CS0-003 V1

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?A . Credentialed...

The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry change B. Rename computer C. New account introduced D. Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . Testing B. Implementation C. Validation D. RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...

Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAM B. IDS C. PKI D. DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?A . Beaconing B. Cross-site scripting C. Buffer overflow D. PHP traversalView AnswerAnswer: A Explanation:

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards Council B. Local law enforcement C. Federal law enforcement D. Card issuerView AnswerAnswer: D Explanation: Under the terms of...

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted users B. Schedule a review with all teams to discuss what occurred C. Create an executive summary to...

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...

A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...