CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 191:

  An organization has deployed a cloud-based storage system for shared data that is in phase two of the data life cycle. Which of the following controls should the security team ensure are addressed? (Choose two.)

  A. Data classification

  B. Data destruction

  C. Data loss prevention

  D. Encryption

  E. Backups

  F. Access controls

  Correct Answer: DF

• Question 192:

  An analyst is conducting routine vulnerability assessments on the company infrastructure. When performing these scans, a business-critical server crashes, and the cause is traced back to the vulnerability scanner. Which of the following is the cause of this issue?

  A. The scanner is running without an agent installed.

  B. The scanner is running in active mode.

  C. The scanner is segmented improperly

  D. The scanner is configured with a scanning window

  Correct Answer: B

  These scans can sometimes overload or disrupt target systems, especially if they are not configured or managed properly. In some cases, active scans can trigger vulnerabilities or cause service disruptions, leading to unexpected issues like a server crash.

• Question 193:

  An organization's threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials. Which of the following controls would be most effective to reduce the rate of success of such attempts?

  A. Set user account control protection to the most restrictive level on all devices

  B. Implement MFA requirements for all internal resources

  C. Harden systems by disabling or removing unnecessary services

  D. Implement controls to block execution of untrusted applications

  Correct Answer: C

• Question 194:

  A new zero-day vulnerability was released. A security analyst is prioritizing which systems should receive deployment of compensating controls deployment first. The systems have been grouped into the categories shown below:

  

  Which of the following groups should be prioritized for compensating controls?

  A. Group A

  B. Group B

  C. Group C

  D. Group D

  Correct Answer: C

• Question 195:

  A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?

  A. OSSTMM

  B. Diamond Model of Intrusion Analysis

  C. OWASP

  D. MITRE ATTandCK

  Correct Answer: D

  The MITRE ATTandCK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base that provides detailed information about various attack techniques and tactics employed by adversaries. It categorizes and describes different attack vectors, tactics, and techniques used in real-world cyberattacks. Organizations can use the MITRE ATTandCK framework to understand the threats they face, map security controls to specific attack techniques, and develop effective defensive strategies.

• Question 196:

  Which of the following actions would an analyst most likely perform after an incident has been investigated?

  A. Risk assessment

  B. Root cause analysis

  C. Incident response plan

  D. Tabletop exercise

  Correct Answer: B

  After an incident has been investigated, one of the most important actions is to perform a root cause analysis. Root cause analysis helps in identifying the underlying reasons or factors that led to the incident in the first place. By understanding the root causes, organizations can implement corrective actions to prevent similar incidents from occurring in the future. This analysis is crucial for improving the overall security posture and resilience of the organization.

  Reference: https://www.ibm.com/topics/incident-response

• Question 197:

  A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding?

  A. Establish quarterly SDLC training on the top vulnerabilities for developers

  B. Conduct a yearly inspection of the code repositories and provide the report to management.

  C. Hire an external penetration test of the network

  D. Deploy more vulnerability scanners for increased coverage

  Correct Answer: A

  The finding in the audit suggests a need to improve awareness of secure coding practices. The most appropriate action to address this finding is to provide training to the development team on secure coding practices.

• Question 198:

  Which of the following best describes the process of requiring remediation of a known threat within a given time frame?

  A. SLA

  B. MOU

  C. Best-effort patching

  D. Organizational governance

  Correct Answer: A

  An SLA is a formal agreement between two parties that defines the level of service, responsibilities, and expectations. It often includes specific terms related to the time frame within which certain actions or services must be performed. Requiring remediation of a known threat within a given time frame can be part of an SLA related to cybersecurity or incident response, ensuring that security issues are addressed promptly and effectively.

• Question 199:

  Which of the following risk management principles is accomplished by purchasing cyber insurance?

  A. Accept

  B. Avoid

  C. Mitigate

  D. Transfer

  Correct Answer: D

  Transfer is the risk management principle that is accomplished by purchasing cyber insurance. Transfer is a strategy that involves shifting the risk or its consequences to another party, such as an insurance company, a vendor, or a partner. Transfer does not eliminate the risk, but it reduces the potential impact or liability of the risk for the original party. Cyber insurance is a type of insurance that covers the losses and damages resulting from cyberattacks, such as data breaches, ransomware, denial-of-service attacks, or network disruptions. Cyber insurance can help transfer the risk of cyber incidents by providing financial compensation, legal assistance, or recovery services to the insured party.

  https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives https://www.comptia.org/certifications/cybersecurity-analyst https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered

• Question 200:

  An organization enabled a SIEM rule to send an alert to a security analyst distribution list when ten failed logins occur within one minute. However, the control was unable to detect an attack with nine failed logins. Which of the following best represents what occurred?

  A. False positive

  B. True negative

  C. False negative

  D. True positive

  Correct Answer: C