Practice Free CS0-003 Exam Online Questions
HOTSPOT
The developers recently deployed new code to three web servers.
A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.
If the venerability is not valid, the analyst must take the proper steps to get the scan clean.
If the venerability is valid, the analyst must remediate the finding.
After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.
INTRUCTIONS:
The simulation includes 2 steps.
Step1: Review the information provided in the network diagram and then move to the STEP 2 tab.
STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.
A company’s legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations.
Which of the following is the best way to achieve this goal?
- A . Focus on incidents that have a high chance of reputation harm.
- B . Focus on common attack vectors first.
- C . Focus on incidents that affect critical systems.
- D . Focus on incidents that may require law enforcement support.
A company’s legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations.
Which of the following is the best way to achieve this goal?
- A . Focus on incidents that have a high chance of reputation harm.
- B . Focus on common attack vectors first.
- C . Focus on incidents that affect critical systems.
- D . Focus on incidents that may require law enforcement support.
A security analyst is conducting a vulnerability assessment of a company’s online store. The analyst discovers a critical vulnerability in the payment processing system that could be exploited, allowing attackers to steal customer payment information.
Which of the following should the analyst do next?
- A . Leave the vulnerability unpatched until the next scheduled maintenance window to avoid potential disruption to business.
- B . Perform a risk assessment to evaluate the potential impact of the vulnerability and determine whether additional security measures are needed.
- C . Ignore the vulnerability since the company recently passed a payment system compliance audit.
- D . Isolate the payment processing system from production and schedule for reimaging.
A systems administrator receives reports of an internet-accessible Linux server that is running very sluggishly. The administrator examines the server, sees a high amount of memory utilization, and suspects a DoS attack related to half-open TCP sessions consuming memory.
Which of the following tools would best help to prove whether this server was experiencing this behavior?
- A . Nmap
- B . TCPDump
- C . SIEM
- D . EDR
A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with.
Which of the following is the best mitigation technique?
- A . Geoblock the offending source country
- B . Block the IP range of the scans at the network firewall.
- C . Perform a historical trend analysis and look for similar scanning activity.
- D . Block the specific IP address of the scans at the network firewall
A high volume of failed RDP authentication attempts was logged on a critical server within a one-hour period. All of the attempts originated from the same remote IP address and made use of a single valid domain user account.
Which of the following would be the most effective mitigating control to reduce the rate of success of this brute-force attack?
- A . Enabling a user account lockout after a limited number of failed attempts
- B . Installing a third-party remote access tool and disabling RDP on all devices
- C . Implementing a firewall block for the remote system’s IP address
- D . Increasing the verbosity of log-on event auditing on all devices
A security analyst scans a host and generates the following output:
Which of the following best describes the output?
- A . The host is unresponsive to the ICMP request.
- B . The host Is running a vulnerable mall server.
- C . The host Is allowing unsecured FTP connections.
- D . The host is vulnerable to web-based exploits.
A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability.
Which of the following CVE metrics would be most accurate for this zero-day threat?
- A . CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/1: K/A: L
- B . CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
- C . CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
- D . CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
A Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost.
Which of the following risk treatments best describes what the CISO is looking for?
- A . Transfer
- B . Mitigate
- C . Accept
- D . Avoid