Pass CompTIA CySA+ CS0-003 in Just 3 Days – Stress-Free, No Study Needed!
Have questions? Contact us directly on WhatsApp for quick support!
A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material. Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?
- A. Add client addresses to the blocklist
- B. Update the DLP rules and metadata
- C. Sanitize the marketing material
- D. Update the insider threat procedures
Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and evaluate the effectiveness of the plans in place. Which of the following incident management life cycle processes does this describe?
- A. Business continuity plan
- B. Lessons learned
- C. Forensic analysis
- D. Incident response plan
Which of the following most accurately describes the Cyber Kill Chain methodology?
- A. It is used to correlate events to ascertain the TTPs of an attacker.
- B. It is used to ascertain lateral movements of an attacker, enabling the process to be stopped.
- C. It provides a clear model of how an attacker generally operates during an intrusion and the actions to take at each stage.
- D. It outlines a clear path for determining the relationships between the attacker, the technology used, and the target.
After a recent vulnerability report for a server is presented, a business must decide whether to secure the company’s web-based storefront or shut it down. The developer is not able to fix the zero-day vulnerability because a patch does not exist yet. Which of the following is the best option for the business?
- A. Limit the API request for new transactions until a patch exists.
- B. Take the storefront offline until a patch exists.
- C. Identify the degrading functionality.
- D. Put a WAF in front of the storefront.
During a tabletop exercise, engineers discovered that an ICS could not be updated due to hardware versioning incompatibility. Which of the following is the most likely cause of this issue?
- A. Legacy system
- B. Business process interruption
- C. Degrading functionality
- D. Configuration management
A security analyst is researching ways to improve the security of a company’s email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?
- A. An AAAA record on the name server for SPF
- B. DNSSEC keys to secure replication
- C. Domain Keys Identified Mail
- D. A sandbox to check incoming mail
Which of the following documents sets requirements and metrics for a third-party response during an event?
- A. BIA
- B. DRP
- C. SLA
- D. MOU
A SOC analyst wants to improve the proactive detection of malicious emails before they are delivered to the destination inbox. Which of the following is the best approach the SOC analyst can recommend?
- A. Install UEBA software on the network.
- B. Validate and quarantine emails with invalid DKIM and SPF headers.
- C. Implement an EDR system on each endpoint.
- D. Deploy a DLP platform to block unauthorized and suspicious content.
Which of the following is a benefit of the Diamond Model of Intrusion Analysis?
- A. It provides analytical pivoting and identifies knowledge gaps.
- B. It guarantees that the discovered vulnerability will not be exploited again in the future.
- C. It provides concise evidence that can be used in court.
- D. It allows for proactive detection and analysis of attack events.
An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?
- A. File debugging
- B. Traffic analysis
- C. Reverse engineering
- D. Machine isolation