CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 321:

  Which of the following is a reason for correctly identifying APTs that might be targeting an organization?

  A. APTs' passion for social justice will make them ongoing and motivated attackers.

  B. APTs utilize methods and technologies differently than other threats.

  C. APTs are primarily focused on financial gain and are widely available over the internet.

  D. APTs lack sophisticated methods, but their dedication makes them persistent.

  Correct Answer: B

• Question 322:

  A large company wants to address frequent outages on critical systems with a secure configurations program. The Chief Information Security Officer (CISO) has asked the analysts to conduct research and make recommendations for a cost-effective solution with the least amount of disruption to the business. Which of the following would be the best way to achieve these goals?

  A. Adopt the CIS security controls as a framework, apply configurations to all assets, and then notify asset owners of the change.

  B. Coordinate with asset owners to assess the impact of the CIS critical security controls, perform testing, and then implement across the enterprise.

  C. Recommend multiple security controls depending on business unit needs, and then apply configurations according to the organization's risk tolerance.

  D. Ask asset owners which configurations they would like, compile the responses, and then present all options to the CISO for approval to implement.

  Correct Answer: B

• Question 323:

  The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?

  A. Whitelisting authorized IP addresses

  B. Blacklisting unauthorized IP addresses

  C. Enforcing more complex password requirements

  D. Establishing a sinkhole service

  Correct Answer: A

• Question 324:

  A security operations manager wants to build out an internal threat-hunting capability. Which of the following should be the first priority when creating a threat-hunting program?

  A. Establishing a hypothesis about which threats are targeting which systems

  B. Profiling common threat actors and activities to create a list of IOCs

  C. Ensuring logs are sent to a centralized location with search and filtering capabilities

  D. Identifying critical assets that will be used to establish targets for threat-hunting activities

  Correct Answer: C

  By aggregating logs in a centralized location with search and filtering capabilities, security analysts can quickly and easily identify anomalous behavior that may indicate a potential threat. Additionally, a centralized location makes it easier to correlate events across multiple systems and identify patterns that may be indicative of an attack.

• Question 325:

  A security analyst is reviewing the logs and notices the following entries:

  

  Which of the following most likely occurred?

  A. LDAP injection

  B. Clickjacking

  C. XSS

  D. SQLi

  Correct Answer: D

• Question 326:

  After running the cat file01.bin | hexdump -C command, a security analyst reviews the following output snippet:

  

  Which of the following digital-forensics techniques is the analyst using?

  A. Reviewing the file hash

  B. Debugging the binary file

  C. Implementing file carving

  D. Verifying the file type

  E. Utilizing reverse engineering

  Correct Answer: D

• Question 327:

  A security analyst recently implemented a new vulnerability scanning platform. The initial scan of 438 hosts found the following vulnerabilities:

  210 critical 1,854 high 1,786 medium 48 low

  The analyst is unsure how to handle such a large-scale remediation effort. Which of the following would be the next logical step?

  A. Identify the assets with a high value and remediate all vulnerabilities on those hosts.

  B. Perform remediation activities for all critical and high vulnerabilities first.

  C. Perform a risk calculation to determine the probability and magnitude of exposure.

  D. Identify the vulnerabilities that affect the most systems and remediate them first.

  Correct Answer: B

• Question 328:

  A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

  A. Disable the appropriate settings in the administrative template of the Group Policy.

  B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.

  C. Modify the registry keys that correlate with the access settings for the System32 directory.

  D. Remove the user's permissions from the various system executables.

  Correct Answer: B

• Question 329:

  After an incident involving a phishing email, a security analyst reviews the following email access log:

  

  Based on this information, which of the following accounts was MOST likely compromised?

  A. CARLB

  B. CINDYP

  C. GILLIANO

  D. ANDREAD

  E. LAURAB

  Correct Answer: D

• Question 330:

  A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned this decision and asked for justification. Which of the following should the analyst provide as justification for the new policy?

  A. SMS relies on untrusted, third-party carrier networks.

  B. SMS tokens are limited to eight numerical characters.

  C. SMS is not supported on all handheld devices in use.

  D. SMS is a cleartext protocol and does not support encryption.

  Correct Answer: D