CS0-003 exam

A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to...

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be...

Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?A . Determine the sophistication of the audience that the report is meant forB . Include references and sources of information on the first pageC...

A security analyst is trying to identify anomalies on the network routing. Which of the following functions can the analyst use on a shell script to achieve the objective most accurately?A . function x() { info=$(geoiplookup $1) && echo "$1 | $info" }B . function x() { info=$(ping -c 1...

Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?A . Command and controlB . Actions on objectivesC . ExploitationD . DeliveryView AnswerAnswer: A Explanation: Command and control (C2) is a phase of the Cyber Kill Chain that...

A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages. Which of the following would most likely decrease the number of false positives?A . Manual validationB . Penetration testingC . A known-environment assessmentD . Credentialed scanningView AnswerAnswer: D...

Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...

A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to...

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?A . ExploitationB . ReconnaissanceC . Command and controlD . Actions on objectivesView...

The Chief Information Security Officer is directing a new program to reduce attack surface risks and threats as part of a zero trust approach. The IT security team is required to come up with priorities for the program. Which of the following is the best priority based on common attack...