CS0-003 exam

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?A . Hard diskB . Primary boot partitionC...

Given the Nmap request below: Which of the following actions will an attacker be able to initiate directly against this host?A . Password sniffingB . ARP spoofingC . A brute-force attackD . An SQL injectionView AnswerAnswer: C Explanation: The Nmap command given in the question performs a TCP SYN scan...

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?A . PowerShelB . RubyC . PythonD ....

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).A . Memory cacheB . Registry fileC . SSD storageD . Temporary filesystemsE . Packet decodingF . Swap volumeView...

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?A . CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C:...

Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAMB . IDSC . PKID . DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...

During an extended holiday break, a company suffered a security incident. This information was properly relayed to appropriate personnel in a timely manner and the server was up to date and configured with appropriate auditing and logging. The Chief Information Security Officer wants to find out precisely what happened. Which...

Which of the following items should be included in a vulnerability scan report? (Choose two.)A . Lessons learnedB . Service-level agreementC . PlaybookD . Affected hostsE . Risk scoreF . Education planView AnswerAnswer: D, E Explanation: A vulnerability scan report should include information about the affected hosts, such as their...

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?A . Business continuity planB . Vulnerability management planC . Disaster recovery planD . Asset management planView AnswerAnswer: C Explanation:

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed: Which of the following tuning recommendations should the security analyst share?A . Set an HttpOnlvflaq to force communication by HTTPSB . Block requests without an X-Frame-Options headerC . Configure an Access-Control-Allow-Origin header...