Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 97

An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed?

A.

Blocklisting

B.

Allowlisting

C.

Graylisting

D.

Webhooks

Full Access
Question # 98

A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware, based on its telemetry?

A.

Cross-reference the signature with open-source threat intelligence.

B.

Configure the EDR to perform a full scan.

C.

Transfer the malware to a sandbox environment.

D.

Log in to the affected systems and run necstat.

Full Access
Question # 99

A threat hunter seeks to identify new persistence mechanisms installed in an organization's environment. In collecting scheduled tasks from all enterprise workstations, the following host details are aggregated:

Which of the following actions should the hunter perform first based on the details above?

A.

Acquire a copy of taskhw.exe from the impacted host

B.

Scan the enterprise to identify other systems with taskhw.exe present

C.

Perform a public search for malware reports on taskhw.exe.

D.

Change the account that runs the -caskhw. exe scheduled task

Full Access
Question # 100

An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?

A.

CDN

B.

Vulnerability scanner

C.

DNS

D.

Web server

Full Access
Question # 101

A company was able to reduce triage time by focusing on historical trend analysis. The business partnered with the security team to achieve a 50% reduction in phishing attempts year over year. Which of the following action plans led to this reduced triage time?

A.

Patching

B.

Configuration management

C.

Awareness, education, and training

D.

Threat modeling

Full Access
Question # 102

A security analyst is reviewing the logs of a web server and notices that an attacker has attempted to exploit a SQL injection vulnerability. Which of the following tools can the analyst use to analyze the attack and prevent future attacks?

A.

A web application firewall

B.

A network intrusion detection system

C.

A vulnerability scanner

D.

A web proxy

Full Access
Question # 103

The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled. Which of the following should the organization utilize to best centralize the workload for the internal security team? (Select two).

A.

SOAR

B.

SIEM

C.

MSP

D.

NGFW

E.

XDR

F.

DLP

Full Access
Question # 104

An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?

A.

Identify and discuss the lessons learned with the prior analyst.

B.

Accept all findings and continue to investigate the next item target.

C.

Review the steps that the previous analyst followed.

D.

Validate the root cause from the prior analyst.

Full Access
Go to page: