Practice Free CS0-003 Exam Online Questions

Question #1

When investigating a potentially compromised host, an analyst observes that the process BGInfo.exe (PID 1024), a Sysinternals tool used to create desktop backgrounds containing host details, has bee running for over two days.

Which of the following activities will provide the best insight into this potentially malicious process, based on the anomalous behavior?

A . Changes to system environment variables
B . SMB network traffic related to the system process
C . Recent browser history of the primary user
D . Activities taken by PID 1024

Reveal Solution Hide Solution

Question #2

A vulnerability scan of a web server that is exposed to the internet was recently completed.

A security analyst is reviewing the resulting vector strings:

Vulnerability 1: CVSS: 3.0/AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: L/A: L

Vulnerability 2: CVSS: 3.0/AV: L/AC: H/PR: N/UI: N/S: U/C: L/I: L/A: H

Vulnerability 3: CVSS: 3.0/AV: A/AC: H/PR: L/UI: R/S: U/C: L/I: H/A: L

Vulnerability 4: CVSS: 3.0/AV: P/AC: L/PR: H/UI: N/S: U/C: H/I: N/A: L

Which of the following vulnerabilities should be patched first?

A . Vulnerability 1
B . Vulnerability 2
C . Vulnerability 3
D . Vulnerability 4

Reveal Solution Hide Solution

Question #3

A security analyst needs to provide evidence of regular vulnerability scanning on the company’s network for an auditing process.

Which of the following is an example of a tool that can produce such evidence?

A . OpenVAS
B . Burp Suite
C . Nmap
D . Wireshark

Reveal Solution Hide Solution

Question #4

A security analyst needs to mitigate a known, exploited vulnerability related not

tack vector that embeds software through the USB interface.

Which of the following should the analyst do first?

A . Conduct security awareness training on the risks of using unknown and unencrypted USBs.
B . Write a removable media policy that explains that USBs cannot be connected to a company asset.
C . Check configurations to determine whether USB ports are enabled on company assets.
D . Review logs to see whether this exploitable vulnerability has already impacted the company.

Reveal Solution Hide Solution

Question #5

During the forensic analysis of a compromised machine, a security analyst discovers some binaries

that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content.

Which of the following is the next step the analyst should take?

A . Validate the binaries’ hashes from a trusted source.
B . Use file integrity monitoring to validate the digital signature
C . Run an antivirus against the binaries to check for malware.
D . Only allow binaries on the approve list to execute.

Reveal Solution Hide Solution

Question #6

The security team is reviewing a list of vulnerabilities present on the environment, and they want to prioritize the remediation based on the CVSS v4.0 metrics:

Which of the following vulnerabilities should the security manager request to fix first?

A . System A
B . System E
C . System D
D . System B
E . System C

Reveal Solution Hide Solution

Question #7

A company’s user accounts have been compromised. Users are also reporting that the company’s internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS.

Which of the following most likely describes the observed activity?

A . There is an issue with the SSL certificate causinq port 443 to become unavailable for HTTPS access
B . An on-path attack is being performed by someone with internal access that forces users into port 80
C . The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
D . An error was caused by BGP due to new rules applied over the company’s internal routers

Reveal Solution Hide Solution

Question #8

A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics.

Which of the following attack vectors should the analyst remediate first?

A . CVSS 3.0/AVP/AC:L/PR:L/UI:N/S U/C:H/I:H/A:H
B . CVSS 3.0/AV:A/AC .L/PR:L/UI:N/S:U/C:H/I:H/A:H
C . CVSS 3.0/AV:N/AC:L/PR:L/UI:N/S;U/C:H/I:H/A:H
D . CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

CVSS 3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H is the attack vector that the analyst should remediate first, as it has the highest CVSSv3 score of 8.1. CVSSv3 (Common Vulnerability Scoring System version 3) is a standard framework for rating the severity of vulnerabilities, based on various metrics that reflect the characteristics and impact of the vulnerability. The CVSSv3 score is calculated from three groups of metrics: Base, Temporal, and Environmental.

The Base metrics are mandatory and reflect the intrinsic qualities of the vulnerability, such as how it can be exploited, what privileges are required, and what impact it has on confidentiality, integrity, and availability. The Temporal metrics are optional and reflect the current state of the vulnerability, such as whether there is a known exploit, a patch, or a workaround. The Environmental metrics are also optional and reflect the context of the vulnerability in a specific environment, such as how it affects the asset value, security requirements, or mitigating controls. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score.

The attack vector in question has the following Base metrics:

Attack Vector (AV): Network (N). This means that the vulnerability can be exploited remotely over a network connection.

Attack Complexity (AC): Low (L). This means that the attack does not require any special conditions or changes to the configuration of the target system.

Privileges Required (PR): Low (L). This means that the attacker needs some privileges on the target system to exploit the vulnerability, such as user-level access.

User Interaction (UI): None (N). This means that the attack does not require any user action or involvement to succeed.

Scope (S): Unchanged (U). This means that the impact of the vulnerability is confined to the same security authority as the vulnerable component, such as an application or an operating system. Confidentiality Impact ©: High (H). This means that the vulnerability results in a total loss of confidentiality, such as unauthorized disclosure of all data on the system.

Integrity Impact (I): High (H). This means that the vulnerability results in a total loss of integrity, such as unauthorized modification or deletion of all data on the system.

Availability Impact (A): High (H). This means that the vulnerability results in a total loss of availability, such as denial of service or system crash.

Using these metrics, we can calculate the Base score using this formula:

Base Score = Roundup(Minimum[(Impact + Exploitability), 10])

Where:

Impact = 6.42 x [1 – ((1 – Confidentiality) x (1 – Integrity) x (1 – Availability))]

Exploitability = 8.22 x Attack Vector x Attack Complexity x Privileges Required x User Interaction Using this formula, we get:

Impact = 6.42 x [1 – ((1 – 0.56) x (1 – 0.56) x (1 – 0.56))] = 5.9 Exploitability = 8.22 x 0.85 x 0.77 x 0.62 x 0.85 = 2.8

Base Score = Roundup(Minimum[(5.9 + 2.8), 10]) = Roundup(8.7) = 8.8

Therefore, this attack vector has a Base score of 8.8, which is higher than any other option.

The other attack vectors have lower Base scores, as they have different values for some of the Base metrics:

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H has a Base score of 6.2, as it has a lower value for Attack Vector (Physical), which means that the vulnerability can only be exploited by having physical access to the target system.

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H has a Base score of 7.4, as it has a lower value for Attack Vector (Adjacent Network), which means that the vulnerability can only be exploited by being on the same physical or logical network as the target system. CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H has a Base score of 6.8, as it has a lower value for Attack Vector (Local), which means that the vulnerability can only be exploited by having local access to the target system, such as through a terminal or a command shell.

Question #9

An organization’s threat intelligence team notes a recent trend in adversary privilege escalation procedures. Multiple threat groups have been observed utilizing native Windows tools to bypass system controls and execute commands with privileged credentials.

Which of the following controls would be most effective to reduce the rate of success of such attempts?

A . Disable administrative accounts for any operations.
B . Implement MFA requirements for all internal resources.
C . Harden systems by disabling or removing unnecessary services.
D . Implement controls to block execution of untrusted applications.

Reveal Solution Hide Solution

Question #10

A security analyst discovers the company’s website is vulnerable to cross-site scripting.

Which of the following solutions will best remedy the vulnerability?

A . Prepared statements
B . Server-side input validation
C . Client-side input encoding
D . Disabled JavaScript filtering

Reveal Solution Hide Solution

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Exams