Valentine Day Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! CS0-003 CompTIA CyberSecurity Analyst CySA+ Certification Exam is now Stable and With Pass Result

CS0-003 Practice Exam Questions and Answers

CompTIA CyberSecurity Analyst CySA+ Certification Exam

Last Update 4 weeks ago
Total Questions : 303

CS0-003 is stable now with all latest exam questions are added 4 weeks ago. Just download our Full package and start your journey with CompTIA CyberSecurity Analyst CySA+ Certification Exam certification. All these CompTIA CS0-003 practice exam questions are real and verified by our Experts in the related industry fields.

CS0-003 PDF

CS0-003 PDF (Printable)
$48
$119.99

CS0-003 Testing Engine

CS0-003 PDF (Printable)
$56
$139.99

CS0-003 PDF + Testing Engine

CS0-003 PDF (Printable)
$70.8
$176.99
Question # 1

Which of the following is described as a method of enforcing a security policy between cloud customers and cloud services?

Options:

A.  

CASB

B.  

DMARC

C.  

SIEM

D.  

PAM

Discussion 0
Question # 2

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?

Options:

A.  

Increasing training and awareness for all staff

B.  

Ensuring that malicious websites cannot be visited

C.  

Blocking all scripts downloaded from the internet

D.  

Disabling all staff members' ability to run downloaded applications

Discussion 0
Question # 3

Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?

Options:

A.  

Log retention

B.  

Log rotation

C.  

Maximum log size

D.  

Threshold value

Discussion 0
Question # 4

A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods should be used to resolve

this issue?

Options:

A.  

Credentialed scan

B.  

External scan

C.  

Differential scan

D.  

Network scan

Discussion 0
Question # 5

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Question # 5

Question # 5

Options:

Discussion 0
Question # 6

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?

Options:

A.  

Beaconing

B.  

Cross-site scripting

C.  

Buffer overflow

D.  

PHP traversal

Discussion 0
Question # 7

An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?

Options:

A.  

Proprietary systems

B.  

Legacy systems

C.  

Unsupported operating systems

D.  

Lack of maintenance windows

Discussion 0
Question # 8

A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device's operating system. Which of the following best meets this

requirement?

Options:

A.  

SIEM

B.  

CASB

C.  

SOAR

D.  

EDR

Discussion 0
Question # 9

Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address?

Options:

A.  

Join an information sharing and analysis center specific to the company's industry.

B.  

Upload threat intelligence to the IPS in STIX/TAXII format.

C.  

Add data enrichment for IPS in the ingestion pipleline.

D.  

Review threat feeds after viewing the SIEM alert.

Discussion 0
Question # 10

A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that crypto mining is occurring. Which of the following indicators would

most likely lead the team to this conclusion?

.

Options:

A.  

High GPIJ utilization

B.  

Bandwidth consumption

C.  

Unauthorized changes

D.  

Unusual traffic spikes

Discussion 0
Question # 11

A security analyst is writing a shell script to identify IP addresses from the same country. Which of the following functions would help the analyst achieve the objective?

Options:

A.  

function w() { info=$(ping -c 1 $1 | awk -F “/” ‘END{print $1}’) && echo “$1 | $info” }

B.  

function x() { info=$(geoiplookup $1) && echo “$1 | $info” }

C.  

function y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) && echo “$1 | $info” }

D.  

function z() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) && echo “$1 | $info” }

Discussion 0
Question # 12

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

Options:

A.  

Weaponization

B.  

Reconnaissance

C.  

Delivery

D.  

Exploitation

Discussion 0
Question # 13

A security analyst performs a vulnerability scan. Based on the metrics from the scan results, the analyst must prioritize which hosts to patch. The analyst runs the tool and receives the following output:

Question # 13

Which of the following hosts should be patched first, based on the metrics?

Options:

A.  

host01

B.  

host02

C.  

host03

D.  

host04

Discussion 0
Question # 14

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

Options:

A.  

PAM

B.  

IDS

C.  

PKI

D.  

DLP

Discussion 0
Question # 15

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?

Options:

A.  

Testing

B.  

Implementation

C.  

Validation

D.  

Rollback

Discussion 0
Question # 16

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?

Options:

A.  

function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 | $a” }

B.  

function x() { b=traceroute -m 40 $1 | awk ’END{print $1}’) && echo “$1 | $b” }

C.  

function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ”.in-addr” ’{print $1}’).origin.asn.cymru.com TXT +short }

D.  

function z() { c=$(geoiplookup$1) && echo “$1 | $c” }

Discussion 0
Question # 17

The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?

Options:

A.  

Deploy a CASB and enable policy enforcement

B.  

Configure MFA with strict access

C.  

Deploy an API gateway

D.  

Enable SSO to the cloud applications

Discussion 0
Question # 18

Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current supervisor yet. Which of the following would be the best action for the incident response team to recommend?

Options:

A.  

Isolate Joe's PC from the network

B.  

Reimage the PC based on standard operating procedures

C.  

Initiate a remote wipe of Joe's PC using mobile device management

D.  

Perform no action until HR or legal counsel advises on next steps

Discussion 0
Question # 19

A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being

used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?

Options:

A.  

Leave the proxy as is.

B.  

Decomission the proxy.

C.  

Migrate the proxy to the cloud.

D.  

Patch the proxy

Discussion 0
Question # 20

Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?

Options:

A.  

Deploy a database to aggregate the logging.

B.  

Configure the servers to forward logs to a SIEM-

C.  

Share the log directory on each server to allow local access,

D.  

Automate the emailing of logs to the analysts.

