COMPTIA-CYSA

CompTIA's CS0-003 A security analyst receives an alert for suspicious activity on a company laptop. An excerpt of the log is shown below:Which of the following has most likely occurred?

CompTIA's CS0-003 During an incident, some IoCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next?

CompTIA's CS0-003 An MSSP received several alerts from customer 1, which caused a missed incident response deadline for customer 2. Which of the following best describes the document that was violated?

CompTIA's CS0-003 Which of the following is a reason proper handling and reporting of existing evidence are important for the investigation and reporting phases of an incident response?

CompTIA's CS0-003 An attacker has just gained access to the syslog server on a LAN. Reviewing the syslog entries has allowed the attacker to prioritize possible next targets. Which of the following is this an example of?

CompTIA's CS0-003 A security analyst observed the following activities in chronological order:1. Protocol violation alerts on external firewall2. Unauthorized internal scanning activity3. Changes in outbound network performanceWhich of the following best describes the goal of the threat actor?

CompTIA's CS0-003 After reviewing the final report for a penetration test, a cybersecurity analyst prioritizes the remediation for input validation vulnerabilities. Which of the following attacks is the analyst seeking to prevent?

CompTIA's CS0-003 During a security test, a security analyst found a critical application with a buffer overflow vulnerability. Which of the following would be best to mitigate the vulnerability at the application level?

CompTIA's CS0-003 The SOC received a threat intelligence notification indicating that an employee’s credentials were found on the dark web. The user’s web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets? E. Lower the thresholds for SOC alerting of suspected malicious activity

CompTIA's CS0-003 A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches. Which of the following would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly? (Choose two.) E. IoCs F. npm identifier

CompTIA's CS0-003 Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost. Which of the following risk treatments best describes what the CISO is looking for?

CompTIA's CS0-003 A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

CompTIA's CS0-003 An analyst discovers unusual outbound connections to an IP that was previously blocked at the web proxy and firewall. Upon further investigation, it appears that the proxy and firewall rules that were in place were removed by a service account that is not recognized. Which of the following parts of the Cyber Kill Chain does this describe?

CompTIA's CS0-003 An organization's email account was compromised by a bad actor. Given the following information:Which of the following is the length of time the team took to detect the threat?

CompTIA's CS0-003 A threat hunter seeks to identify new persistence mechanisms installed in an organization’s environment. In collecting scheduled tasks from all enterprise workstations, the following host details are aggregated:Which of the following actions should the hunter perform first based on the details above?

CompTIA's CS0-003 A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?

CompTIA's CS0-003 A cybersecurity analyst is recommending a solution to ensure emails that contain links or attachments are tested before they reach a mail server. Which of the following will the analyst most likely recommend?

CompTIA's CS0-003 An analyst reviews a recent government alert on new zero-day threats and finds the following CVE metrics for the most critical of the vulnerabilities:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:RWhich of the following represents the exploit code maturity of this critical vulnerability? E. AC:L

CompTIA's CS0-003 A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network traffic. Which of the following incident response steps should be performed next?

CompTIA's CS0-003 A SIEM alert is triggered based on execution of a suspicious one-liner on two workstations in the organization’s environment. An analyst views the details of these events below:Which of the following statements best describes the intent of the attacker, based on this one-liner?

CompTIA's CS0-003 When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing host details, has been running for over two days. Which of the following activities will provide the best insight into this potentially malicious process, based on the anomalous behavior?

CompTIA's CS0-003 Which of the following evidence collection methods is most likely to be acceptable in court cases?

CompTIA's CS0-003 A cybersecurity analyst has recovered a recently compromised server to its previous state. Which of the following should the analyst perform next?

CompTIA's CS0-003 A cybersecurity analyst has been assigned to the threat-hunting team to create a dynamic detection strategy based on behavioral analysis and attack patterns. Which of the following best describes what the analyst will be creating?

CompTIA's CS0-003 Which of the following would eliminate the need for different passwords for a variety of internal applications?

CompTIA's CS0-003 Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?

CompTIA's CS0-003 Which of the following would most likely be used to update a dashboard that integrates with multiple vendor tools?

CompTIA's CS0-003 An organization has a critical financial application hosted online that does not allow event logging to send to the corporate SIEM. Which of the following is the best option for the security analyst to configure to improve the efficiency of security operations?

CompTIA's CS0-003 After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder. Which of the following is most likely the goal of the forensic analysis in this case?

CompTIA's CS0-003 Which of the following is the most important reason for an incident response team to develop a formal incident declaration?