CS0-003 exam

Which of the following would help to minimize human engagement and aid in process improvement in security operations?A . OSSTMMB . SIEMC . SOARD . QVVASPView AnswerAnswer: C Explanation: SOAR stands for security orchestration, automation, and response, which is a term that describes a set of tools, technologies, or platforms...

A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logsB . Indicators of compromiseC . Risk assessmentD . Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?A . Mean time to detectB . Number of exploits by tacticC . Alert volumeD . Quantity of intrusion attemptsView AnswerAnswer: A Explanation: Mean time to detect...

A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?A . Develop a dashboard to track the indicators of compromise.B . Develop a query to search for...

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?A . Perform static code analysis.B . Require application fuzzing.C . Enforce input validation.D . Perform a code review.View AnswerAnswer: D Explanation: Performing a code review is...

During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following: • The development team used a new software language that was not supported by the security team's automated assessment tools. • During the...

A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to...

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be...

Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?A . Determine the sophistication of the audience that the report is meant forB . Include references and sources of information on the first pageC...

A security analyst is trying to identify anomalies on the network routing. Which of the following functions can the analyst use on a shell script to achieve the objective most accurately?A . function x() { info=$(geoiplookup $1) && echo "$1 | $info" }B . function x() { info=$(ping -c 1...