Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CS0-003 Exam Dumps - CompTIA CyberSecurity Analyst CySA+ Certification Exam

Go to page:
Question # 41

An analyst receives alerts that state the following traffic was identified on the perimeter network firewall:

Which of the following best describes the indicator of compromise that triggered the alerts?

A.

Anomalous activity

B.

Bandwidth saturation

C.

Cryptomining

D.

Denial of service

Full Access
Question # 42

A cybersecurity analyst is recording the following details

* ID

* Name

* Description

* Classification of information

* Responsible party

In which of the following documents is the analyst recording this information?

A.

Risk register

B.

Change control documentation

C.

Incident response playbook

D.

Incident response plan

Full Access
Question # 43

A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://offce365password.acme.co. The site's standard VPN logon page is

www.acme.com/logon. Which of the following is most likely true?

A.

This is a normal password change URL.

B.

The security operations center is performing a routine password audit.

C.

A new VPN gateway has been deployed

D.

A social engineering attack is underway

Full Access
Question # 44

A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?

A.

Randomly generate and store all possible file hash values.

B.

Create a default rule to alert on any change to the system.

C.

Integrate with an open-source threat intelligence feed.

D.

Manually add known threat signatures into the tool.

Full Access
Question # 45

In the last hour, a high volume of failed RDP authentication attempts has been logged on a critical server. All of the authentication attempts originated from the same remote IP address and made use of a single valid domain user account. Which of the following mitigating controls would be most effective to reduce the rate of success of this brute-force attack? (Select two).

A.

Increase the granularity of log-on event auditing on all devices.

B.

Enable host firewall rules to block all outbound traffic to TCP port 3389.

C.

Configure user account lockout after a limited number of failed attempts.

D.

Implement a firewall block for the IP address of the remote system.

E.

Install a third-party remote access tool and disable RDP on all devices.

F.

Block inbound to TCP port 3389 from untrusted remote IP addresses at the perimeter firewall.

Full Access
Question # 46

A Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost.

Which of the following risk treatments best describes what the CISO is looking for?

A.

Transfer

B.

Mitigate

C.

Accept

D.

Avoid

Full Access
Question # 47

Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a notification to the asset owners, the patch cannot be deployed due to planned, routine system upgrades Which of the following is the best method to remediate the bugs?

A.

Reschedule the upgrade and deploy the patch

B.

Request an exception to exclude the patch from installation

C.

Update the risk register and request a change to the SLA

D.

Notify the incident response team and rerun the vulnerability scan

Full Access
Question # 48

A company is launching a new application in its internal network, where internal customers can communicate with the service desk. The security team needs to ensure the application will be able to handle unexpected strings with anomalous formats without crashing. Which of the following processes is the most applicable for testing the application to find how it would behave in such a situation?

A.

Fuzzing

B.

Coding review

C.

Debugging

D.

Static analysis

Full Access
Go to page: