CS0-003 exam

Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment's security posture?A . Move the legacy systems behind a WARB . Implement an air gap for the legacy systems.C . Place the legacy systems in the perimeter network.D...

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . BeaconinqB . Domain Name System...

During an investigation, an analyst discovers the following rule in an executive's email client: The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?A . Check the server logs to evaluate which emails were...

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?A . Upload the binary to an air gapped sandbox for analysisB ....

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?A . Data enrichmentB . Security control planeC . Threat feed combinationD...

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?A . Identify any improvements or changes in the incident response plan or proceduresB . Determine if an internal mistake was made and who did it so they do not repeat the...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...

New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new...

The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?A . Deploy a CASB and enable policy enforcementB . Configure MFA...