Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Searching for workable clues to ace the CompTIA CS0-003 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CS0-003 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 113

An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?

A.

Insider threat

B.

Ransomware group

C.

Nation-state

D.

Organized crime

Full Access
Question # 114

A security analyst reviews a packet capture and identifies the following output as anomalous:

13:49:57.553161 TP10.203.10.17.45701 > 10.203.10.22.12930:Flags[FPU],seq108331482,win1024,urg0,length0

13:49:57.553162 IP10.203.10.17.45701 > 10.203.10.22.48968:Flags[FPU],seq108331482,win1024,urg0,length0

...

Which of the following activities explains the output?

A.

Nmap Xmas scan

B.

Nikto ' s web scan

C.

Socat ' s proxying traffic using the urgent flag

D.

Angry IP Scanner output

Full Access
Question # 115

An auditor is reviewing an evidence log associated with a cybercrime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not properly followed?

A.

Validating data integrity

B.

Preservation

C.

Legal hold

D.

Chain of custody

Full Access
Question # 116

A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application. Which of the following actions should a SOC analyst take first after receiving the report?

A.

Implement a vulnerability scan to determine whether the environment is at risk.

B.

Block the IP addresses and domains from the report in the web proxy and firewalls.

C.

Verify whether the information is relevant to the organization.

D.

Analyze the web application logs to identify any suspicious or malicious activity.

Full Access
Question # 117

Given the following CVSS string-

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/3:U/C:K/I:K/A:H

Which of the following attributes correctly describes this vulnerability?

A.

A user is required to exploit this vulnerability.

B.

The vulnerability is network based.

C.

The vulnerability does not affect confidentiality.

D.

The complexity to exploit the vulnerability is high.

Full Access
Question # 118

A security analyst needs to identify the devices in a critical infrastructure network that handles an oil and gas pipeline. The network has devices connected over IPv4 using either HTTP or Modbus protocols running on the standard ports. Which of the following approaches should the analyst use to achieve the objective?

A.

Employ the IT vulnerability scanner to target ports 80 and 502.

B.

Use banner grabbing with Netcat on TCP ports 80 and 502.

C.

Perform an Nmap -sS -A -p 80,502 scan.

D.

Scan the ICS network using Masscan --open-only -p80,502.

Full Access
Question # 119

An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and performs cleanup routines on it infected hosts, including deletion of initial dropper and removal of event log entries and prefetch files from the host. Which of the following data sources would most likely reveal evidence of the root cause?

(Select two).

A.

Creation time of dropper

B.

Registry artifacts

C.

EDR data

D.

Prefetch files

E.

File system metadata

F.

Sysmon event log

Full Access
Question # 120

An analyst is becoming overwhelmed with the number of events that need to be investigated for a timeline. Which of the following should the analyst focus on in order to move the incident forward?

A.

Impact

B.

Vulnerability score

C.

Mean time to detect

D.

Isolation

Full Access
Go to page: