Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CS0-003
Free trial
Verified
Question 26
A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?
- A: Deploy agents on all systems to perform the scans
- B: Deploy a central scanner and perform non-credentialed scans
- C: Deploy a cloud-based scanner and perform a network scan
- D: Deploy a scanner sensor on every segment and perform credentialed scans
Question 27
Executives at an organization email sensitive financial information to external business partners when negotiating valuable contracts. To ensure the legal validity of these messages, the cybersecurity team recommends a digital signature be added to emails sent by the executives. Which of the following are the primary goals of this recommendation? (Choose two.)
- A: Confidentiality
- B: Integrity
- C: Privacy
- D: Anonymity
- E: Non-reduplication
- F: Authorization
Question 28
A security administrator needs to import PII data records from the production environment to the test environment for testing purposes. Which of the following would best protect data confidentiality?
- A: Data masking
- B: Hashing
- C: Watermarking
- D: Encoding
Question 29
The email system administrator for an organization configured DKIM signing for all email legitimately sent by the organization. Which of the following would most likely indicate an email is malicious if the company's domain name is used as both the sender and the recipient?
- A: The message fails a DMARC check
- B: The sending IP address is the hosting provider
- C: The signature does not meet corporate standards
- D: The sender and reply address are different
Question 30
During an incident involving phishing, a security analyst needs to find the source of the malicious email. Which of the following techniques would provide the analyst with this information?
- A: Header analysis
- B: Packet capture
- C: SSL inspection
- D: Reverse engineering
Question 31
An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed?
- A: Blocklisting
- B: Allowlisting
- C: Graylisting
- D: Webhooks
Question 32
During a cybersecurity incident, one of the web servers at the perimeter network was affected by ransomware. Which of the following actions should be performed immediately?
- A: Shut down the server.
- B: Reimage the server.
- C: Quarantine the server.
- D: Update the OS to latest version.
Question 33
An organization recently changed its BC and DR plans. Which of the following would best allow for the incident response team to test the changes without any impact to the business?
- A: Perform a tabletop drill based on previously identified incident scenarios.
- B: Simulate an incident by shutting down power to the primary data center.
- C: Migrate active workloads from the primary data center to the secondary location.
- D: Compare the current plan to lessons learned from previous incidents.
Question 34
Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?
- A: Deploy a database to aggregate the logging
- B: Configure the servers to forward logs to a SIEM
- C: Share the log directory on each server to allow local access.
- D: Automate the emailing of logs to the analysts.
Question 35
An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?
- A: Exploitation
- B: Reconnaissance
- C: Command and control
- D: Actions on objectives
Question 36
Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?
- A: Mean time to detect
- B: Mean time to respond
- C: Mean time to remediate
- D: Service-level agreement uptime
Question 37
After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising?
- A: Transfer
- B: Accept
- C: Mitigate
- D: Avoid
Question 38
A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file from the email and isolates the affected workstation from the network. Which of the following activities should the analyst perform next?
- A: Wipe the computer and reinstall software
- B: Shut down the email server and quarantine it from the network
- C: Acquire a bit-level image of the affected workstation
- D: Search for other mail users who have received the same file
Question 39
The security analyst received the monthly vulnerability report. The following findings were included in the report:
• Five of the systems only required a reboot to finalize the patch application
• Two of the servers are running outdated operating systems and cannot be patched
The analyst determines that the only way to ensure these servers cannot be compromised is to isolate them. Which of the following approaches will best minimize the risk of the outdated servers being compromised?
- A: Compensating controls
- B: Due diligence
- C: Maintenance windows
- D: Passive discovery
Question 40
The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company:
Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email?
- A: Vulnerability A
- B: Vulnerability B
- C: Vulnerability C
- D: Vulnerability D
Question 41
An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?
- A: Identify and discuss the lessons learned with the prior analyst.
- B: Accept all findings and continue to investigate the next item target.
- C: Review the steps that the previous analyst followed.
- D: Validate the root cause from the prior analyst.
Question 42
A company recently removed administrator rights from all of its end user workstations. An analyst uses CVSSv3.1 exploitability metrics to prioritize the vulnerabilities for the workstations and produces the following information:
Which of the following vulnerabilities should be prioritized for remediation?
- A: nessie.explosion
- B: vote.4p
- C: sweet.bike
- D: great.skills
Question 43
A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?
- A: Increasing training and awareness for all staff
- B: Ensuring that malicious websites cannot be visited
- C: Blocking all scripts downloaded from the internet
- D: Disabling all staff members’ ability to run downloaded applications
Question 44
A security analyst at a company is reviewing an alert from the file integrity monitoring indicating a mismatch in the login. html file hash. After comparing the code with the previous version of the page source code, the analyst found the following code snippet added:
Which of the following best describes the activity the analyst has observed?
- A: Obfuscated links
- B: Exfiltration
- C: Unauthorized changes
- D: Beaconing
Question 45
A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods should be used to resolve this issue?
- A: Credentialed scar
- B: External scan
- C: Differential scan
- D: Network scan
Question 46
An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)
- A: Beaconing
- B: Domain Name System hijacking
- C: Social engineering attack
- D: On-path attack
- E: Obfuscated links
- F: Address Resolution Protocol poisoning
Question 47
An organization enabled a SIEM rule to send an alert to a security analyst distribution list when ten failed logins occur within one minute. However, the control was unable to detect an attack with nine failed logins. Which of the following best represents what occurred?
- A: False positive
- B: True negative
- C: False negative
- D: True positive
Question 48
A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning. Which of following best fits the type of scanning activity requested?
- A: Uncredentialed scan
- B: Discovery scan
- C: Vulnerability scan
- D: Credentialed scan
Question 49
Which of the following best describes the process of requiring remediation of a known threat within a given time frame?
- A: SLA
- B: MOU
- C: Best-effort patching
- D: Organizational governance
Question 50
Which of the following risk management principles is accomplished by purchasing cyber insurance?
- A: Accept
- B: Avoid
- C: Mitigate
- D: Transfer
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!