CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 271:

  A penetration tester submitted data to a form in a web application, which enabled the penetration tester to retrieve user credentials. Which of the following should be recommended for remediation of this application vulnerability?

  A. Implementing multifactor authentication on the server OS

  B. Hashing user passwords on the web application

  C. Performing input validation before allowing submission

  D. Segmenting the network between the users and the web server

  Correct Answer: C

  Input validation is a critical security measure to prevent various types of web application attacks, including SQL injection, cross-site scripting (XSS), and data manipulation. It helps ensure that user inputs are sanitized and do not contain malicious or unexpected data.

• Question 272:

  A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?

  A. Geoblock the offending source country.

  B. Block the IP range of the scans at the network firewall.

  C. Perform a historical trend analysis and look for similar scanning activity.

  D. Block the specific IP address of the scans at the network firewall.

  Correct Answer: A

• Question 273:

  An analyst has received an IPS event notification from the SIEM stating an IP address, which is known to be malicious, has attempted to exploit a zero-day vulnerability on several web servers. The exploit contained the following snippet:

  /wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_userandrole=administrator

  Which of the following controls would work best to mitigate the attack represented by this snippet?

  A. Limit user creation to administrators only.

  B. Limit layout creation to administrators only.

  C. Set the directory trx_addons to read only for all users.

  D. Set the directory V2 to read only for all users.

  Correct Answer: A

  The provided snippet represents an attempt to exploit a vulnerability using a crafted URL to target the /wp-json/trx_addons/V2/get/sc_layout endpoint, with parameters indicating a potential attack on WordPress to insert a user with an administrator role. To mitigate this attack, you would want to focus on preventing unauthorized user creation and limiting access to sensitive endpoints.

• Question 274:

  Which of the following activities is designed to handle a control failure that leads to a breach?

  A. Risk assessment

  B. Incident management

  C. Root cause analysis

  D. Vulnerability management

  Correct Answer: B

  Incident management is a process that aims to handle a control failure that leads to a breach by restoring normal operations as quickly as possible and minimizing the impact and damage of the incident. Incident management involves activities such as identifying, analyzing, containing, eradicating, recovering, and learning from security incidents. Risk assessment, root cause analysis, and vulnerability management are other processes related to security management, but they are not designed to handle a control failure that leads to a breach.

  Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

• Question 275:

  A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the team create to address this issue?

  A. Service-level agreement

  B. Change management plan

  C. Incident response plan

  D. Memorandum of understanding

  Correct Answer: C

  An incident response plan outlines the procedures, roles, and responsibilities for responding to security incidents within an organization. It provides clear guidance on how to handle different types of incidents, including who is responsible for what actions during and after an incident.

• Question 276:

  A code review reveals a web application is using time-based cookies for session management. This is a security concern because time-based cookies are easy to:

  A. parameterize

  B. decode

  C. guess

  D. decrypt

  Correct Answer: C

  Time-based cookies are a security concern because they are often easier to guess. This vulnerability arises because time-based cookies typically rely on predictable elements, such as the current timestamp, to generate session identifiers. If an attacker can predict or determine the time at which the cookie was created, they may be able to guess the session ID, leading to unauthorized access. For example, if a session ID is based solely on the server's current time when the session is created, an attacker could use trial and error to guess the time value and, therefore, the session ID. This makes the session susceptible to session hijacking attacks, where an attacker can take over a user's session by guessing the session identifier. In contrast, secure session management practices involve using complex, random, and unpredictable values for session IDs to prevent them from being easily guessed or predicted.

• Question 277:

  An organization has the following risk mitigation policies

  1.

  Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000

  2.

  Other nsk mitigation will be pnontized based on risk value.

  The following risks have been identified: Which of the following is the ordei of priority for risk mitigation from highest to lowest?

  

  A. A, C, D, B

  B. B, C, D, A

  C. C, B, A, D

  D. C. D, A, B

  E. D, C, B, A

  Correct Answer: C

  The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.

• Question 278:

  Which of the following is the best reason why organizations need operational security controls?

  A. To supplement areas that other controls cannot address

  B. To limit physical access to areas that contain sensitive data

  C. To assess compliance automatically against a secure baseline

  D. To prevent disclosure by potential insider threats

  Correct Answer: A

  Operational security controls are security measures that are implemented and executed by people rather than by systems. Operational security controls are needed to supplement areas that other controls, such as technical or physical controls, cannot address. For example, operational security controls can include policies, procedures, training, awareness, audits, reviews, testing, etc. These controls can help ensure that employees follow best practices, comply with regulations, detect and report incidents, and respond to emergencies. The other options are not specific to operational security controls or are too narrow in scope. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0002), page 14; https://www.isaca.org/resources/isacajournal/issues6/volume-3/operational-security-controls

• Question 279:

  A technician working at company.com received the following email:

  

  After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

  A. Forwarding of corporate email should be disallowed by the company.

  B. A VPN should be used to allow technicians to troubleshoot computer issues securely.

  C. An email banner should be implemented to identify emails coming from external sources.

  D. A rule should be placed on the DLP to flag employee IDs and serial numbers.

  Correct Answer: C

  An email banner is a message that is added to the top or bottom of an email to provide some information or warning to the recipient. An email banner should be implemented to identify emails coming from external sources to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets. An email banner can help employees recognize phishing or spoofing attempts and avoid clicking on malicious links or attachments. It can also remind employees not to share confidential information with external parties or forward corporate emails to personal accounts. The other options are not relevant or effective for this purpose. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 13; https://www.csoonline.com/article5970/what-is-spoofing-definition-and-how-to-preventit.html

• Question 280:

  A company is aiming to test a new incident response plan. The management team has made it clear that the initial test should have no impact on the environment. The company has limited resources to support testing. Which of the following exercises would be the best approach?

  A. Tabletop scenarios

  B. Capture the flag

  C. Red team vs. blue team

  D. Unknown-environment penetration test

  Correct Answer: A

  A tabletop scenario is an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios. A tabletop scenario is the best approach for a company that wants to test a new incident response plan without impacting the environment or using many resources. A tabletop scenario can help the company identify strengths and weaknesses in their plan, clarify roles and responsibilities, and improve communication and coordination among team members. The other options are more intensive and disruptive exercises that involve simulating a real incident or attack. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 16; https://www.linkedin.com/pulse/tabletop-exercises-explained-matt-lemon-phd