Practice Free CS0-003 Exam Online Questions
The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled.
Which of the following should the organization utilize to best centralize the workload for the internal security team? (Select two).
- A . SOAR
- B . SIEM
- C . MSP
- D . NGFW
- E . XDR
- F . DLP
Which of the following describes the difference between intentional and unintentional insider threats?
- A . Their access levels will be different
- B . The risk factor will be the same
- C . Their behavior will be different
- D . The rate of occurrence will be the same
A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:
Which of the following options can the analyst conclude based on the provided output?
- A . The scanning vendor used robots to make the scanning job faster
- B . The scanning job was successfully completed, and no vulnerabilities were detected
- C . The scanning job did not successfully complete due to an out of scope error
- D . The scanner executed a crawl process to discover pages to be assessed
A risk assessment concludes that the perimeter network has the highest potential for compromise by
an attacker, and it is labeled as a critical risk environment.
Which of the following is a valid compensating control to reduce the volume of valuable information in the perimeter network that an attacker could gain using active reconnaissance techniques?
- A . A control that demonstrates that all systems authenticate using the approved authentication method
- B . A control that demonstrates that access to a system is only allowed by using SSH
- C . A control that demonstrates that firewall rules are peer reviewed for accuracy and approved before deployment
- D . A control that demonstrates that the network security policy is reviewed and updated yearly
Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?
- A . Determine the sophistication of the audience that the report is meant for
- B . Include references and sources of information on the first page
- C . Include a table of contents outlining the entire report
- D . Decide on the color scheme that will effectively communicate the metrics
A security analyst is writing a shell script to identify IP addresses from the same country.
Which of the following functions would help the analyst achieve the objective?
- A . function w() { info=$(ping -c 1 $1 | awk -F “/” ‘END{print $1}’) && echo “$1 | $info” }
- B . function x() { info=$(geoiplookup $1) && echo “$1 | $info” }
- C . function y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) && echo “$1 | $info” }
- D . function z() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) && echo “$1 | $info” }
An organization utilizes multiple vendors, each with its own portal that a security analyst must sign in to daily.
Which of the following is the best solution for the organization to use to eliminate the need for multiple authentication credentials?
- A . API
- B . MFA
- C . SSO
- D . VPN
Which of the following best describes the goal of a tabletop exercise?
- A . To test possible incident scenarios and how to react properly
- B . To perform attack exercises to check response effectiveness
- C . To understand existing threat actors and how to replicate their techniques
- D . To check the effectiveness of the business continuity plan
A company is aiming to test a new incident response plan. The management team has made it clear that the initial test should have no impact on the environment. The company has limited resources to support testing.
Which of the following exercises would be the best approach?
- A . Tabletop scenarios
- B . Capture the flag
- C . Red team vs. blue team
- D . Unknown-environment penetration test
A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The traffic is then routed to a geographic location to which the company has no association.
Which of the following best describes this type of threat?
- A . Hacktivist
- B . Zombie
- C . Insider threat
- D . Nation-state actor