CS0-003 exam

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment: Which of the following should be completed first to remediate the findings?A . Ask the web development team to update the page contentsB . Add...

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output: Which of the following commands should the administrator run next to further analyze the compromised system?A . gbd /proc/1301B . rpm -V openssh-serverC . /bin/Is -1 /proc/1301/exeD . kill -9...

A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to...

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?A . A mean time to remediate of 30 daysB . A mean time to...

Which of the following would help to minimize human engagement and aid in process improvement in security operations?A . OSSTMMB . SIEMC . SOARD . QVVASPView AnswerAnswer: C Explanation: SOAR stands for security orchestration, automation, and response, which is a term that describes a set of tools, technologies, or platforms...

A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logsB . Indicators of compromiseC . Risk assessmentD . Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?A . Mean time to detectB . Number of exploits by tacticC . Alert volumeD . Quantity of intrusion attemptsView AnswerAnswer: A Explanation: Mean time to detect...

A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?A . Develop a dashboard to track the indicators of compromise.B . Develop a query to search for...

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?A . Perform static code analysis.B . Require application fuzzing.C . Enforce input validation.D . Perform a code review.View AnswerAnswer: D Explanation: Performing a code review is...

During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following: • The development team used a new software language that was not supported by the security team's automated assessment tools. • During the...