COMPTIA-CYSA

CompTIA's CS0-003 Which of the following best explains the importance of the implementation of a secure software development life cycle in a company with an internal development team?

CompTIA's CS0-003 A security analyst needs to block vulnerable ports and disable legacy protocols. The analyst has ensured NetBIOS trio, Telnet, SMB, and TFTP are blocked and/or disabled. Which of the following additional protocols should the analyst block next?

CompTIA's CS0-003 A company is launching a new application in its internal network, where internal customers can communicate with the service desk. The security team needs to ensure the application will be able to handle unexpected strings with anomalous formats without crashing. Which of the following processes is the most applicable for testing the application to find how it would behave in such a situation?

CompTIA's CS0-003 A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that the IP has a bad reputation. The perimeter firewall logs indicate the inbound traffic was allowed. The destination hosts are high-value assets with EDR agents installed. Which of the following is the best action for the SOC to take to protect against any further activity from the source IP?

CompTIA's CS0-003 A company’s internet-facing web application has been compromised several times due to identified design flaws. The company would like to minimize the risk of these incidents from reoccurring and has provided the developers with better security training. However, the company cannot allocate any more internal resources to the issue. Which of the following are the best options to help identify flaws within the system? (Choose two.) E. Creating a bug bounty program F. Implementing threat modeling

CompTIA's CS0-003 A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst. Which of the following is the best way to relay the process information to the junior analyst?

CompTIA's CS0-003 Which of the following choices is most likely to cause obstacles in vulnerability remediation?

CompTIA's CS0-003 A security analyst needs to identify services in a small, critical infrastructure ICS network. Many components in the network are likely to break if they receive malformed or unusually large requests. Which of the following is the safest method to use when identifying service versions?

CompTIA's CS0-003 A web application has a function to retrieve content from an internal URL to identify CSRF attacks in the logs. The security analyst is building a regular expression that will filter out the correctly formatted requests. The target URL is https://10.1.2.3/api, and the receiving API only accepts GET requests and uses a single integer argument named “id.” Which of the following regular expressions should the analyst use to achieve the objective?

CompTIA's CS0-003 A security analyst needs to identify a computer based on the following requirements to be mitigated:• The attack method is network based with low complexity.• No privileges or user action is needed.• The confidentiality and availability level is high with a low integrity level.Given the following CVSS 3.1 output:Computer1 -CVSS3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:HComputer2 -CVSS3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HComputer3 -CVSS3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:HComputer4 -CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HWhich of the following machines should the analyst mitigate?

CompTIA's CS0-003 An analyst would like to start automatically ingesting IoCs into the EDR tool. Which of the following sources would be the most cost effective for the analyst to use?

CompTIA's CS0-003 A user clicks on a malicious adware link, and the malware successfully downloads to the machine. The malware has a script that invokes command-and-control activity. Which of the following actions is the best way to contain the incident without any additional impact?

CompTIA's CS0-003 During normal security monitoring activities, the following activity was observed:cd C:\Users\Documents\HR\Employeestakeown/f .*SUCCESS:Which of the following best describes the potentially malicious activity observed?

CompTIA's CS0-003 A security manager is looking at a third-party vulnerability metric (SMITTEN) to improve upon the company’s current method that relies on CVSSv3. Given the following:Which of the following vulnerabilities should be prioritized?

CompTIA's CS0-003 Which of the following should be performed first when creating a BCP to ensure that all critical functions and financial implications have been considered?

CompTIA's CS0-003 A security administrator has found indications of dictionary attacks against the company’s external-facing portal. Which of the following should be implemented to best mitigate the password attacks?

CompTIA's CS0-003 The security team reviews a web server for XSS and runs the following Nmap scan:Which of the following most accurately describes the result of the scan?

CompTIA's CS0-003 A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The traffic is then routed to a geographic location to which the company has no association. Which of the following best describes this type of threat?

CompTIA's CS0-003 Based on an internal assessment, a vulnerability management team wants to proactively identify risks to the infrastructure prior to production deployments. Which of the following best supports this approach?

CompTIA's CS0-003 Which of the following defines the proper sequence of data volatility regarding the evidence collection process, from the most to least volatile?

CompTIA's CS0-003 A security analyst needs to support an organization’s legal case against a threat actor. Which of the following processes provides the best way to assist in the prosecution of the case?

CompTIA's CS0-003 An end user forwarded an email with a file attachment to the SOC for review. The SOC analysts think the file was specially crafted for the target. Which of the following investigative actions would best determine if the attachment was malicious?

CompTIA's CS0-003 Which of the following is instituting a security policy that users must lock their systems when stepping away from their desks an example of?

CompTIA's CS0-003 A security analyst needs to identify an asset that should be remediated based on the following information:Which of the following assets should the analyst remediate first?

CompTIA's CS0-003 A security analyst runs tcpdump on the 10.203.10.22 machine and observes thousands of packets as shown below:Which of the following activities explains the tcpdump output?

CompTIA's CS0-003 Which of the following is the best metric to use when reviewing and addressing findings that caused an incident?

CompTIA's CS0-003 A cybersecurity analyst is setting up a security control that monitors network traffic and produces an active response to a security event. Which of the following tools is the analyst configuring?

CompTIA's CS0-003 A security analyst working for an airline is prioritizing vulnerabilities found on a system. The system has the following requirements:• Can store periodically audited documents required for takeoffs and landings• Can keep critical records regarding the company’s operations• Data can be made public upon request and authorizationWhich of the following vulnerabilities should be remediated first?

CompTIA's CS0-003 Which of the following are process improvements that can be realized by implementing a SOAR solution? (Choose two.) E. Define a security strategy. F. Generate reports and metrics.

CompTIA's CS0-003 Which of the following best describe the external requirements that are imposed for incident management communication? (Choose two). E. Industry advocacy group participation F. Framework guidelines