An organization is concerned about the security posture of vendors with access to its facilities and systems. The organization wants to implement a vendor review process to ensure the policies implemented by vendors are in line with its own. Which of the following will provide the highest assurance of compliance?
A. An in-house red-team report
B. A vendor self-assessment report
C. An independent third-party audit report
D. Internal and external scans from an approved third-party vulnerability vendor
A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development team is initiating?
A. Static analysis
B. Stress testing
C. Code review
D. User acceptance testing
A new prototype for a company's flagship product was leaked on the internet. As a result, the management team has locked out all USB dives. Optical drive writers are not present on company computers. The sales team has been granted an exception to share sales presentation files with third parties. Which of the following would allow the IT team to determine which devices are USB enabled?
A. Asset tagging
B. Device encryption
C. Data loss prevention
D. SIEM logs
A security officer needs to find a solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the most cost-effective solution?
A. Require users to sign NDAs.
B. Create a data minimization plan.
C. Add access control requirements.
D. Implement a data loss prevention solution.
A security analyst is evaluating the following support ticket:
Issue: Marketing campaigns are being filtered by the customer's email servers.
Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:
1.
The SPF result is PermError.
2.
The SPF result is SoftFail or Fail.
3.
The 550 SPF check failed.
Which of the following should the analyst do next?
A. Ask the marketing partner's ISP to disable the DKIM setting.
B. Request approval to disable DMARC on the company's ISP.
C. Ask the customers to disable SPF validation.
D. Request a configuration change on the company's public DNS.
An application must pass a vulnerability assessment to move to the next gate. Consequently, any security issues that are found must be remediated prior to the next gate. Which of the following best describes the method for end-to-end vulnerability assessment?
A. Security regression testing
B. Static analysis
C. Dynamic analysis
D. Stress testing
A development team is discussing the implementation of parameterized queries to address several software vulnerabilities. Which of the following is the most likely type of vulnerability the team is trying to remediate?
A. SQL injection
B. CSRF
C. On-path attack
D. XSS
An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize is efforts?
A. OS type
B. OS or application versions
C. Patch availability
D. System architecture
E. Mission criticality
A security analyst s monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to respond?
A. Report this activity as a false positive, as the activity is legitimate.
B. Isolate the system and begin a forensic investigation to determine what was compromised.
C. Recommend network segmentation to the management team as a way to secure the various environments.
D. Implement host-bases firewalls on all systems to prevent ping sweeps in the future.
While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue?
A. Data execution prevention
B. Output encoding
C. Prepared statements
D. Parameterized queries
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.