Discussion 0
Question # 21

An analyst is reviewing a vulnerability report for a server environment with the following entries:

Question # 21

Which of the following systems should be prioritized for patching first?

Options:

A.  

10.101.27.98

B.  

54.73.225.17

C.  

54.74.110.26

D.  

54.74.110.228

Discussion 0
Question # 22

Which of the following items should be included in a vulnerability scan report? (Choose two.)

Options:

A.  

Lessons learned

B.  

Service-level agreement

C.  

Playbook

D.  

Affected hosts

E.  

Risk score

F.  

Education plan

Discussion 0
Question # 23

Approximately 100 employees at your company have received a Phishing email. AS a security analyst. you have been tasked with handling this Situation.

Question # 23

Question # 23

Question # 23

Review the information provided and determine the following:

1. HOW many employees Clicked on the link in the Phishing email?

2. on how many workstations was the malware installed?

3. what is the executable file name of the malware?

Question # 23

Options:

Discussion 0
Question # 24

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?

Options:

A.  

Exploitation

B.  

Reconnaissance

C.  

Command and control

D.  

Actions on objectives

Discussion 0
Question # 25

A zero-day command injection vulnerability was published. A security administrator is analyzing the following logs for evidence of adversaries attempting to exploit the vulnerability:

Question # 25

Which of the following log entries provides evidence of the attempted exploit?

Options:

A.  

Log entry 1

B.  

Log entry 2

C.  

Log entry 3

D.  

Log entry 4

Discussion 0
Question # 26

When starting an investigation, which of the following must be done first?

Options:

A.  

Notify law enforcement

B.  

Secure the scene

C.  

Seize all related evidence

D.  

Interview the witnesses

Discussion 0
Question # 27

The analyst reviews the following endpoint log entry:

Question # 27

Which of the following has occurred?

Options:

A.  

Registry change

B.  

Rename computer

C.  

New account introduced

D.  

Privilege escalation

Discussion 0
Question # 28

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment:

Question # 28

Which of the following should be completed first to remediate the findings?

Options:

A.  

Ask the web development team to update the page contents

B.  

Add the IP address allow listing for control panel access

C.  

Purchase an appropriate certificate from a trusted root CA

D.  

Perform proper sanitization on all fields

Discussion 0
Question # 29

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script:

Question # 29

Which of the following scripting languages was used in the script?

Options:

A.  

PowerShel

B.  

Ruby

C.  

Python

D.  

Shell script

Discussion 0
Question # 30

An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?

Options:

A.  

Scope

B.  

Weaponization

C.  

CVSS

D.  

Asset value

Discussion 0
Question # 31

An incident response team finished responding to a significant security incident. The management team has asked the lead analyst to provide an after-action report that includes lessons learned. Which of the following is the most likely reason to include lessons learned?

Options:

A.  

To satisfy regulatory requirements for incident reporting

B.  

To hold other departments accountable

C.  

To identify areas of improvement in the incident response process

D.  

To highlight the notable practices of the organization's incident response team

Discussion 0
Question # 32

Which of the following concepts is using an API to insert bulk access requests from a file into an identity management system an example of?

Options:

A.  

Command and control

B.  

Data enrichment

C.  

Automation

D.  

Single sign-on

Discussion 0
Question # 33

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?

Options:

A.  

Mean time to detect

B.  

Number of exploits by tactic

C.  

Alert volume

D.  

Quantity of intrusion attempts

Discussion 0
Question # 34

A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server

logs for evidence of exploitation of that particular vulnerability?

Options:

A.  

/etc/ shadow

B.  

curl localhost

C.  

; printenv

D.  

cat /proc/self/

Discussion 0
Question # 35

An analyst is examining events in multiple systems but is having difficulty correlating data points. Which of the following is most likely the issue with the system?

Options:

A.  

Access rights

B.  

Network segmentation

C.  

Time synchronization

D.  

Invalid playbook

Discussion 0
Question # 36

An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?

Options:

A.  

Disable the user's network account and access to web resources

B.  

Make a copy of the files as a backup on the server.

C.  

Place a legal hold on the device and the user's network share.

D.  

Make a forensic image of the device and create a SRA-I hash.

Discussion 0
Question # 37

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

Options:

A.  

Identify any improvements or changes in the incident response plan or procedures

B.  

Determine if an internal mistake was made and who did it so they do not repeat the error

C.  

Present all legal evidence collected and turn it over to iaw enforcement

D.  

Discuss the financial impact of the incident to determine if security controls are well spent

Discussion 0
Question # 38

The security team reviews a web server for XSS and runs the following Nmap scan:

Question # 38

Which of the following most accurately describes the result of the scan?

Options:

A.  

An output of characters > and " as the parameters used m the attempt

B.  

The vulnerable parameter ID hccp://l72.31.15.2/1.php?id-2 and unfiltered characters returned

C.  

The vulnerable parameter and unfiltered or encoded characters passed > and " as unsafe

D.  

The vulnerable parameter and characters > and " with a reflected XSS attempt

Discussion 0
Question # 39

Which of the following is the most important factor to ensure accurate incident response reporting?

Options:

A.  

A well-defined timeline of the events

B.  

A guideline for regulatory reporting

C.  

Logs from the impacted system

D.  

A well-developed executive summary

Discussion 0
Question # 40

An attacker has just gained access to the syslog server on a LAN. Reviewing the syslog entries has allowed the attacker to prioritize possible next targets. Which of the following is this an example of?

Options:

A.  

Passive network foot printing

B.  

OS fingerprinting

C.  

Service port identification

D.  

Application versioning

Discussion 0
Get CS0-003 dumps and pass your exam in 24 hours!

Free Exams Sample Questions