Pass CompTIA CySA+ CS0-003 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network. Which of the following would best aid in decreasing the workload without increasing staff?
- A. SIEM
- B. XDR
- C. SOAR
- D. EDR
An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?
- A. Disable the user’s network account and access to web resources.
- B. Make a copy of the files as a backup on the server.
- C. Place a legal hold on the device and the user’s network share.
- D. Make a forensic image of the device and create a SHA-1 hash.
An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?
- A. Insider threat
- B. Ransomware group
- C. Nation-state
- D. Organized crime
A systems analyst is limiting user access to system configuration keys and values in a Windows environment. Which of the following describes where the analyst can find these configuration items?
- A. config.ini
- B. ntds.dit
- C. Master boot record
- D. Registry
While reviewing web server logs, a security analyst found the following line:
< IMG SRC=’vbscript:msgbox(“test”)’ >
Which of the following malicious activities was attempted?
- A. Command injection
- B. XML injection
- C. Server-side request forgery
- D. Cross-site scripting
A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site’s standard VPN logon page is www.acme.com/logon. Which of the following is most likely true?
- A. This is a normal password change URL.
- B. The security operations center is performing a routine password audit.
- C. A new VPN gateway has been deployed.
- D. A social engineering attack is underway.
A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the scan of the network. Which of the following would be missing from a scan performed with this configuration?
- A. Operating system version
- B. Registry key values
- C. Open ports
- D. IP address
A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?
- A. /etc/shadow
- B. curl localhost
- C. ; printenv
- D. cat /proc/self/
A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?
- A. Non-credentialed scanning
- B. Passive scanning
- C. Agent-based scanning
- D. Credentialed scanning
A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?
- A. Leave the proxy as is.
- B. Decomission the proxy.
- C. Migrate the proxy to the cloud.
- D. Patch the proxy.