CS0-003 exam

During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?A . Generate hashes for each file from the hard drive.B . Create...

A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to...

A technician identifies a vulnerability on a server and applies a software patch. Which of the following should be the next step in the remediation process?A . TestingB . ImplementationC . ValidationD . RollbackView AnswerAnswer: C Explanation: The next step in the remediation process after applying a software patch is...

An analyst is remediating items associated with a recent incident. The analyst has isolated the vulnerability and is actively removing it from the system. Which of the following steps of the process does this describe?A . EradicationB . RecoveryC . ContainmentD . PreparationView AnswerAnswer: A Explanation: Eradication is a step...

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?A . Develop a call tree to inform impacted usersB . Schedule a review with all teams to discuss what occurredC . Create an executive summary to...

A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst...

The analyst reviews the following endpoint log entry: Which of the following has occurred?A . Registry changeB . Rename computerC . New account introducedD . Privilege escalationView AnswerAnswer: C Explanation: The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a...

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step...

An organization supports a large number of remote users. Which of the following is the best option to protect the data on the remote users' laptops? A. Require the use of VPNs. B. Require employees to sign an NDA. C. Implement a DLP solution. D. Use whole disk encryption.View AnswerAnswer:...

The security operations team is required to consolidate several threat intelligence feeds due to redundant tools and portals. Which of the following will best achieve the goal and maximize results?A . Single pane of glassB . Single sign-onC . Data enrichmentD . DeduplicationView AnswerAnswer: D Explanation: Deduplication is a process...