CS0-003 exam

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?A . Mean time to detectB . Number of exploits by tacticC . Alert volumeD . Quantity of intrusion attemptsView AnswerAnswer: A Explanation: Mean time to detect...

A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logsB . Indicators of compromiseC . Risk assessmentD . Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output: Which of the following commands should the administrator run next to further analyze the compromised system?A . gbd /proc/1301B . rpm -V openssh-serverC . /bin/Is -1 /proc/1301/exeD . kill -9...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards CouncilB . Local law enforcementC . Federal law enforcementD . Card issuerView AnswerAnswer: D Explanation: Under the terms of...

A security analyst is reviewing the following log entries to identify anomalous activity: Which of the following attack types is occurring?A . Directory traversalB . SQL injectionC . Buffer overflowD . Cross-site scriptingView AnswerAnswer: A Explanation: A directory traversal attack is a type of web application attack that exploits insufficient...

An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company...

During an investigation, an analyst discovers the following rule in an executive's email client: The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?A . Check the server logs to evaluate which emails were...

Which of the following would help to minimize human engagement and aid in process improvement in security operations?A . OSSTMMB . SIEMC . SOARD . QVVASPView AnswerAnswer: C Explanation: SOAR stands for security orchestration, automation, and response, which is a term that describes a set of tools, technologies, or platforms...