CS0-003 exam

A company creates digitally signed packages for its devices. Which of the following best describes the method by which the security packages are delivered to the company's customers?A . Antitamper mechanismB . SELinuxC . Trusted firmware updatesD . eFuseView AnswerAnswer: C Explanation: Trusted firmware updates are a method by which...

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment: Which of the following should be completed first to remediate the findings?A . Ask the web development team to update the page contentsB . Add...

There are several reports of sensitive information being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?A . Implement step-up authentication for administratorsB . Improve employee training and...

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?A . Credentialed...

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?A . A mean time to remediate of 30 daysB . A mean time to...

Which of the following software assessment methods world peak times?A . Security regression testingB . Stress testingC . Static analysis testingD . Dynamic analysis testingE . User acceptance testingView AnswerAnswer: B Explanation: Stress testing is a software assessment method that tests how an application performs under peak times or extreme...

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)A . BeaconinqB . Domain Name System...

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?A . Potential data loss to external usersB . Loss of public/private key managementC . Cloud-based authentication...

Which of the following security operations tasks are ideal for automation?A . Suspicious file analysis: - Look for suspicious-looking graphics in a folder. - Create subfolders in the original folder based on category of graphics found. - Move the suspicious graphics to the appropriate subfolderB . Firewall IoC block actions:...

A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing...