CS0-003 exam

During an incident, an analyst needs to acquire evidence for later investigation. Which of the following must be collected first in a computer system, related to its volatility level?A . Disk contentsB . Backup dataC . Temporary filesD . Running processesView AnswerAnswer: D Explanation: The most volatile type of evidence...

An organization wants to move non-essential services into a cloud computing environment. The management team has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work best to attain the desired outcome?A . Duplicate all services...

During a company’s most recent incident, a vulnerability in custom software was exploited on an externally facing server by an APT. The lessons-learned report noted the following: • The development team used a new software language that was not supported by the security team's automated assessment tools. • During the...

The following output is from a tcpdump al the edge of the corporate network: Which of the following best describes the potential security concern?A . Payload lengths may be used to overflow buffers enabling code execution.B . Encapsulated traffic may evade security monitoring and defensesC . This traffic exhibits a...

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating...

An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain...

When starting an investigation, which of the following must be done first?A . Notify law enforcementB . Secure the sceneC . Seize all related evidenceD . Interview the witnessesView AnswerAnswer: B Explanation: The first thing that must be done when starting an investigation is to secure the scene. Securing the...

During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?A . Generate hashes for each file from the hard drive.B . Create...

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?A . Data enrichmentB . Security control planeC . Threat feed combinationD...

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the...