Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

CS0-003 CompTIA CySA+ Certification Beta Exam Questions and Answers

Questions 4

An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?

Options:

A.

Disable the user's network account and access to web resources

B.

Make a copy of the files as a backup on the server.

C.

Place a legal hold on the device and the user's network share.

D.

Make a forensic image of the device and create a SRA-I hash.

Buy Now
Questions 5

A security administrator needs to import Pll data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality?

Options:

A.

Data masking

B.

Hashing

C.

Watermarking

D.

Encoding

Buy Now
Questions 6

An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue?

Options:

A.

The scanner is running without an agent installed.

B.

The scanner is running in active mode.

C.

The scanner is segmented improperly.

D.

The scanner is configured with a scanning window.

Buy Now
Questions 7

A security analyst scans a host and generates the following output:

Which of the following best describes the output?

Options:

A.

The host is unresponsive to the ICMP request.

B.

The host Is running a vulnerable mall server.

C.

The host Is allowlng unsecured FTP connectlons.

D.

The host is vulnerable to web-based exploits.

Buy Now
Questions 8

During an incident, some loCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next?

Options:

A.

Isolation

B.

Remediation

C.

Reimaging

D.

Preservation

Buy Now
Questions 9

A security analyst is responding to an indent that involves a malicious attack on a network. Data closet. Which of the following best explains how are analyst should properly document the incident?

Options:

A.

Back up the configuration file for alt network devices

B.

Record and validate each connection

C.

Create a full diagram of the network infrastructure

D.

Take photos of the impacted items

Buy Now
Questions 10

Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system, application, or user base is affected by an uptime availability outage?

Options:

A.

Timeline

B.

Evidence

C.

Impact

D.

Scope

Buy Now
Questions 11

The management team requests monthly KPI reports on the company's cybersecurity program. Which of the following KPIs would identify how long a security threat goes unnoticed in the environment?

Options:

A.

Employee turnover

B.

Intrusion attempts

C.

Mean time to detect

D.

Level of preparedness

Buy Now
Questions 12

While reviewing the web server logs a security analyst notices the following snippet

..\../..\../boot.ini

Which of the following is being attempted?

Options:

A.

Directory traversal

B.

Remote file inclusion

C.

Cross-site scripting

D.

Remote code execution

E.

Enumeration of/etc/pasawd

Buy Now
Questions 13

Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current supervisor yet. Which of the following would be the best action for the incident response team to recommend?

Options:

A.

Isolate Joe's PC from the network

B.

Reimage the PC based on standard operating procedures

C.

Initiate a remote wipe of Joe's PC using mobile device management

D.

Perform no action until HR or legal counsel advises on next steps

Buy Now
Questions 14

A penetration tester is conducting a test on an organization's software development website. The penetration tester sends the following request to the web interface:

Which of the following exploits is most likely being attempted?

Options:

A.

SQL injection

B.

Local file inclusion

C.

Cross-site scripting

D.

Directory traversal

Buy Now
Questions 15

An email hosting provider added a new data center with new public IP addresses. Which of the following most likely needs to be updated to ensure emails from the new data center do not get blocked by spam filters?

Options:

A.

DKIM

B.

SPF

C.

SMTP

D.

DMARC

Buy Now
Questions 16

Which of the following threat actors is most likely to target a company due to its questionable environmental policies?

Options:

A.

Hacktivist

B.

Organized crime

C.

Nation-state

D.

Lone wolf

Buy Now
Questions 17

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?

Options:

A.

Data enrichment

B.

Security control plane

C.

Threat feed combination

D.

Single pane of glass

Buy Now
Questions 18

When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing host details, has bee running for over two days. Which of the following activities will provide the best insight into this potentially malicious process, based on the anomalous behavior?

Options:

A.

Changes to system environment variables

B.

SMB network traffic related to the system process

C.

Recent browser history of the primary user

D.

Activities taken by PID 1024

Buy Now
Questions 19

Which of the following is the first step that should be performed when establishing a disaster recovery plan?

Options:

A.

Agree on the goals and objectives of the plan

B.

Determine the site to be used during a disaster

C Demonstrate adherence to a standard disaster recovery process

C.

Identity applications to be run during a disaster

Buy Now
Questions 20

Which of the following stakeholders are most likely to receive a vulnerability scan report? (Select two).

Options:

A.

Executive management

B.

Law enforcement

C.

Marketing

D.

Legal

E.

Product owner

F.

Systems admininstration

Buy Now
Questions 21

Which of the following most accurately describes the Cyber Kill Chain methodology?

Options:

A.

It is used to correlate events to ascertain the TTPs of an attacker.

B.

It is used to ascertain lateral movements of an attacker, enabling the process to be stopped.

C.

It provides a clear model of how an attacker generally operates during an intrusion and the actions to take at each stage

D.

It outlines a clear path for determining the relationships between the attacker, the technology used, and the target

Buy Now
Questions 22

An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:

• created the initial evidence log.

• disabled the wireless adapter on the device.

• interviewed the employee, who was unable to identify the website that was accessed

• reviewed the web proxy traffic logs.

Which of the following should the analyst do to remediate the infected device?

Options:

A.

Update the system firmware and reimage the hardware.

B.

Install an additional malware scanner that will send email alerts to the analyst.

C.

Configure the system to use a proxy server for Internet access.

D.

Delete the user profile and restore data from backup.

Buy Now
Questions 23

Which of following would best mitigate the effects of a new ransomware attack that was not properly stopped by the company antivirus?

Options:

A.

Install a firewall.

B.

Implement vulnerability management.

C.

Deploy sandboxing.

D.

Update the application blocklist.

Buy Now
Questions 24

A security analyst is reviewing events that occurred during a possible compromise. The analyst obtains the following log:

Which of the following is most likely occurring, based on the events in the log?

Options:

A.

An adversary is attempting to find the shortest path of compromise.

B.

An adversary is performing a vulnerability scan.

C.

An adversary is escalating privileges.

D.

An adversary is performing a password stuffing attack.

.

Buy Now
Questions 25

The Chief Executive Officer (CEO) has notified that a confidential trade secret has been compromised. Which of the following communication plans should the CEO initiate?

Options:

A.

Alert department managers to speak privately with affected staff.

B.

Schedule a press release to inform other service provider customers of the compromise.

C.

Disclose to all affected parties in the Chief Operating Officer for discussion and resolution.

D.

Verify legal notification requirements of PII and SPII in the legal and human resource departments.

Buy Now
Questions 26

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

Options:

A.

Upload the binary to an air-gapped sandbox for analysis.

B.

Send the binaries to the antivirus vendor.

C.

Execute the binaries on an environment with internet connectivity.

D.

Query the file hashes using VirusTotal.

Buy Now
Questions 27

An analyst is evaluating the following vulnerability report:

Which of the following vulnerability report sections provides information about the level of impact on data confidentiality if a successful exploitation occurs?

Options:

A.

Payloads

B.

Metrics

C.

Vulnerability

D.

Profile

Buy Now
Questions 28

Each time a vulnerability assessment team shares the regular report with other teams, inconsistencies regarding versions and patches in the existing infrastructure are discovered. Which of the following is the best solution to decrease the inconsistencies?

Options:

A.

Implementing credentialed scanning

B.

Changing from a passive to an active scanning approach

C.

Implementing a central place to manage IT assets

D.

Performing agentless scanning

Buy Now
Questions 29

A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?

Options:

A.

Geoblock the offending source country

B.

Block the IP range of the scans at the network firewall.

C.

Perform a historical trend analysis and look for similar scanning activity.

D.

Block the specific IP address of the scans at the network firewall

Buy Now
Questions 30

Which Of the following techniques would be best to provide the necessary assurance for embedded software that drives centrifugal pumps at a power Plant?

Options:

A.

Containerization

B.

Manual code reviews

C.

Static and dynamic analysis

D.

Formal methods

Buy Now
Questions 31

A systems administrator receives reports of an internet-accessible Linux server that is running very sluggishly. The administrator examines the server, sees a high amount of memory utilization, and suspects a DoS attack related to half-open TCP sessions consuming memory. Which of the following tools would best help to prove whether this server was experiencing this behavior?

Options:

A.

Nmap

B.

TCPDump

C.

SIEM

D.

EDR

Buy Now
Questions 32

Which of the following actions would an analyst most likely perform after an incident has been investigated?

Options:

A.

Risk assessment

B.

Root cause analysis

C.

Incident response plan

D.

Tabletop exercise

Buy Now
Questions 33

A security audit for unsecured network services was conducted, and the following output was generated:

Which of the following services should the security team investigate further? (Select two).

Options:

A.

21

B.

22

C.

23

D.

636

E.

1723

F.

3389

Buy Now
Questions 34

The SOC received a threat intelligence notification indicating that an employee's credentials were found on the dark web. The user's web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor

authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?

Options:

A.

Perform a forced password reset.

B.

Communicate the compromised credentials to the user.

C.

Perform an ad hoc AV scan on the user's laptop.

D.

Review and ensure privileges assigned to the user's account reflect least privilege.

E.

Lower the thresholds for SOC alerting of suspected malicious activity.

Buy Now
Questions 35

A Chief Information Security Officer (CISO) is concerned that a specific threat actor who is known to target the company's business type may be able to breach the network and remain inside of it for an extended period of time.

Which of the following techniques should be performed to meet the CISO's goals?

Options:

A.

Vulnerability scanning

B.

Adversary emulation

C.

Passive discovery

D.

Bug bounty

Buy Now
Questions 36

Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?

Options:

A.

Log retention

B.

Log rotation

C.

Maximum log size

D.

Threshold value

Buy Now
Questions 37

A security analyst performs a vulnerability scan. Based on the metrics from the scan results, the analyst must prioritize which hosts to patch. The analyst runs the tool and receives the following output:

Which of the following hosts should be patched first, based on the metrics?

Options:

A.

host01

B.

host02

C.

host03

D.

host04

Buy Now
Questions 38

A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?

Options:

A.

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L - Base Score 6.0

B.

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L - Base Score 7.2

C.

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H - Base Score 6.4

D.

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L - Base Score 6.5

Buy Now
Questions 39

Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and evaluate the effectiveness of the plans in place. Which of the following incident management life cycle processes

does this describe?

Options:

A.

Business continuity plan

B.

Lessons learned

C.

Forensic analysis

D.

Incident response plan

Buy Now
Questions 40

Which of the following makes STIX and OpenloC information readable by both humans and machines?

Options:

A.

XML

B.

URL

C.

OVAL

D.

TAXII

Buy Now
Questions 41

While a security analyst for an organization was reviewing logs from web servers. the analyst found several successful attempts to downgrade HTTPS sessions to use cipher modes of operation susceptible to padding oracle attacks. Which of the following combinations of configuration changes should the organization make to remediate this issue? (Select two).

Options:

A.

Configure the server to prefer TLS 1.3.

B.

Remove cipher suites that use CBC.

C.

Configure the server to prefer ephemeral modes for key exchange.

D.

Require client browsers to present a user certificate for mutual authentication.

E.

Configure the server to require HSTS.

F.

Remove cipher suites that use GCM.

Buy Now
Questions 42

Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?

Options:

A.

MITRE ATTACK

B.

Cyber Kill Cham

C.

OWASP

D.

STIXTAXII

Buy Now
Questions 43

While performing a dynamic analysis of a malicious file, a security analyst notices the memory address changes every time the process runs. Which of the following controls is most likely preventing the analyst from finding the proper memory address of the piece of malicious code?

Options:

A.

Address space layout randomization

B.

Data execution prevention

C.

Stack canary

D.

Code obfuscation

Buy Now
Questions 44

Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?

Options:

A.

To establish what information is allowed to be released by designated employees

B.

To designate an external public relations firm to represent the organization

C.

To ensure that all news media outlets are informed at the same time

D.

To define how each employee will be contacted after an event occurs

Buy Now
Questions 45

A security analyst observed the following activity from a privileged account:

. Accessing emails and sensitive information

. Audit logs being modified

. Abnormal log-in times

Which of the following best describes the observed activity?

Options:

A.

Irregular peer-to-peer communication

B.

Unauthorized privileges

C.

Rogue devices on the network

D.

Insider attack

Buy Now
Questions 46

An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?

Options:

A.

Perform a tabletop drill based on previously identified incident scenarios.

B.

Simulate an incident by shutting down power to the primary data center.

C.

Migrate active workloads from the primary data center to the secondary location.

D.

Compare the current plan to lessons learned from previous incidents.

Buy Now
Questions 47

While reviewing web server logs, a security analyst discovers the following suspicious line:

Which of the following is being attempted?

Options:

A.

Remote file inclusion

B.

Command injection

C.

Server-side request forgery

D.

Reverse shell

Buy Now
Questions 48

Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue. Which of the following is the first step the incident response staff members should take when they arrive?

Options:

A.

Turn on all systems, scan for infection, and back up data to a USB storage device.

B.

Identify and remove the software installed on the impacted systems in the department.

C.

Explain that malware cannot truly be removed and then reimage the devices.

D.

Log on to the impacted systems with an administrator account that has privileges to perform backups.

E.

Segment the entire department from the network and review each computer offline.

Buy Now
Questions 49

An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

Options:

A.

SOAR

B.

SIEM

C.

SLA

D.

IoC

Buy Now
Questions 50

A security analyst received an alert regarding multiple successful MFA log-ins for a particular user When reviewing the authentication logs the analyst sees the following:

Which of the following are most likely occurring, based on the MFA logs? (Select two).

Options:

A.

Dictionary attack

B.

Push phishing

C.

impossible geo-velocity

D.

Subscriber identity module swapping

E.

Rogue access point

F.

Password spray

Buy Now
Questions 51

Which of the following would an organization use to develop a business continuity plan?

Options:

A.

A diagram of all systems and interdependent applications

B.

A repository for all the software used by the organization

C.

A prioritized list of critical systems defined by executive leadership

D.

A configuration management database in print at an off-site location

Buy Now
Questions 52

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?

Options:

A.

Credentialed network scanning

B.

Passive scanning

C.

Agent-based scanning

D.

Dynamic scanning

Buy Now
Questions 53

A security analyst is reviewing the following alert that was triggered by FIM on a critical system:

Which of the following best describes the suspicious activity that is occurring?

Options:

A.

A fake antivirus program was installed by the user.

B.

A network drive was added to allow exfiltration of data

C.

A new program has been set to execute on system start

D.

The host firewall on 192.168.1.10 was disabled.

Buy Now
Questions 54

A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls, and two-factor authentication. Which of the following

does this most likely describe?

Options:

A.

System hardening

B.

Hybrid network architecture

C.

Continuous authorization

D.

Secure access service edge

Buy Now
Questions 55

New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new employees are accountable for following the company policy?

Options:

A.

Human resources must email a copy of a user agreement to all new employees

B.

Supervisors must get verbal confirmation from new employees indicating they have read the user agreement

C.

All new employees must take a test about the company security policy during the cjitoardmg process

D.

All new employees must sign a user agreement to acknowledge the company security policy

Buy Now
Questions 56

Which of the following is described as a method of enforcing a security policy between cloud customers and cloud services?

Options:

A.

CASB

B.

DMARC

C.

SIEM

D.

PAM

Buy Now
Questions 57

A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time. Which of the following inhibitors to remediation does this scenario illustrate?

Options:

A.

Service-level agreement

B.

Business process interruption

C.

Degrading functionality

D.

Proprietary system

Buy Now
Questions 58

During normal security monitoring activities, the following activity was observed:

cd C:\Users\Documents\HR\Employees

takeown/f .*

SUCCESS:

Which of the following best describes the potentially malicious activity observed?

Options:

A.

Registry changes or anomalies

B.

Data exfiltration

C.

Unauthorized privileges

D.

File configuration changes

Buy Now
Questions 59

A Chief Information Security Officer wants to implement security by design, starting …… vulnerabilities, including SQL injection, FRI, XSS, etc. Which of the following would most likely meet the requirement?

Options:

A.

Reverse engineering

B.

Known environment testing

C.

Dynamic application security testing

D.

Code debugging

Buy Now
Questions 60

A security analyst noticed the following entry on a web server log:

Warning: fopen (http://127.0.0.1:16) : failed to open stream:

Connection refused in /hj/var/www/showimage.php on line 7

Which of the following malicious activities was most likely attempted?

Options:

A.

XSS

B.

CSRF

C.

SSRF

D.

RCE

Buy Now
Questions 61

Which of the following best describes the key elements of a successful information security program?

Options:

A.

Business impact analysis, asset and change management, and security communication plan

B.

Security policy implementation, assignment of roles and responsibilities, and information asset classification

C.

Disaster recovery and business continuity planning, and the definition of access control requirements and human resource policies

D.

Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems

Buy Now
Questions 62

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)

Options:

A.

Beaconinq

B.

Domain Name System hijacking

C.

Social engineering attack

D.

On-path attack

E.

Obfuscated links

F.

Address Resolution Protocol poisoning

Buy Now
Questions 63

Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address?

Options:

A.

Join an information sharing and analysis center specific to the company's industry.

B.

Upload threat intelligence to the IPS in STIX/TAXII format.

C.

Add data enrichment for IPS in the ingestion pipleline.

D.

Review threat feeds after viewing the SIEM alert.

Buy Now
Questions 64

An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

Options:

A.

Disable administrative accounts for any operations.

B.

Implement MFA requirements for all internal resources.

C.

Harden systems by disabling or removing unnecessary services.

D.

Implement controls to block execution of untrusted applications.

Buy Now
Questions 65

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

Options:

A.

Running regular penetration tests to identify and address new vulnerabilities

B.

Conducting regular security awareness training of employees to prevent social engineering attacks

C.

Deploying an additional layer of access controls to verify authorized individuals

D.

Implementing intrusion detection software to alert security teams of unauthorized access attempts

Buy Now
Questions 66

A security analyst reviews the following results of a Nikto scan:

Which of the following should the security administrator investigate next?

Options:

A.

tiki

B.

phpList

C.

shtml.exe

D.

sshome

Buy Now
Questions 67

A SOC manager is establishing a reporting process to manage vulnerabilities. Which of the following would be the best solution to identify potential loss incurred by an issue?

Options:

A.

Trends

B.

Risk score

C.

Mitigation

D.

Prioritization

Buy Now
Questions 68

An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?

Options:

A.

Identify and discuss the lessons learned with the prior analyst.

B.

Accept all findings and continue to investigate the next item target.

C.

Review the steps that the previous analyst followed.

D.

Validate the root cause from the prior analyst.

Buy Now
Questions 69

A security team identified several rogue Wi-Fi access points during the most recent network scan. The network scans occur once per quarter. Which of the following controls would best all ow the organization to identity rogue

devices more quickly?

Options:

A.

Implement a continuous monitoring policy.

B.

Implement a BYOD policy.

C.

Implement a portable wireless scanning policy.

D.

Change the frequency of network scans to once per month.

Buy Now
Questions 70

Which of the following is a reason why proper handling and reporting of existing evidence are important for the investigation and reporting phases of an incident response?

Options:

A.

TO ensure the report is legally acceptable in case it needs to be presented in court

B.

To present a lessons-learned analysis for the incident response team

C.

To ensure the evidence can be used in a postmortem analysis

D.

To prevent the possible loss of a data source for further root cause analysis

Buy Now
Questions 71

An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several web servers. The exploit contained the following snippet:

/wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role=administrator

Which of the following controls would work best to mitigate the attack represented by this snippet?

Options:

A.

Limit user creation to administrators only.

B.

Limit layout creation to administrators only.

C.

Set the directory trx_addons to read only for all users.

D.

Set the directory v2 to read only for all users.

Buy Now
Questions 72

A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the respective system

owners to help determine the best methodology that seeks to promote confidentiality, availability, and integrity of the data being hosted. Which of the following should the security analyst perform first to

categorize and prioritize the respective systems?

Options:

A.

Interview the users who access these systems,

B.

Scan the systems to see which vulnerabilities currently exist.

C.

Configure alerts for vendor-specific zero-day exploits.

D.

Determine the asset value of each system.

Buy Now
Questions 73

An organization was compromised, and the usernames and passwords of all em-ployees were leaked online. Which of the following best describes the remedia-tion that could reduce the impact of this situation?

Options:

A.

Multifactor authentication

B.

Password changes

C.

System hardening

D.

Password encryption

Buy Now
Questions 74

The analyst reviews the following endpoint log entry:

Which of the following has occurred?

Options:

A.

Registry change

B.

Rename computer

C.

New account introduced

D.

Privilege escalation

Buy Now
Questions 75

A technician is analyzing output from a popular network mapping tool for a PCI audit:

Which of the following best describes the output?

Options:

A.

The host is not up or responding.

B.

The host is running excessive cipher suites.

C.

The host is allowing insecure cipher suites.

D.

The Secure Shell port on this host is closed

Buy Now
Questions 76

Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?

Options:

A.

Command and control

B.

Actions on objectives

C.

Exploitation

D.

Delivery

Buy Now
Questions 77

A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?

Options:

A.

Hacklivist

B.

Advanced persistent threat

C.

Insider threat

D.

Script kiddie

Buy Now
Questions 78

A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following:

Which of the following vulnerabilitles Is the securlty analyst trylng to valldate?

Options:

A.

SQL injection

B.

LFI

C.

XSS

D.

CSRF

Buy Now
Questions 79

During an incident, analysts need to rapidly investigate by the investigation and leadership teams. Which of the following best describes how PII should be safeguarded during an incident?

Options:

A.

Implement data encryption and close the data so only the company has access.

B.

Ensure permissions are limited in the investigation team and encrypt the data.

C.

Implement data encryption and create a standardized procedure for deleting data that is no longer needed.

D.

Ensure that permissions are open only to the company.

Buy Now
Questions 80

An organization discovered a data breach that resulted in Pll being released to the public. During the lessons learned review, the panel identified discrepancies regarding who was responsible for external reporting, as well as the timing requirements. Which of the following actions would best address the reporting issue?

Options:

A.

Creating a playbook denoting specific SLAs and containment actions per incident type

B.

Researching federal laws, regulatory compliance requirements, and organizational policies to document specific reporting SLAs

C.

Defining which security incidents require external notifications and incident reporting in addition to internal stakeholders

D.

Designating specific roles and responsibilities within the security team and stakeholders to streamline tasks

Buy Now
Questions 81

Which of the following best describes the process of requiring remediation of a known threat within a given time frame?

Options:

A.

SLA

B.

MOU

C.

Best-effort patching

D.

Organizational governance

Buy Now
Questions 82

An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?

Options:

A.

File debugging

B.

Traffic analysis

C.

Reverse engineering

D.

Machine isolation

Buy Now
Questions 83

An analyst needs to provide recommendations based on a recent vulnerability scan:

Which of the following should the analyst recommend addressing to ensure potential vulnerabilities are identified?

Options:

A.

SMB use domain SID to enumerate users

B.

SYN scanner

C.

SSL certificate cannot be trusted

D.

Scan not performed with admin privileges

Buy Now
Questions 84

A penetration tester submitted data to a form in a web application, which enabled the penetration tester to retrieve user credentials. Which of the following should be recommended for remediation of this application vulnerability?

Options:

A.

Implementing multifactor authentication on the server OS

B.

Hashing user passwords on the web application

C.

Performing input validation before allowing submission

D.

Segmenting the network between the users and the web server

Buy Now
Questions 85

A security analyst has found the following suspicious DNS traffic while analyzing a packet capture:

• DNS traffic while a tunneling session is active.

• The mean time between queries is less than one second.

• The average query length exceeds 100 characters.

Which of the following attacks most likely occurred?

Options:

A.

DNS exfiltration

B.

DNS spoofing

C.

DNS zone transfer

D.

DNS poisoning

Buy Now
Questions 86

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?

Options:

A.

Increasing training and awareness for all staff

B.

Ensuring that malicious websites cannot be visited

C.

Blocking all scripts downloaded from the internet

D.

Disabling all staff members' ability to run downloaded applications

Buy Now
Questions 87

A Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost.

Which of the following risk treatments best describes what the CISO is looking for?

Options:

A.

Transfer

B.

Mitigate

C.

Accept

D.

Avoid

Buy Now
Questions 88

A company brings in a consultant to make improvements to its website. After the consultant leaves. a web developer notices unusual activity on the website and submits a suspicious file containing the following code to the security team:

Which of the following did the consultant do?

Options:

A.

Implanted a backdoor

B.

Implemented privilege escalation

C.

Implemented clickjacking

D.

Patched the web server

Buy Now
Questions 89

Which of the following does "federation" most likely refer to within the context of identity and access management?

Options:

A.

Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access

B.

An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains

C.

Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user

D.

Correlating one's identity with the attributes and associated applications the user has access to

Buy Now
Questions 90

Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?

Options:

A.

Deploy a database to aggregate the logging.

B.

Configure the servers to forward logs to a SIEM-

C.

Share the log directory on each server to allow local access,

D.

Automate the emailing of logs to the analysts.

Buy Now
Exam Code: CS0-003
Exam Name: CompTIA CySA+ Certification Beta Exam
Last Update: Jun 17, 2024
Questions: 303
CS0-003 pdf

CS0-003 PDF

$28  $80
CS0-003 Engine

CS0-003 Testing Engine

$33.25  $95
CS0-003 PDF + Engine

CS0-003 PDF + Testing Engine

$45.5  $130