CompTIA CS0-003 Free Dumps (Part 3, Q81-Q120) of V13.03 Are Online: Using the Latest CS0-003 Study Guide to Prepare

1. A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues.

Which of the following is the best way for the security analyst to respond?

2. Which of the following software assessment methods world peak times?

3. During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine.

Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?

4. As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?

5. A company creates digitally signed packages for its devices.

Which of the following best describes the

method by which the security packages are delivered to the company's customers?

6. During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products.

Which of the following would be the best way to locate this issue?

7. A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent.

Which of the following would be an appropriate course of action?

8. A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software.

Which of the following existing technical controls should a security analyst recommend to best meet all the requirements?

9. A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it.

Which of the following threats applies to this situation?

10. A security analyst is supporting an embedded software team.

Which of the following is the best recommendation to ensure proper error handling at runtime?

11. The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year.

Below is the incident register for the organization:

Which of the following should the organization consider investing in first due to the potential impact of availability?

12. A cybersecurity analyst is concerned about attacks that use advanced evasion techniques.

Which of the following would best mitigate such attacks?

13. Legacy medical equipment, which contains sensitive data, cannot be patched.

Which of the following is the best solution to improve the equipment's security posture?

14. A security analyst notices the following proxy log entries:

Which of the following is the user attempting to do based on the log entries?

15. A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations.

Which of the following is the best way to achieve this goal?

16. During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT.

The lessons-learned report noted the following:

• The development team used a new software language that was not supported by the security team's automated assessment tools.

• During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected.

• The current IPS did not have effective signatures and policies in place to detect and prevent

runtime attacks on the new application.

To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

17. Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

18. A security analyst is reviewing the following log entries to identify anomalous activity:

Which of the following attack types is occurring?

19. A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device.

The security analyst then identifies the following additional details:

• Bursts of network utilization occur approximately every seven days.

• The content being transferred appears to be encrypted or obfuscated.

• A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.

• The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.

• Single file sizes are 10GB.

Which of the following describes the most likely cause of the issue?

20. A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed.

Which of the following commands will best accomplish the analyst's objectives?

21. Which of the following ICS network protocols has no inherent security functions on TCP port 502?

22. During the forensic analysis of a compromised machine, a security analyst discovers some binaries

that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content.

Which of the following is the next step the analyst should take?

23. While reviewing a vulnerability assessment, an analyst notices the following issue is identified in the report:

this finding, which of the following would be most appropriate for the analyst to recommend to the network engineer?

24. A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program.

Which of the following is the most appropriate product category for this purpose?

25. Given the output below:

#nmap 7.70 scan initiated Tues, Feb 8 12:34:56 2022 as: nmap -v -Pn -p 80,8000,443 --script http-* -oA server.out 192.168.220.42

Which of the following is being performed?

26. Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice.

Which of the following configuration changes would improve security and help prevent this from occurring?

27. While observing several host machines, a security analyst notices a program is overwriting data to a buffer.

Which of the following controls will best mitigate this issue?

28. A security analyst is logged on to a jump server to audit the system configuration and status.

The organization's policies for access to and configuration of the jump server include the following:

• No network access is allowed to the internet.

• SSH is only for management of the server.

• Users must utilize their own accounts, with no direct login as an administrator.

• Unnecessary services must be disabled.

The analyst runs netstar with elevated permissions and receives the following output:

Which of the following policies does the server violate?

29. An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time.

Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?

30. The management team has asked a senior security engineer to explore DLP security solutions for the company's growing use of cloud-based storage.

Which of the following is an appropriate solution to control the sensitive data that is being stored in the cloud?

31. Which of the following is the BEST option to protect a web application against CSRF attacks?

32. Which of the following is the greatest security concern regarding ICS?

33. While reviewing system logs, a network administrator discovers the following entry:

Which of the following occurred?

34. A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

Which of the following options can the analyst conclude based on the provided output?

35. An organization implemented an extensive firewall access-control blocklist to prevent internal network ranges from communicating with a list of IP addresses of known command-and-control domains A security analyst wants to reduce the load on the firewall.

Which of the following can the analyst implement to achieve similar protection and reduce the load on the firewall?

36. Which of the following describes the difference between intentional and unintentional insider threats?

37. A security analyst needs to automate the incident response process for malware infections.

When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Which of the following is the best way for the analyst to automate alert generation?

38. An organization wants to consolidate a number of security technologies throughout the organization and standardize a workflow for identifying security issues prioritizing the severity and automating a response

Which of the following would best meet the organization's needs?

39. A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties

Which of the following would allow the IT team to determine which devices are USB enabled?

40. A forensic analyst is conducting an investigation on a compromised server

Which of the following should the analyst do first to preserve evidence''