Practice Free CS0-003 Exam Online Questions
The management team has asked a senior security engineer to explore DLP security solutions for the company’s growing use of cloud-based storage.
Which of the following is an appropriate solution to control the sensitive data that is being stored in the cloud?
- A . NAC
- B . IPS
- C . CASB
- D . WAF
A security analyst needs to identify a computer based on the following requirements to be mitigated:
The attack method is network-based with low complexity.
No privileges or user action is needed.
The confidentiality and availability level is high, with a low integrity level.
Given the following CVSS 3.1 output:
Computer1: CVSS3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Computer2: CVSS3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Computer3: CVSS3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Computer4: CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Which of the following machines should the analyst mitigate?
- A . Computer1
- B . Computer2
- C . Computer3
- D . Computer4
An analyst has discovered the following suspicious command:
Which of the following would best describe the outcome of the command?
- A . Cross-site scripting
- B . Reverse shell
- C . Backdoor attempt
- D . Logic bomb
An analyst is reviewing a vulnerability report for a server environment with the following entries:
Which of the following systems should be prioritized for patching first?
- A . 10.101.27.98
- B . 54.73.225.17
- C . 54.74.110.26
- D . 54.74.110.228
An analyst is reviewing a vulnerability report for a server environment with the following entries:
Which of the following systems should be prioritized for patching first?
- A . 10.101.27.98
- B . 54.73.225.17
- C . 54.74.110.26
- D . 54.74.110.228
An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to.
Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?
- A . Proprietary systems
- B . Legacy systems
- C . Unsupported operating systems
- D . Lack of maintenance windows
A security analyst is working on a server patch management policy that will allow the infrastructure team to be informed more quickly about new patches.
Which of the following would most likely be required by the infrastructure team so that vulnerabilities can be remediated quickly? (Select two).
- A . Hostname
- B . Missing KPI
- C . CVE details
- D . POC availability
- E . loCs
- F . npm identifier
A software developer has been deploying web applications with common security risks to include insufficient logging capabilities.
Which of the following actions would be most effective to reduce risks associated with the application development?
- A . Perform static analyses using an integrated development environment.
- B . Deploy compensating controls into the environment.
- C . Implement server-side logging and automatic updates.
- D . Conduct regular code reviews using OWASP best practices.
Which of the following does "federation" most likely refer to within the context of identity and access management?
- A . Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access
- B . An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains
- C . Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user
- D . Correlating one’s identity with the attributes and associated applications the user has access to
When undertaking a cloud migration of multiple SaaS applications, an organization’s systems administrators struggled with the complexity of extending identity and access management to cloud-based assets.
Which of the following service models would have reduced the complexity of this project?
- A . RADIUS
- B . SDN
- C . ZTNA
- D . SWG