Practice Free CS0-003 Exam Online Questions
A vulnerability scan shows several vulnerabilities. At the same time, a zero-day vulnerability with a CVSS score of 10 has been identified on a web server.
Which of the following actions should the security analyst take first?
- A . Contact the web systems administrator and request that they shut down the asset.
- B . Monitor the patch releases for all items and escalate patching to the appropriate team.
- C . Run the vulnerability scan again to verify the presence of the critical finding and the zero-day vulnerability.
- D . Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.
A security analyst observed the following activity from a privileged account:
. Accessing emails and sensitive information
. Audit logs being modified
. Abnormal log-in times
Which of the following best describes the observed activity?
- A . Irregular peer-to-peer communication
- B . Unauthorized privileges
- C . Rogue devices on the network
- D . Insider attack
A security analyst observed the following activity from a privileged account:
. Accessing emails and sensitive information
. Audit logs being modified
. Abnormal log-in times
Which of the following best describes the observed activity?
- A . Irregular peer-to-peer communication
- B . Unauthorized privileges
- C . Rogue devices on the network
- D . Insider attack
Which of the following is the best authentication method to secure access to sensitive data?
- A . An assigned device that generates a randomized code for login
- B . Biometrics and a device with a personalized code for login
- C . Alphanumeric/special character username and passphrase for login
- D . A one-time code received by email and push authorization for login
Executives at an organization email sensitive financial information to external business partners when negotiating valuable contracts. To ensure the legal validity of these messages, the cybersecurity team recommends a digital signature be added to emails sent by the executives.
Which of the following are the primary goals of this recommendation? (Select two).
- A . Confidentiality
- B . Integrity
- C . Privacy
- D . Anonymity
- E . Non-repudiation
- F . Authorization
An analyst is trying to capture anomalous traffic from a compromised host.
Which of the following are the best tools for achieving this objective? (Select two).
- A . tcpdump
- B . SIEM
- C . Vulnerability scanner
- D . Wireshark
- E . Nmap
- F . SOAR
Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue.
Which of the following is the first step the incident response staff members should take when they arrive?
- A . Turn on all systems, scan for infection, and back up data to a USB storage device.
- B . Identify and remove the software installed on the impacted systems in the department.
- C . Explain that malware cannot truly be removed and then reimage the devices.
- D . Log on to the impacted systems with an administrator account that has privileges to perform backups.
- E . Segment the entire department from the network and review each computer offline.
A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8.
Which of the following best practices should the company follow with this proxy?
- A . Leave the proxy as is.
- B . Decomission the proxy.
- C . Migrate the proxy to the cloud.
- D . Patch the proxy
A security analyst is reviewing events that occurred during a possible compromise.
The analyst obtains the following log:
Which of the following is most likely occurring, based on the events in the log?
- A . An adversary is attempting to find the shortest path of compromise.
- B . An adversary is performing a vulnerability scan.
- C . An adversary is escalating privileges.
- D . An adversary is performing a password stuffing attack.
A security analyst is reviewing events that occurred during a possible compromise.
The analyst obtains the following log:
Which of the following is most likely occurring, based on the events in the log?
- A . An adversary is attempting to find the shortest path of compromise.
- B . An adversary is performing a vulnerability scan.
- C . An adversary is escalating privileges.
- D . An adversary is performing a password stuffing attack.