CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 261:

  A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue?

  A. The server was configured to use SSL to securely transmit data.

  B. The server was supporting weak TLS protocols for client connections.

  C. The malware infected all the web servers in the pool.

  D. The digital certificate on the web server was self-signed.

  Correct Answer: D

  A digital certificate is a document that contains the public key and identity information of a web server, and is signed by a trusted third-party authority called a certificate authority (CA). A digital certificate allows the web server to establish a secure connection with the clients using the HTTPS protocol, and also verifies the authenticity of the web server. A self-signed certificate is a digital certificate that is not signed by a CA, but by the web server itself. A self-signed certificate can cause issues with the website, as it may not be trusted by the clients or their browsers. Clients may receive warnings or errors when trying to access the website, indicating that the site could not be trusted or that the connection is not secure.

  https://www.comptia.org/blog/the-new-comptia-cybersecurity-analyst-your-questions-answered https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives https://www.techtarget.com/searchsecurity/quiz/Sample-CompTIA-CySA-test-questions-with-answers

• Question 262:

  A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system. The analyst will use the following CVSSv3.1 impact metrics for prioritization:

  

  Which of the following vulnerabilities should be prioritized for remediation?

  A. 1

  B. 2

  C. 3

  D. 4

  Correct Answer: D

  Since the company is concerned with ensuring the accuracy of the data, the analyst must prioritize integrity over other data. Analyzing the values in the table, options A, B, C would be discarded as having an L or N impact

• Question 263:

  Patches for two highly exploited vulnerabilities were released on the same Friday afternoon. Information about the systems and vulnerabilities is shown in the tables below:

  

  

  Which of the following should the security analyst prioritize for remediation?

  A. rogers

  B. brady

  C. brees

  D. manning

  Correct Answer: B

• Question 264:

  A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not modified?

  A. Generate a hash value and make a backup image.

  B. Encrypt the device to ensure confidentiality of the data.

  C. Protect the device with a complex password.

  D. Perform a memory scan dump to collect residual data

  Correct Answer: A

• Question 265:

  Which of the following best describes the goal of a tabletop exercise?

  A. To test possible incident scenarios and how to react properly

  B. To perform attack exercises to check response effectiveness

  C. To understand existing threat actors and how to replicate their techniques

  D. To check the effectiveness of the business continuity plan

  Correct Answer: A

  A tabletop exercise is a type of simulation exercise that involves testing possible incident scenarios and how to react properly, without actually performing any actions or using any resources. A tabletop exercise is usually conducted by a facilitator who presents a realistic scenario to a group of participants, such as a cyberattack, a natural disaster, or a data breach. The participants then discuss and evaluate their roles, responsibilities, plans, procedures, and policies for responding to the incident, as well as the potential impacts and outcomes. A tabletop exercise can help identify strengths and weaknesses in the incident response plan, improve communication and coordination among the stakeholders, raise awareness and preparedness for potential incidents, and provide feedback and recommendations for improvement.

• Question 266:

  A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?

  A. Help desk

  B. Law enforcement

  C. Legal department

  D. Board member

  Correct Answer: C

  When updating a reporting policy that pertains to inappropriate use of resources, it's important to involve the legal department as one of the first steps. Inappropriate use of resources can have legal implications, and involving the legal department ensures that the policy aligns with legal regulations and requirements. They can provide guidance on the appropriate actions to take and help ensure that the policy is comprehensive and legally sound.

• Question 267:

  Given the following CVSS string:

  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  Which of the following attributes correctly describes this vulnerability?

  A. A user is required to exploit this vulnerability.

  B. The vulnerability is network based.

  C. The vulnerability does not affect confidentiality.

  D. The complexity to exploit the vulnerability is high.

  Correct Answer: B

  AV:N: vulnerability is network-based AC:L: attack complexity is low PR:N: privileges are not required to exploit the vulnerability UI:N: no user interaction required

  S:U: scope of the impact is unchanged (unchanged scope).

