CS0-003 exam

Which of the following software assessment methods world peak times?A . Security regression testingB . Stress testingC . Static analysis testingD . Dynamic analysis testingE . User acceptance testingView AnswerAnswer: B Explanation: Stress testing is a software assessment method that tests how an application performs under peak times or extreme...

During an investigation, an analyst discovers the following rule in an executive's email client: The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?A . Check the server logs to evaluate which emails were...

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?A . Prepared statementsB . Server-side input validationC . Client-side input encodingD . Disabled JavaScript filteringView AnswerAnswer: B Explanation: Server-side input validation is a solution that can prevent cross-site...

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating...

After conducting a cybersecurity risk assessment for a new software request, a Chief Information Security Officer (CISO) decided the risk score would be too high. The CISO refused the software request. Which of the following risk management principles did the CISO select?A . AvoidB . TransferC . AcceptD . MitigateView...

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?A . Potential data loss to external usersB . Loss of public/private key managementC . Cloud-based authentication...

Which of the following would help to minimize human engagement and aid in process improvement in security operations?A . OSSTMMB . SIEMC . SOARD . QVVASPView AnswerAnswer: C Explanation: SOAR stands for security orchestration, automation, and response, which is a term that describes a set of tools, technologies, or platforms...

A security analyst received a malicious binary file to analyze. Which of the following is the best technique to perform the analysis?A . Code analysisB . Static analysisC . Reverse engineeringD . FuzzingView AnswerAnswer: C Explanation: Reverse engineering is a technique that involves analyzing a binary file to understand its...

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: Which of the following scripting languages was used in the script?A . PowerShelB . RubyC . PythonD ....

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?A . Credentialed...