CompTIA CompTIA Certifications CS0-003 Questions & Answers

• Question 451:

  A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:

  1.

  Security Policy 1006: Vulnerability Management

  2.

  The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.

  3.

  In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.

  4.

  The Company shall prioritize patching of publicly available systems and services over patching of internally available system.

  According to the security policy, which of the following vulnerabilities should be the highest priority to patch?

  A. Name: THOR HAMMER CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H internal System

  B. Name: CAP.SHIELD CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N External System

  C. Name: LOKI.DAGGER CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H External System

  D. Name: THANOS.GAUNTLET CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Internal System

  Correct Answer: B

  Based on the security policy and the CVSSv3.1 Base Scores, vulnerability B (CAP.SHIELD) with a high impact on confidentiality should be the highest priority to patch. It is an externally accessible system, and since confidentiality takes precedence over availability, it should be addressed before other vulnerabilities.

• Question 452:

  Which of the following will most likely ensure that mission-critical services are available in the event of an incident?

  A. Business continuity plan

  B. Vulnerability management plan

  C. Disaster recovery plan

  D. Asset management plan

  Correct Answer: A

• Question 453:

  Which of the following items should be included in a vulnerability scan report? (Choose two.)

  A. Lessons learned

  B. Service-level agreement

  C. Playbook

  D. Affected hosts

  E. Risk score

  F. Education plan

  Correct Answer: DE

  A vulnerability scan report should include information about the affected hosts, such as their IP addresses, hostnames, operating systems, and services. It should also include a risk score for each vulnerability, which indicates the severity and potential impact of the vulnerability on the host and the organization. Official https://www.first.org/cvss/

• Question 454:

  The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

  A. A mean time to remediate of 30 days

  B. A mean time to detect of 45 days

  C. A mean time to respond of 15 days

  D. Third-party application testing

  Correct Answer: A

  A mean time to remediate (MTTR) is a metric that measures how long it takes to fix a vulnerability after it is discovered. A MTTR of 30 days would best protect the organization from the new attacks that are exploited 45 days after a patch is released, as it would ensure that the vulnerabilities are fixed before they are exploited

• Question 455:

  A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?

  A. CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H: K/A: L

  B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

  C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H

  D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H

  Correct Answer: A

  This answer matches the description of the zero-day threat. The attack vector is network (AV:N), the attack complexity is low (AC:L), no privileges are required (PR:N), no user interaction is required (UI:N), the scope is unchanged (S:U), the confidentiality and integrity impacts are high (C:H/I:H), and the availability impact is low (A:L). Official https://nvd.nist.gov/vuln-metrics/cvss

• Question 456:

  A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

  A. There is an issue with the SSL certificate causinq port 443 to become unavailable for HTTPS access

  B. An on-path attack is being performed by someone with internal access that forces users into port 80

  C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80

  D. An error was caused by BGP due to new rules applied over the company's internal routers

  Correct Answer: B

  An on-path attack is a type of man-in-the-middle attack where an attacker intercepts and modifies network traffic between two parties. In this case, someone with internal access may be performing an on-path attack by forcing users into port 80, which is used for HTTP communication, instead of port 443, which is used for HTTPS communication. This would allow the attacker to compromise the user accounts and access the company's internal portal.

• Question 457:

  A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script:

  foreach ($user in Get-Content .\this.txt)

  {

  Get-ADUser $user -Properties primaryGroupID |select-object pr:

  Add-ADGroupMember "Domain Users" -Members $user

  Set-ADUser $user -Replace 0(primaryGroupID=513)

  }

  Which of the following scripting languages was used in the script?

  A. PowerShel

  B. Ruby

  C. Python

  D. Shell script

  Correct Answer: A

  The script uses PowerShell syntax, such as cmdlets, parameters, variables, and comments. PowerShell is a scripting language that can be used to automate tasks and manage systems.

• Question 458:

  Which of the following tools would work best to prevent the exposure of PII outside of an organization?

  A. PAM

  B. IDS

  C. PKI

  D. DLP

  Correct Answer: D

  Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting, and blocking sensitive data in motion, in use, or at rest.

• Question 459:

  An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

  

  Which of the following tuning recommendations should the security analyst share?

  A. Set an HttpOnlvflaq to force communication by HTTPS

  B. Block requests without an X-Frame-Options header

  C. Configure an Access-Control-Allow-Origin header to authorized domains

  D. Disable the cross-origin resource sharing header

  Correct Answer: C

• Question 460:

  SIMULATION

  You are a penetration tester who is reviewing the system hardening guidelines for a company. Hardening guidelines indicate the following.

  1.

  There must be one primary server or service per device.

  2.

  Only default port should be used

  3.

  Non-secure protocols should be disabled.

  4.

  The corporate internet presence should be placed in a protected subnet Instructions :

  Using the available tools, discover devices on the corporate network and the services running on these devices.

  You must determine

  1.

  ip address of each device

  2.

  The primary server or service each device

  3.

  The protocols that should be disabled based on the hardening guidelines

  

  

  A. see the answer below in explanation.

  B. PlaceHoder

  C. PlaceHoder

  D. PlaceHoder

  Correct Answer: A