS0-003 Online Questions & Answers

• Question 51:

  Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?

  A. Hacktivist threat
  B. Advanced persistent threat
  C. Unintentional insider threat
  D. Nation-state threat
  C. Unintentional insider threat

  ---

  Explanation

  An unintentional insider threat is a type of network security threat that occurs when a legitimate user of the network unknowingly exposes the network to malicious activity, such as opening a phishing email or a malware-infected attachment from an unknown source. This can compromise the network security and allow attackers to access sensitive data or systems. The other options are not related to the threat concept of ensuring that all network users only open attachments from known sources.

  13. What is Network Security | Threats, Best Practices | Imperva, Network Security Threats and Attacks, Phishing section.Five Ways to Defend Against Network Security Threats,

  2. Use Firewalls section.

• Question 52:

  A consumer credit card database was compromised, and multiple representatives are unable to review the appropriate customer information.

  Which of the following should the cybersecurity analyst do first?

  A. Start the containment effort.
  B. Confirm the incident.
  C. Notify local law enforcement officials.
  D. Inform the senior management team.
  B. Confirm the incident.

• Question 53:

  A leader on the vulnerability management team is trying to reduce the team's workload by automating some simple but time-consuming tasks.

  Which of the following activities should the team leader consider first?

  A. Assigning a custom recommendation for each finding
  B. Analyzing false positives
  C. Rendering an additional executive report
  D. Regularly checking agent communication with the central console
  D. Regularly checking agent communication with the central console

• Question 54:

  During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee's personal email.

  Which of the following should the analyst recommend be done first?

  A. Place a legal hold on the employee's mailbox.
  B. Enable filtering on the web proxy.
  C. Disable the public email access with CASB.
  D. Configure a deny rule on the firewall.
  A. Place a legal hold on the employee's mailbox.

  ---

  Explanation

  Placing a legal hold on the employee's mailbox is the best action to perform first, as it preserves all mailbox content, including deleted items and original versions of modified items, for potential legal or forensic purposes. A legal hold is a feature that allows an administrator to retain mailbox data for a user indefinitely or for a specified period, regardless of the user's actions or retention policies. A legal hold can be applied to a mailbox using Litigation Hold or In-Place Hold in Exchange Server or Exchange Online. A legal hold can help to ensure that evidence of data exfiltration or other malicious activities is not lost or tampered with, and that the organization can comply with any legal or regulatory obligations. The other actions are not as urgent or effective as placing a legal hold on the employee's mailbox, as they do not address the immediate threat of data loss or compromise. Enabling filtering on the web proxy may help to prevent some types of data exfiltration or malicious traffic, but it does not help to recover or preserve the data that has already been emailed externally. Disabling the public email access with CASB (Cloud Access Security Broker) may help to block or monitor the use of public email services by employees, but it does not help to recover or preserve the data that has already been emailed externally. Configuring a deny rule on the firewall may help to block or monitor the network traffic from the employee's laptop, but it does not help to recover or preserve the data that has already been emailed externally.

• Question 55:

  Before adopting a disaster recovery plan, some team members need to gather in a room to review the written scenarios.

  Which of the following best describes what the team is doing?

  A. Simulation
  B. Tabletop exercise
  C. Full test
  D. Parallel test
  B. Tabletop exercise

• Question 56:

  After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder.

  Which of the following is most likely the goal of the forensic analysis in this case?

  A. Provide a full picture of the existing risks.
  B. Notify law enforcement of the incident.
  C. Further contain the incident.
  D. Determine root cause information.
  D. Determine root cause information.

  ---

  Explanation

  The goal of forensic analysis in a post-incident scenario is to identify the root cause of the incident. This helps prevent future occurrences and enhances the security posture of the organization.

  Option A (Full picture of risks) is more aligned with a risk assessment rather than forensic analysis.

  Option B (Notifying law enforcement) depends on the situation, but forensic analysis is performed even when legal action is not involved.

  Option C (Further containment) is part of incident response, but forensic analysis happens after containment.

  Thus, D is the correct answer, as determining root cause is the key objective of forensic analysis.

• Question 57:

  HOTSPOT

  A healthcare organization must develop an action plan based on the findings from a risk assessment. The action plan must consist of:

  1. Risk categorization

  2. Risk prioritization

  3. Implementation of controls

  INSTRUCTIONS

  Click on the audit report and risk matrix to review their contents.

  Assign a categorization to each risk and determine the order in which the findings must be prioritized for remediation according to the risk rating score.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  

• Question 58:

  A cybersecurity analyst is setting up a security control that monitors network traffic and produces an active response to a security event.

  Which of the following tools is the analyst configuring?

  A. EDR
  B. IPS
  C. CASB
  D. WAF
  B. IPS

• Question 59:

  A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account.

  Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

  A. Scan the employee's computer with virus and malware tools.
  B. Review the actions taken by the employee and the email related to the event
  C. Contact human resources and recommend the termination of the employee.
  D. Assign security awareness training to the employee involved in the incident.
  B. Review the actions taken by the employee and the email related to the event

  ---

  Explanation

  In case of a phishing attack, it's crucial to review what actions were taken by the employee and analyze the phishing email to understand its nature and impact.

  References:

  CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 6, page 246

  CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 6, page 255.

• Question 60:

  An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country.

  Which of the following describes what the analyst has noticed?

  A. Beaconing
  B. Cross-site scripting
  C. Buffer overflow
  D. PHP traversal
  A. Beaconing