Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CS0-003Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 51

A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding?

  • A: Establish quarterly SDLC training on the top vulnerabilities for developers
  • B: Conduct a yearly inspection of the code repositories and provide the report to management.
  • C: Hire an external penetration test of the network
  • D: Deploy more vulnerability scanners for increased coverage

Question 52

An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensure are addressed? (Choose two.)

  • A: Data classification
  • B: Data destruction
  • C: Data loss prevention
  • D: Encryption
  • E: Backups
  • F: Access controls

Question 53

An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue?

  • A: The scanner is running without an agent installed.
  • B: The scanner is running in active mode.
  • C: The scanner is segmented improperly
  • D: The scanner is configured with a scanning window

Question 54

An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

  • A: Set user account control protection to the most restrictive level on all devices
  • B: Implement MFA requirements for all internal resources
  • C: Harden systems by disabling or removing unnecessary services
  • D: Implement controls to block execution of untrusted applications

Question 55

A new zero-day vulnerability was released. A security analyst is prioritizing which systems should receive deployment of compensating controls deployment first. The systems have been grouped into the categories shown below:

Image 1

Which of the following groups should be prioritized for compensating controls?

  • A: Group A
  • B: Group B
  • C: Group C
  • D: Group D

Question 56

A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?

  • A: OSSTMM
  • B: Diamond Model of Intrusion Analysis
  • C: OWASP
  • D: MITRE ATT&CK

Question 57

During security scanning, a security analyst regularly finds the same vulnerabilities in a critical application. Which of the following recommendations would best mitigate this problem if applied along the SDLC phase?

  • A: Conduct regular red team exercises over the application in production
  • B: Ensure that all implemented coding libraries are regularly checked
  • C: Use application security scanning as part of the pipeline for the CI/CD flow
  • D: Implement proper input validation for any data entry form

Question 58

Which of the following actions would an analyst most likely perform after an incident has been investigated?

  • A: Risk assessment
  • B: Root cause analysis
  • C: Incident response plan
  • D: Tabletop exercise

Question 59

After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m. Which of the following is potentially occurring?

  • A: Irregular peer-to-peer communication
  • B: Rogue device on the network
  • C: Abnormal OS process behavior
  • D: Data exfiltration

Question 60

A vulnerability scanner generates the following output:

Image 1

The company has an SLA for patching that requires time frames to be met for high-risk vulnerabilities. Which of the following should the analyst prioritize first for remediation?

  • A: Oracle JDK
  • B: Cisco Webex
  • C: Redis Server
  • D: SSL Self-signed Certificate

Question 61

A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?

  • A: Instruct the firewall engineer that a rule needs to be added to block this external server
  • B: Escalate the event to an incident and notify the SOC manager of the activity
  • C: Notify the incident response team that there is a DDoS attack occurring
  • D: Identify the IP/hostname for the requests and look at the related activity

Question 62

Which of the following best describes the reporting metric that should be utilized when measuring the degree to which a system application, or user base is affected by an uptime availability outage?

  • A: Timeline
  • B: Evidence
  • C: Impact
  • D: Scope

Question 63

A security analyst needs to provide evidence of regular vulnerability scanning on the company's network for an auditing process. Which of the following is an example of a tool that can produce such evidence?

  • A: OpenVAS
  • B: Burp Suite
  • C: Nmap
  • D: Wireshark

Question 64

A security analyst performs a vulnerability scan. Based on the metrics from the scan results, the analyst must prioritize which hosts to patch. The analyst runs the tool and receives the following output:

Image 1

Which of the following hosts should be patched first, based on the metrics?

  • A: host01
  • B: host02
  • C: host03
  • D: host04

Question 65

An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the best step for the security team to take to ensure compliance with the request?

  • A: Publicly disclose the request to other vendors
  • B: Notify the departments involved to preserve potentially relevant information
  • C: Establish a chain of custody starting with the attorney's request
  • D: Back up the mailboxes on the server and provide the attorney with a copy

Question 66

A company has the following security requirements:

• No public IPs
• All data secured at rest
• No insecure ports/protocols

After a cloud scan is completed a security analyst receives reports that several misconfigurations are putting the company at risk. Given the following cloud scanner output:

Image 1

Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks?

  • A: VM_PRD_DB
  • B: VM_DEV_DB
  • C: VM_DEV_Web02
  • D: VM_PRD_Web01

Question 67

Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for future incidents?

  • A: Lessons learned
  • B: Scrum review
  • C: Root cause analysis
  • D: Regulatory compliance

Question 68

An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?

  • A: Proprietary systems
  • B: Legacy systems
  • C: Unsupported operating systems
  • D: Lack of maintenance windows

Question 69

An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the incident forward?

  • A: Impact
  • B: Vulnerability score
  • C: Mean time to detect
  • D: Isolation

Question 70

To minimize the impact of a security incident, a cybersecurity analyst has configured audit settings in the organization’s cloud services. Which of the following security controls has the analyst configured?

  • A: Preventive
  • B: Corrective
  • C: Directive
  • D: Detective

Question 71

A web developer reports the following error that appeared on a development server when testing a new application:

Image 1

Which of the following tools can be used to identify the application’s point of failure?

  • A: OpenVAS
  • B: Angry IP scanner
  • C: Immunity debugger
  • D: Burp Suite

Question 72

Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?

  • A: MOU
  • B: NDA
  • C: BIA
  • D: SLA

Question 73

A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks?

  • A: Block the attacks using firewall rules
  • B: Deploy an IPS in the perimeter network
  • C: Roll out a CDN
  • D: Implement a load balancer

Question 74

An analyst is reviewing system logs while threat hunting:

Image 1

Which of the following hosts should be investigated first?

  • A: PC1
  • B: PC2
  • C: PC3
  • D: PC4
  • E: PC5

Question 75

An organization needs to bring in data collection and aggregation from various endpoints. Which of the following is the best tool to deploy to help analysts gather this data?

  • A: DLP
  • B: NAC
  • C: EDR
  • D: NIDS
Page 3 of 18 • Questions 51-75 of 445
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!