CS0-003 exam

A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to...

Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...

A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development...

An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?A . ScopeB . WeaponizationC . CVSSD...

Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?A . Command and controlB . Actions on objectivesC . ExploitationD . DeliveryView AnswerAnswer: A Explanation: Command and control (C2) is a phase of the Cyber Kill Chain that...

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which...

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?A ....

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?A . Identify any improvements or changes in the incident response plan or proceduresB . Determine if an internal mistake was made and who did it so they do not repeat the...

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?A . Take a snapshot of the compromised server and verify its integrityB . Restore the affected server to remove...

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . TestingB . ImplementationC . ValidationD . RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...