COMPTIA-CYSA

CompTIA's CS0-003 An after-action review of a ransomware attack on a company identified deficiencies in responsiveness and consistency. Which of the following choices would best facilitate improvement of these deficiencies?

CompTIA's CS0-003 A security analyst is performing a malware analysis on a device and receives the following instructions:• Reduce the blast radius of the potential threat.• Preserve forensic data for post-incident analysis.• If securely possible, preserve connectivity for live analysis.Which of the following will best help the analyst during the investigation?

CompTIA's CS0-003 Which of the following is the practice of controlling how evidence is handled to ensure its integrity during an investigation?

CompTIA's CS0-003 A SOC analyst is reviewing the weekly EDR report. The report shows that the same application was blocked once every 24 hours. Which of the following tools should the analyst use to further investigate the incident?

CompTIA's CS0-003 A finance department employee opens an unsolicited email that contains a malicious payload. The payload quickly spreads through the finance department, but does not affect other departments. Which of the following best explains why the payload does not affect all departments?

CompTIA's CS0-003 A security analyst is responding to an incident that is related to an unauthorized communication between systems. While triaging the event, the analyst obtains the following outputs:Which of the following commands should the analyst use to terminate the malicious session?

CompTIA's CS0-003 Which of the following explains why a company would consider enriching data before sending it to the SIEM?

CompTIA's CS0-003 A company suspects a coordinated effort to attack their platform. Web server logs show malicious activity from many different source IP addresses located in different countries. Which of the following will best help a security analyst identify the requests connected to this campaign?

CompTIA's CS0-003 The DevSecOps team is remediating an SSRF issue on the company's public-facing website. Which of the following is the best mitigation technique to address this issue?

CompTIA's CS0-003 Which of the following is the best technical method to protect sensitive data at an organizational level?

CompTIA's CS0-003 A DevOps analyst implements a webhook to trigger code vulnerability scanning for submissions to the repository. Which of the following is the primary benefit of this enhancement?

CompTIA's CS0-003 A security analyst is looking for information that would serve as an indicator that a given IP address is Involved in other attacks. Which of the following sources of information should the analyst use to achieve this objective?

CompTIA's CS0-003 A security analyst is assessing the security of a cloud environment. The following output is generated when the assessment runs:Authentication error -Instance not found on preset locationWhich of the following should the analyst use to fix the issue?

CompTIA's CS0-003 A SOC manager who recently switched companies notices that their new company's SOC analysts have significantly poorer operational metrics compared to their previous company, without any major difference in alert volume or team size. Which of the following are most likely to be the cause? (Choose two.) E. Morale issues among SOC staff F. Usage of API gateways

CompTIA's CS0-003 An analyst reviews the following web server log entries:%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwdNo attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?

CompTIA's CS0-003 A security analyst is investigating an unusually high volume of requests received on a web server. Based on the following command and output:Which of the following best describes the activity that the analyst will confirm?