  C:H: confidentiality impact is high.

  I:H: integrity impact is high.

  A:H: availability impact is high.

  The vulnerability is network based is the correct attribute that describes this vulnerability, as it can be inferred from the CVSS string. CVSS stands for Common Vulnerability Scoring System, which is a framework that assigns numerical scores and ratings to vulnerabilities based on their characteristics and severity. The CVSS string consists of several metrics that define different aspects of the vulnerability, such as the attack vector, the attack complexity, the privileges required, the user interaction, the scope, and the impact on confidentiality, integrity and availability. The first metric in the CVSS string is the attack vector (AV), which indicates how the vulnerability can be exploited. The value of AV in this case is N, which stands for network. This means that the vulnerability can be exploited remotely over a network connection, without physical or logical access to the target system. Therefore, the vulnerability is network based.

  https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-002-exam-objectives https://www.comptia.org/certifications/cybersecurity-analyst https://packitforwarding.com/index.php/2019/01/10/comptia-cysa-common-vulnerability-scoring-system

• Question 268:

  A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that cryptomining is occurring. Which of the following indicators would most likely lead the team to this conclusion?

  A. High GPU utilization

  B. Bandwidth consumption

  C. Unauthorized changes

  D. Unusual traffic spikes

  Correct Answer: A

  Cryptomining, especially when performed on cloud resources without authorization, is a resource-intensive activity

• Question 269:

  A cybersecurity team lead is developing metrics to present in the weekly executive briefs. Executives are interested in knowing how long it takes to stop the spread of malware that enters the network. Which of the following metrics should the team lead include in the briefs?

  A. Mean time between failures

  B. Mean time to detect

  C. Mean time to remediate

  D. Mean time to contain

  Correct Answer: C

• Question 270:

  An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:

  1.

  created the initial evidence log.

  2.

  disabled the wireless adapter on the device.

  3.

  interviewed the employee, who was unable to identify the website that was accessed.

  4.

  reviewed the web proxy traffic logs.

  Which of the following should the analyst do to remediate the infected device?

  A. Update the system firmware and reimage the hardware.

  B. Install an additional malware scanner that will send email alerts to the analyst.

  C. Configure the system to use a proxy server for Internet access.

  D. Delete the user profile and restore data from backup.

  Correct Answer: A

  Updating the system firmware and reimaging the hardware is the best action to perform to remediate the infected device, as it helps to ensure that the device is restored to a clean and secure state and that any traces of malware are removed. Firmware is a type of software that controls the low-level functions of a hardware device, such as a motherboard, hard drive, or network card. Firmware can be updated or flashed to fix bugs, improve performance, or enhance security. Reimaging is a process of erasing and restoring the data on a storage device, such as a hard drive or a solid state drive, using an image file that contains a copy of the operating system, applications, settings, and files. Reimaging can help to recover from system failures, data corruption, or malware infections. Updating the system firmware and reimaging the hardware can help to remediate the infected device by removing any malicious code or configuration changes that may have been made by the malware, as well as restoring any missing or damaged files or settings that may have been affected by the malware. This can help to prevent further damage, data loss, or compromise of the device or the network. The other actions are not as effective or appropriate as updating the system firmware and reimaging the hardware, as they do not address the root cause of the infection or ensure that the device is fully cleaned and secured. Installing an additional malware scanner that will send email alerts to the analyst may help to detect and remove some types of malware, but it may not be able to catch all malware variants or remove them completely. It may also create conflicts or performance issues with other security tools or systems on the device. Configuring the system to use a proxy server for Internet access may help to filter or monitor some types of malicious traffic or requests, but it may not prevent or remove malware that has already infected the device or that uses other methods of communication or propagation. Deleting the user profile and restoring data from backup may help to recover some data or settings that may have been affected by the malware, but it may not remove malware that has infected other parts of the system or that has persisted on the device.