CS0-003 exam

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?A . Identify any improvements or changes in the incident response plan or proceduresB . Determine if an internal mistake was made and who did it so they do not repeat the...

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?A . Take a snapshot of the compromised server and verify its integrityB . Restore the affected server to remove...

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . TestingB . ImplementationC . ValidationD . RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?A . Mean time to detectB . Number of exploits by tacticC . Alert volumeD . Quantity of intrusion attemptsView AnswerAnswer: A Explanation: Mean time to detect...

A new cybersecurity analyst is tasked with creating an executive briefing on possible threats to the organization. Which of the following will produce the data needed for the briefing?A . Firewall logsB . Indicators of compromiseC . Risk assessmentD . Access control listsView AnswerAnswer: B Explanation: Indicators of compromise (IoCs)...

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output: Which of the following commands should the administrator run next to further analyze the compromised system?A . gbd /proc/1301B . rpm -V openssh-serverC . /bin/Is -1 /proc/1301/exeD . kill -9...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?A . There is an issue with the SSL certificate causinq port...

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards CouncilB . Local law enforcementC . Federal law enforcementD . Card issuerView AnswerAnswer: D Explanation: Under the terms of...

A security analyst is reviewing the following log entries to identify anomalous activity: Which of the following attack types is occurring?A . Directory traversalB . SQL injectionC . Buffer overflowD . Cross-site scriptingView AnswerAnswer: A Explanation: A directory traversal attack is a type of web application attack that exploits insufficient...