CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 361:

  Which of the following BEST explains the function of a managerial control?

  A. To scope the security planning, program development, and maintenance of the security life cycle

  B. To guide the development of training, education, security awareness programs, and system maintenance

  C. To implement data classification, risk assessments, security control reviews, and contingency planning

  D. To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

  Correct Answer: C

  https://www.examtopics.com/discussions/comptia/view/84935-exam-cs0-002-topic-1-question-191-discussion/

• Question 362:

  Which of the following provides an automated approach to checking a system configuration?

  A. SCAP

  B. CI/CD

  C. OVAL

  D. Scripting

  E. SOAR

  Correct Answer: A

  SCAP (Security Content Automation Protocol) is a standardized language for expressing and manipulating security data, including system configuration information. It provides a systematic, automated approach to checking a system configuration, making it easier to assess the security of a system and identify vulnerabilities. SCAP enables organizations to automate the process of security configuration management and assessment, reducing the risk of security breaches and ensuring that systems are configured securely. By using SCAP, organizations can improve their overall security posture, as well as comply with various regulations and industry standards.

• Question 363:

  A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will BEST remedy the vulnerability?

  A. Prepared statements

  B. Server-side input validation

  C. Client-side input encoding

  D. Disabled JavaScript filtering

  Correct Answer: B

  The BEST solution to remedy the cross-site scripting vulnerability on the company's website is option B, server-side input validation.

  Server-side input validation involves checking user input on the server side to ensure that it meets expected criteria before it is processed or stored. This can prevent malicious code from being injected into the website and reduce the risk of cross-site scripting attacks.

• Question 364:

  During a company's most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following:

  The development team used a new software language that was not supported by the security team's automated assessment tools.

  During the deployment, the security assessment team was unfamiliar with the new language and struggled to evaluate the software during advanced testing. Therefore, the vulnerability was not detected. The current IPS did not have effective

  signatures and policies in place to detect and prevent runtime attacks on the new application.

  To allow this new technology to be deployed securely going forward, which of the following will BEST address these findings? (Choose two.)

  A. Train the security assessment team to evaluate the new language and verify that best practices for secure coding have been followed

  B. Work with the automated assessment-tool vendor to add support for the new language so these vulnerabilities are discovered automatically

  C. Contact the human resources department to hire new security team members who are already familiar with the new language

  D. Run the software on isolated systems so when they are compromised, the attacker cannot pivot to adjacent systems

  E. Instruct only the development team to document the remediation steps for this vulnerability

  F. Outsource development and hosting of the applications in the new language to a third-party vendor so the risk is transferred to that provider

  Correct Answer: AB

• Question 365:

  A security team is struggling with alert fatigue, and the Chief Information Security Officer has decided to purchase a SOAR platform to alleviate this issue. Which of the following BEST describes how a SOAR platform will help the security team?

  A. SOAR will integrate threat intelligence into the alerts, which will help the security team decide which events should be investigated first.

  B. A SOAR platform connects the SOC with the asset database, enabling the security team to make informed decisions immediately based on asset criticality.

  C. The security team will be able to use the SOAR framework to integrate the SIEM with a TAXII server, which has an automated intelligence feed that will enhance the alert data.

  D. Logic can now be created that will allow the SOAR platform to block specific traffic at the firewall according to predefined event triggers and actions.

  Correct Answer: A

• Question 366:

  An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, which of the following BEST explains alternate data streams?

  A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources.

  B. A way to store data on an external drive attached to a Windows machine that is not readily accessible to users.

  C. A Windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file.

  D. A Windows attribute that can be used by attackers to hide malicious files within system memory.

  Correct Answer: C

• Question 367:

  A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

  A. Disable the appropriate settings in the administrative template of the Group Policy.

  B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.

  C. Modify the registry keys that correlate with the access settings for the System32 directory.

  D. Remove the user's permissions from the various system executables.

  Correct Answer: B

  AppLocker: This is a Windows feature that allows administrators to control which applications and files users can run. By creating a set of whitelist (allowed applications) and blacklist (blocked applications) rules specific to group membership, the security analyst can effectively control access to the command prompt, PowerShell, and other system utilities based on the user's group membership. This provides a flexible and manageable solution to restrict unauthorized access.

• Question 368:

  A cybersecurity analyst is concerned about attacks that use advanced evasion techniques. Which of the following would best mitigate such attacks?

  A. Keeping IPS rules up to date

  B. Installing a proxy server

  C. Applying network segmentation

  D. Updating the antivirus software

  Correct Answer: A

  Keeping IPS rules up to date is the best way to mitigate attacks that use advanced evasion techniques. An IPS (intrusion prevention system) is a security device that monitors network traffic and blocks or prevents malicious activity based on predefined rules or signatures. Advanced evasion techniques are cyberattacks that combine various evasion methods to bypass security detection and protection tools, such as IPS. Keeping IPS rules up to date can help to ensure that the IPS can recognize and block the latest advanced evasion techniques and prevent them from compromising the network .

• Question 369:

  A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

  A. Perform static code analysis.

  B. Require application fuzzing.

  C. Enforce input validation.

  D. Perform a code review.

  Correct Answer: C

• Question 370:

  The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

  

  Which of the following should the organization consider investing in first due to the potential impact of availability?

  A. Hire a managed service provider to help with vulnerability management.

  B. Build a warm site in case of system outages.

  C. Invest in a failover and redundant system, as necessary.

  D. Hire additional staff for the IT department to assist with vulnerability management and log review.

  Correct Answer: C

  Investing in a failover and redundant system, as necessary, is the best solution to improve the availability of the organiza"dents. A failover system is a backup system that automatically takes over the operation of a primary system in case of a failure or outage. A redundant system is a duplicate system that runs simultaneously with the primary system and provides backup functionality if needed. Investing in a failover and redundant system can help to "ystems are always available and can handle the workload without interruption or degradation .