CS0-003 exam

A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?A . HacklivistB . Advanced persistent threatC . Insider threatD . Script kiddieView AnswerAnswer: C Explanation: The user has become an insider threat by downloading software that...

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?A . Data enrichmentB . Security control planeC . Threat feed combinationD...

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?A . function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 |...

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which...

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?A . Take a snapshot of the compromised server and verify its integrityB . Restore the affected server to remove...

New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new...

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or planB . Management level members of the CSIRT should make that decisionC . The lead...

Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current...

A company that has a geographically diverse workforce and dynamic IPs wants to implement a vulnerability scanning method with reduced network traffic. Which of the following would best meet this requirement?A . ExternalB . Agent-basedC . Non-credentialedD . CredentialedView AnswerAnswer: B Explanation: Agent-based vulnerability scanning is a method that involves...

A company creates digitally signed packages for its devices. Which of the following best describes the method by which the security packages are delivered to the company's customers?A . Antitamper mechanismB . SELinuxC . Trusted firmware updatesD . eFuseView AnswerAnswer: C Explanation: Trusted firmware updates are a method by which...