CS0-003 exam

An analyst is remediating items associated with a recent incident. The analyst has isolated the vulnerability and is actively removing it from the system. Which of the following steps of the process does this describe?A . EradicationB . RecoveryC . ContainmentD . PreparationView AnswerAnswer: A Explanation: Eradication is a step...

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted usersB . Schedule a review with all teams to discuss what occurredC . Create an executive summary to...

A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst...

The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry changeB . Rename computerC . New account introducedD . Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step...

An organization supports a large number of remote users. Which of the following is the best option to protect the data on the remote users' laptops? A. Require the use of VPNs. B. Require employees to sign an NDA. C. Implement a DLP solution. D. Use whole disk encryption.View AnswerAnswer:...

The security operations team is required to consolidate several threat intelligence feeds due to redundant tools and portals. Which of the following will best achieve the goal and maximize results?A . Single pane of glassB . Single sign-onC . Data enrichmentD . DeduplicationView AnswerAnswer: D Explanation: Deduplication is a process...

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?A . Upload the binary to an air gapped sandbox for analysisB ....

Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...