CS0-003 Online Practice Questions and Answers

Correct Answer: A

A mean time to remediate (MTTR) is a metric that measures how long it takes to fix a vulnerability after it is discovered. A MTTR of 30 days would best protect the organization from the new attacks that are exploited 45 days after a patch is released, as it would ensure that the vulnerabilities are fixed before they are exploited

Correct Answer: D

A cross-site scripting (XSS) attack is a type of web application attack that injects malicious code into a web page that is then executed by the browser of a victim user. A reflected XSS attack is a type of XSS attack where the malicious code is embedded in a URL or a form parameter that is sent to the web server and then reflected back t" case, the Nmap scan shows that the web server is vulnerable to a reflected XSS attack, as it returns the characters > and " without any filtering or encoding. The vulnerable parameter is id in the URL http:/.31.15.2.php?id=2.

Correct Answer: A

The best action that would allow the analyst to gather intelligence without disclosing information to the attackers is to upload the binary to an air gapped sandbox for analysis. An air gapped sandbox is an isolated environment that has no connection to any external network or system. Uploading the binary to an air gapped sandbox can prevent any communication or interaction between the binary and the attackers, as well as any potential harm or infection to other systems or networks. An air gapped sandbox can also allow the analyst to safely analyze and observe the behavior, functionality, or characteristics of the binary.

Correct Answer: B

Stress testing is a software assessment method that tests how an application performs under peak times or extreme workloads. Stress testing can help to identify any performance issues, bottlenecks, errors or crashes that may occur when an application faces high demand or concurrent users. Stress testing can also help to determine the maximum capacity and scalability of an application . https://www.techopedia.com/definition39/memory-dump

Correct Answer: D

Beaconing is the best term to describe the activity that is taking place, as it refers to the periodic communication between an infected host and a blocklisted external server. Beaconing is a common technique used by malware to establish a connection with a command-and-control (C2) server, which can provide instructions, updates, or exfiltration capabilities to the malware. Beaconing can vary in frequency, duration, and payload, depending on the type and sophistication of the malware. The other terms are not as accurate as beaconing, as they describe different aspects of malicious activity. Data exfiltration is the unauthorized transfer of data from a compromised system to an external destination, such as a C2 server or a cloud storage service. Data exfiltration can be a goal or a consequence of malware infection, but it does not necessarily involve blocklisted servers or consistent requests. Rogue device is a device that is connected to a network without authorization or proper security controls. Rogue devices can pose a security risk, as they can introduce malware, bypass firewalls, or access sensitive data. However, rogue devices are not necessarily infected with malware or communicating with blocklisted servers. Scanning is the process of probing a network or a system for vulnerabilities, open ports, services, or other information. Scanning can be performed by legitimate administrators or malicious actors, depending on the intent and authorization. Scanning does not imply consistent requests or blocklisted servers, as it can target any network or system.

Correct Answer: B

After an incident has been investigated, one of the most important actions is to perform a root cause analysis. Root cause analysis helps in identifying the underlying reasons or factors that led to the incident in the first place. By understanding the root causes, organizations can implement corrective actions to prevent similar incidents from occurring in the future. This analysis is crucial for improving the overall security posture and resilience of the organization.

Reference: https://www.ibm.com/topics/incident-response

Correct Answer: E

Correct Answer: A

A directory traversal attack is a type of web application attack that exploits insufficient input validation or improper configuration to access files or directories that are outside the intended scope of the web server. The log entries given in the question show s" sequences in the URL, which indicate an attempt to move up one level in the directory structure. For "" tries to access the /etc/passwd file, which contains user account information on Linux systems. If successful, this attack could allow an attacker to read, modify, or execute files on the web server that are not meant to be accessible.

Correct Answer: D

A security information and event management (SIEM) system is a tool that collects and analyzes log data from various sources and provides alerts and reports on security incidents and events. A SIEM system can help the IT team to

determine which devices are USB enabled by querying the log data for events related to USB device insertion, removal, or usage. The other options are not relevant or effective for this purpose. CompTIA Cybersecurity Analyst (CySA+)

Certification Exam Objectives (CS0-002), page 15;

https://www.sans.org/reading-room/whitepapers/analyst/securityinformation-event-management-siem-implementation-33969

Correct Answer: DF

A security analyst is reviewing the network security monitoring logs listed below and is most likely observing that 10.1.1.129 sent potential malicious requests to the web server and that 10.1.1.130 can potentially obtain information about the

PHP version. The logs show that 10.1.1.129 sent two requests to the web server with suspicious parameters, such as " " , which are commonly used for SQL injection attacks. The logs also show that 10.1.1.130 sent a request to the " , which

is a function that displays information about the PHP configuration and environment, which can be useful for attackers to find vulnerabilities or exploit them. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002),

page 8;

https://owasp.org/www-community/attacks/SQL_Injection;

https://www.php.net/manual/en/function.phpinfo.php