CS0-003 V2

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?A . Credentialed...

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards CouncilB . Local law enforcementC . Federal law enforcementD . Card issuerView AnswerAnswer: D Explanation: Under the terms of...

A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development...

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an...

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment: Which of the following should be completed first to remediate the findings?A . Ask the web development team to update the page contentsB . Add...

As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?A . Critical asset listB ....

A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logsB . Indicators of compromiseC . Risk assessmentD . Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...

A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?A . Develop a dashboard to track the indicators of compromise.B . Develop a query to search for...

Which of the following is the first step that should be performed when establishing a disaster recovery plan?A . Agree on the goals and objectives of the planB . Determine the site to be used during a disaster C Demonstrate adherence to a standard disaster recovery processC . Identity applications...

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?A . Identify any improvements or changes in the incident response plan or proceduresB . Determine if an internal mistake was made and who did it so they do not repeat the...