CS0-003 exam

Which of the following items should be included in a vulnerability scan report? (Choose two.)A . Lessons learnedB . Service-level agreementC . PlaybookD . Affected hostsE . Risk scoreF . Education planView AnswerAnswer: D, E Explanation: A vulnerability scan report should include information about the affected hosts, such as their...

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?A . Business continuity planB . Vulnerability management planC . Disaster recovery planD . Asset management planView AnswerAnswer: C Explanation:

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed: Which of the following tuning recommendations should the security analyst share?A . Set an HttpOnlvflaq to force communication by HTTPSB . Block requests without an X-Frame-Options headerC . Configure an Access-Control-Allow-Origin header...

A user downloads software that contains malware onto a computer that eventually infects numerous other systems. Which of the following has the user become?A . HacklivistB . Advanced persistent threatC . Insider threatD . Script kiddieView AnswerAnswer: C Explanation: The user has become an insider threat by downloading software that...

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?A . Data enrichmentB . Security control planeC . Threat feed combinationD...

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?A . function w() { a=$(ping -c 1 $1 | awk-F ”/” ’END{print $1}’) && echo “$1 |...

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which...

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?A . Take a snapshot of the compromised server and verify its integrityB . Restore the affected server to remove...

New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy. Which of the following will the SOC manager most likely recommend to help ensure new...

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?A . The lead should review what is documented in the incident response policy or planB . Management level members of the CSIRT should make that decisionC . The lead...