Practice Free CS0-003 Exam Online Questions – Page 14

Question #131

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it.

Which of the following threats applies to this situation?

A . Potential data loss to external users
B . Loss of public/private key management
C . Cloud-based authentication attack
D . Identification and authentication failures

Reveal Solution Hide Solution

Question #132

Which of the following attributes is part of the Diamond Model of Intrusion Analysis?

A . Delivery
B . Weaponization
C . Command and control
D . Capability

Reveal Solution Hide Solution

Question #132

Which of the following attributes is part of the Diamond Model of Intrusion Analysis?

A . Delivery
B . Weaponization
C . Command and control
D . Capability

Reveal Solution Hide Solution

Question #134

An analyst suspects cleartext passwords are being sent over the network.

Which of the following tools would best support the analyst’s investigation?

A . OpenVAS
B . Angry IP Scanner
C . Wireshark
D . Maltego

Reveal Solution Hide Solution

Question #135

Which of the following responsibilities does the legal team have during an incident management event? (Select two).

A . Coordinate additional or temporary staffing for recovery efforts.
B . Review and approve new contracts acquired as a result of an event.
C . Advise the Incident response team on matters related to regulatory reporting.
D . Ensure all system security devices and procedures are in place.
E . Conduct computer and network damage assessments for insurance.
F . Verify that all security personnel have the appropriate clearances.

Reveal Solution Hide Solution

Question #136

While reviewing web server logs, a security analyst found the following line:

<IMG SRC=’vbscript:msgbox("test")’>

Which of the following malicious activities was attempted?

A . Command injection
B . XML injection
C . Server-side request forgery
D . Cross-site scripting

Reveal Solution Hide Solution

Question #137

Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?

A . TO provide metrics and test continuity controls
B . To verify the roles of the incident response team
C . To provide recommendations for handling vulnerabilities
D . To perform tests against implemented security controls

Reveal Solution Hide Solution

Question #138

Which of the following best describes the importance of implementing TAXII as part of a threat intelligence program?

A . It provides a structured way to gain information about insider threats.
B . It proactively facilitates real-time information sharing between the public and private sectors.
C . It exchanges messages in the most cost-effective way and requires little maintenance once implemented.
D . It is a semi-automated solution to gather threat intellbgence about competitors in the same sector.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The correct answer is B. It proactively facilitates real-time information sharing between the public and private sectors.

TAXII, or Trusted Automated eXchange of Intelligence Information, is a standard protocol for sharing cyber threat intelligence in a standardized, automated, and secure manner. TAXII defines how cyber threat information can be shared via services and message exchanges, such as discovery, collection management, inbox, and poll. TAXII is designed to support STIX, or Structured Threat Information eXpression, which is a standardized language for describing cyber threat information in a readable and consistent format. Together, STIX and TAXII form a framework for sharing and using threat intelligence, creating an open-source platform that allows users to search through records containing attack vectors details such as malicious IP addresses, malware signatures, and threat actors123.

The importance of implementing TAXII as part of a threat intelligence program is that it proactively facilitates real-time information sharing between the public and private sectors. By using TAXII, organizations can exchange cyber threat information with various entities, such as security vendors, government agencies, industry associations, or trusted groups. TAXII enables different sharing models, such as hub and spoke, source/subscriber, or peer-to-peer, depending on the needs and preferences of the information producers and consumers. TAXII also supports different levels of access control, encryption, and authentication to ensure the security and privacy of the shared information123.

By implementing TAXII as part of a threat intelligence program, organizations can benefit from the following advantages:

They can receive timely and relevant information about the latest threats and vulnerabilities that may affect their systems or networks.

They can leverage the collective knowledge and experience of other organizations that have faced

similar or related threats.

They can improve their situational awareness and threat detection capabilities by correlating and analyzing the shared information.

They can enhance their incident response and mitigation strategies by applying the best practices and recommendations from the shared information.

They can contribute to the overall improvement of cyber security by sharing their own insights and feedback with other organizations123.

The other options are incorrect because they do not accurately describe the importance of implementing TAXII as part of a threat intelligence program.

Option A is incorrect because TAXII does not provide a structured way to gain information about insider threats. Insider threats are malicious activities conducted by authorized users within an organization, such as employees, contractors, or partners. Insider threats can be detected by using various methods, such as user behavior analysis, data loss prevention, or anomaly detection. However, TAXII is not designed to collect or share information about insider threats specifically. TAXII is more focused on external threats that originate from outside sources, such as hackers, cybercriminals, or nation-states4.

Option C is incorrect because TAXII does not exchange messages in the most cost-effective way and requires little maintenance once implemented. TAXII is a protocol that defines how messages are exchanged, but it does not specify the cost or maintenance of the exchange. The cost and maintenance of implementing TAXII depend on various factors, such as the type and number of services used, the volume and frequency of data exchanged, the security and reliability requirements of the exchange, and the availability and compatibility of existing tools and platforms. Implementing TAXII may require significant resources and efforts from both the information producers and consumers to ensure its functionality and performance5.

Option D is incorrect because TAXII is not a semi-automated solution to gather threat intelligence about competitors in the same sector. TAXII is a fully automated solution that enables the exchange of threat intelligence among various entities across different sectors. TAXII does not target or collect information about specific competitors in the same sector. Rather, it aims to foster collaboration and cooperation among organizations that share common interests or goals in cyber security. Moreover, gathering threat intelligence about competitors in the same sector may raise ethical and legal issues that are beyond the scope of TAXII.

Reference: 1 What is STIX/TAXII? | Cloudflare

2 What Are STIX/TAXII Standards? – Anomali Resources

3 What is STIX and TAXII? – EclecticIQ

4 What Is an Insider Threat? Definition & Examples | Varonis

5 Implementing STIX/TAXII – GitHub Pages

[6] Cyber Threat Intelligence: Ethical Hacking vs Unethical Hacking | Infosec

Question #139

During an investigation, an analyst discovers the following rule in an executive’s email client:

The executive is not aware of this rule.

Which of the following should the analyst do first to evaluate the potential impact of this security incident?

A . Check the server logs to evaluate which emails were sent to <someaddress@domain,com>.
B . Use the SIEM to correlate logging events from the email server and the domain server.
C . Remove the rule from the email client and change the password.
D . Recommend that the management team implement SPF and DKIM.

Reveal Solution Hide Solution

Question #140

Which of the following would eliminate the need for different passwords for a variety or internal application?

A . CASB
B . SSO
C . PAM
D . MFA

Reveal Solution Hide Solution

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Exams