Pass CompTIA CySA+ CS0-003 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
An organization has a critical financial application hosted online that does not allow event logging to send to the corporate SIEM. Which of the following is the best option for the security analyst to configure to improve the efficiency of security operations?
- A. Configure a new SIEM specific to the management of the hosted environment.
- B. Subscribe to a threat feed related to the vendor’s application.
- C. Use a vendor-provided API to automate pulling the logs in real time.
- D. Download and manually import the logs outside of business hours.
A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server. Which of the following best describes the activity that is taking place?
- A. Data exfiltration
- B. Rogue device
- C. Scanning
- D. Beaconing
An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain for this aircraft. Which of the following would be the best threat intelligence source to learn about this new campaign?
- A. Information sharing organization
- B. Blogs/forums
- C. Cybersecurity incident response team
- D. Deep/dark web
After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder. Which of the following is most likely the goal of the forensic analysis in this case?
- A. Provide a full picture of the existing risks.
- B. Notify law enforcement of the incident.
- C. Further contain the incident.
- D. Determine root cause information.
Which of the following is the most important reason for an incident response team to develop a formal incident declaration?
- A. To require that an incident be reported through the proper channels
- B. To identify and document staff who have the authority to decrease an incident
- C. To allow for public disclosure of a security event impacting the organization
- D. To establish the department that responsible for responding to an incident
An organization has establish a formal change management process after experiencing several critical system failures over the past year. Which of the following are key factors that the change management process will include in order to reduce the impact of system failures? (Choose two.)
- A. Ensure users the document system recovery plan prior to deployment.
- B. Perform a full system-level backup following the change.
- C. Leverage an audit tool to identify changes that are being made.
- D. Identify assets with dependence that could be impacted by the change.
- E. Require diagrams to be completed for all critical systems.
- F. Ensure that all assets are properly listed in the inventory management system.
An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason in the firewall feed stopped working?
- A. The firewall service account was locked out.
- B. The firewall was using a paid feed.
- C. The firewall certificate expired.
- D. The firewall failed open.
A security analyst would like to integrate two different SaaS-based security toots so that one tool can notify the other in the event a threat is detected. Which of the following should the analyst utilize to best accomplish this goal?
- A. SMB share
- B. API endpoint
- C. SMTP notification
- D. SNMP trap
An analyst is imaging a hard drive that was obtained from the system of an employee who is suspected of going rogue. The analyst notes that the initial hash of the evidence drive does not match the resultant hash of the imaged copy. Which of the following best describes the reason for the conflicting investigative findings?
- A. Chain of custody was not maintained for the evidence drive.
- B. Legal authorization was not obtained prior to seizing the evidence drive.
- C. Data integrity of the imaged drive could not be verified.
- D. Evidence drive imaging was performed without a write blocker.
A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-site scripting. Which of the following tools would the security team most likely recommend to perform this test?
- A. Hashcat
- B. OpenVAS
- C. OWASP ZAP
- D. Nmap