Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 121

A Chief Information Security Officer has outlined several requirements for a new vulnerability scanning project:

. Must use minimal network bandwidth

. Must use minimal host resources

. Must provide accurate, near real-time updates

. Must not have any stored credentials in configuration on the scanner

Which of the following vulnerability scanning methods should be used to best meet these requirements?

A.

Internal

B.

Agent

C.

Active

D.

Uncredentialed

Full Access
Question # 122

The SOC received a threat intelligence notification indicating that an employee's credentials were found on the dark web. The user's web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor

authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?

A.

Perform a forced password reset.

B.

Communicate the compromised credentials to the user.

C.

Perform an ad hoc AV scan on the user's laptop.

D.

Review and ensure privileges assigned to the user's account reflect least privilege.

E.

Lower the thresholds for SOC alerting of suspected malicious activity.

Full Access
Question # 123

AXSS vulnerability was reported on one of the non-sensitive/non-mission-critical public websites of a company. The security department confirmed the finding and needs to provide a recommendation to the application owner. Which of the following recommendations will best prevent this vulnerability from being exploited? (Select two).

A.

Implement an IPS in front of the web server.

B.

Enable MFA on the website.

C.

Take the website offline until it is patched.

D.

Implement a compensating control in the source code.

E.

Configure TLS v1.3 on the website.

F.

Fix the vulnerability using a virtual patch at the WAF.

Full Access
Question # 124

An organization has tracked several incidents that are listed in the following table:

Which of the following is the organization's MTTD?

A.

140

B.

150

C.

160

D.

180

Full Access
Question # 125

A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls, and two-factor authentication. Which of the following

does this most likely describe?

A.

System hardening

B.

Hybrid network architecture

C.

Continuous authorization

D.

Secure access service edge

Full Access
Question # 126

An incident response analyst is investigating the root cause of a recent malware outbreak. Initial binary analysis indicates that this malware disables host security services and performs cleanup routines on it infected hosts, including deletion of initial dropper and removal of event log entries and prefetch files from the host. Which of the following data sources would most likely reveal evidence of the root cause?

(Select two).

A.

Creation time of dropper

B.

Registry artifacts

C.

EDR data

D.

Prefetch files

E.

File system metadata

F.

Sysmon event log

Full Access
Question # 127

A security analyst would like to integrate two different SaaS-based security tools so that one tool can notify the other in the event a threat is detected. Which of the following should the analyst utilize to best accomplish this goal?

A.

SMB share

B.

API endpoint

C.

SMTP notification

D.

SNMP trap

Full Access
Go to page: