comptia cs0-003 practice test

CompTIA CySA+ (CS0-003)

Last exam update: Apr 08 ,2024
Page 1 out of 14. Viewing questions 1-10 out of 149

Question 1

A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?

  • A. /etc/shadow
  • B. curl localhost
  • C. ; printenv
  • D. cat /proc/self/
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?

  • A. Business continuity plan
  • B. Vulnerability management plan
  • C. Disaster recovery plan
  • D. Asset management plan
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following best describes the process of requiring remediation of a known threat within a given time frame?

  • A. SLA
  • B. MOU
  • C. Best-effort patching
  • D. Organizational governance
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An organization's email account was compromised by a bad actor. Given the following information:



Which of the following is the length of time the team took to detect the threat?

  • A. Data masking
  • B. Hashing
  • C. Watermarking
  • D. Encoding
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

An organization enabled a SIEM rule to send an alert to a security analyst distribution list when ten failed logins occur within one minute. However, the control was unable to detect an attack with nine failed logins. Which of the following best represents what occurred?

  • A. False positive
  • B. True negative
  • C. False negative
  • D. True positive
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?

  • A. Increasing training and awareness for all staff
  • B. Ensuring that malicious websites cannot be visited
  • C. Blocking all scripts downloaded from the internet
  • D. Disabling all staff members ability to run downloaded applications
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A company that has a geographically diverse workforce and dynamic IPs wants to implement a vulnerability scanning method with reduced network traffic. Which of the following would best meet this requirement?

  • A. External
  • B. Agent-based
  • C. Non-credentialed
  • D. Credentialed
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several web servers. The exploit contained the following snippet:

/wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role=administrator

Which of the following controls would work best to mitigate the attack represented by this snippet?

  • A. Limit user creation to administrators only.
  • B. Limit layout creation to administrators only.
  • C. Set the directory trx_addons to read only for all users.
  • D. Set the directory V2 to read only for all users.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following would help to minimize human engagement and aid in process improvement in security operations?

  • A. OSSTMM
  • B. SIEM
  • C. SOAR
  • D. OWASP
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?

  • A. Deploy a database to aggregate the logging
  • B. Configure the servers to forward logs to a SIEM
  • C. Share the log directory on each server to allow local access.
  • D. Automate the emailing of logs to the analysts.
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2