CS0-003 V2

The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry changeB . Rename computerC . New account introducedD . Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step...

An organization supports a large number of remote users. Which of the following is the best option to protect the data on the remote users' laptops? A. Require the use of VPNs. B. Require employees to sign an NDA. C. Implement a DLP solution. D. Use whole disk encryption.View AnswerAnswer:...

The security operations team is required to consolidate several threat intelligence feeds due to redundant tools and portals. Which of the following will best achieve the goal and maximize results?A . Single pane of glassB . Single sign-onC . Data enrichmentD . DeduplicationView AnswerAnswer: D Explanation: Deduplication is a process...

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?A . Upload the binary to an air gapped sandbox for analysisB ....

Due to reports of unauthorized activity that was occurring on the internal network, an analyst is performing a network discovery. The analyst runs an Nmap scan against a corporate network to evaluate which devices were operating in the environment. Given the following output: Which of the following choices should the...

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...

Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?A . MITRE ATTACKB . Cyber Kill ChamC . OWASPD . STIXTAXIIView AnswerAnswer: A Explanation: MITRE ATT&CK is a framework and knowledge base that describes the tactics, techniques, and procedures...

An analyst finds that an IP address outside of the company network that is being used to run network and vulnerability scans across external-facing assets. Which of the following steps of an attack framework is the analyst witnessing?A . ExploitationB . ReconnaissanceC . Command and controlD . Actions on objectivesView...

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when...