CS0-003 Online Practice Questions and Answers

A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst recommend to best meet all the requirements?

A. EDR

B. Port security

C. NAC

D. Segmentation

A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

A. Disable the appropriate settings in the administrative template of the Group Policy.

B. Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.

C. Modify the registry keys that correlate with the access settings for the System32 directory.

D. Remove the user's permissions from the various system executables.

A security analyst receives a report indicating a system was compromised due to malware that was downloaded from the internet using TFTP. The analyst is instructed to block TFTP at the corporate firewall. Given the following portion of the current firewall rule set:

Which of the following rules should be added to accomplish this goal?

A. UDP ANY ANY ANY 20 Deny

B. UDP ANY ANY 69 69 Deny

C. UDP ANY ANY 67 68 Deny

D. UDP ANY ANY ANY 69 Deny

E. UDP ANY ANY ANY 69 Deny

An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

A. Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.

B. Extract the server's system timeline, verifying hashes and network connections during a certain time frame.

C. Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.

D. Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

A security analyst needs to automate the incident response process for malware infections. When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Which of the following is the best way for the analyst to automate alert generation?

A. Deploy a signature-based IDS

B. Install a UEBA-capable antivirus

C. Implement email protection with SPF

D. Create a custom rule on a SIEM

A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?

A. Geoblock the offending source country.

B. Block the IP range of the scans at the network firewall.

C. Perform a historical trend analysis and look for similar scanning activity.

D. Block the specific IP address of the scans at the network firewall.

A security analyst needs to mitigate a known, exploited vulnerability related to an attack vector that embeds software through the USB interface. Which of the following should the analyst do first?

A. Conduct security awareness training on the risks of using unknown and unencrypted USBs.

B. Write a removable media policy that explains that USBs cannot be connected to a company asset.

C. Check configurations to determine whether USB ports are enabled on company assets.

D. Review logs to see whether this exploitable vulnerability has already impacted the company.

A new zero-day vulnerability was released. A security analyst is prioritizing which systems should receive deployment of compensating controls deployment first. The systems have been grouped into the categories shown below:

Which of the following groups should be prioritized for compensating controls?

A. Group A

B. Group B

C. Group C

D. Group D

A cybersecurity analyst is participating with the DLP project team to classify the organization's data. Which of the following is the primary purpose for classifying data?

A. To identify regulatory compliance requirements

B. To facilitate the creation of DLP rules

C. To prioritize IT expenses

D. To establish the value of data to the organization

While reviewing web server logs, a security analyst discovers the following suspicious line:

Which of the following is being attempted?

A. Remote file inclusion

B. Command injection

C. Server-side request forgery

D. Reverse shell