Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CS0-003 Exam Dumps - CompTIA CySA+ Questions and Answers

Question # 74

A security program was able to achieve a 30% improvement in MTTR by integrating security controls into a SIEM. The analyst no longer had to jump between tools. Which of the following best describes what the security program did?

Options:

A.

Data enrichment

B.

Security control plane

C.

Threat feed combination

D.

Single pane of glass

Buy Now
Question # 75

Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a notification to the asset owners, the patch cannot be deployed due to planned, routine system upgrades Which of the following is the best method to remediate the bugs?

Options:

A.

Reschedule the upgrade and deploy the patch

B.

Request an exception to exclude the patch from installation

C.

Update the risk register and request a change to the SLA

D.

Notify the incident response team and rerun the vulnerability scan

Buy Now
Question # 76

A company classifies security groups by risk level. Any group with a high-risk classification requires multiple levels of approval for member or owner changes. Which of the following inhibitors to remediation is the company utilizing?

Options:

A.

Organizational governance

B.

MOU

C.

SLA

D.

Business process interruption

Buy Now
Question # 77

After conducting a cybersecurity risk assessment for a new software request, a Chief Information Security Officer (CISO) decided the risk score would be too high. The CISO refused the software request. Which of the following risk management principles did the CISO select?

Options:

A.

Avoid

B.

Transfer

C.

Accept

D.

Mitigate

Buy Now
Question # 78

A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?

Options:

A.

A local red team member is enumerating the local RFC1918 segment to enumerate hosts.

B.

A threat actor has a foothold on the network and is sending out control beacons.

C.

An administrator executed a new database replication process without notifying the SOC.

D.

An insider threat actor is running Responder on the local segment, creating traffic replication.

Buy Now
Question # 79

Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer's customers. However, Joe has not resigned or discussed this with his current supervisor yet. Which of the following would be the best action for the incident response team to recommend?

Options:

A.

Isolate Joe's PC from the network

B.

Reimage the PC based on standard operating procedures

C.

Initiate a remote wipe of Joe's PC using mobile device management

D.

Perform no action until HR or legal counsel advises on next steps

Buy Now
Question # 80

An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server. Which of the following compensating controls will help contain the adversary while meeting the other requirements? (Select two).

Options:

A.

Drop the tables on the database server to prevent data exfiltration.

B.

Deploy EDR on the web server and the database server to reduce the adversaries capabilities.

C.

Stop the httpd service on the web server so that the adversary can not use web exploits

D.

use micro segmentation to restrict connectivity to/from the web and database servers.

E.

Comment out the HTTP account in the / etc/passwd file of the web server

F.

Move the database from the database server to the web server.

Buy Now
Question # 81

A manufacturer has hired a third-party consultant to assess the security of an OT network that includes both fragile and legacy equipment Which of the following must be considered to ensure the consultant does no harm to operations?

Options:

A.

Employing Nmap Scripting Engine scanning techniques

B.

Preserving the state of PLC ladder logic prior to scanning

C.

Using passive instead of active vulnerability scans

D.

Running scans during off-peak manufacturing hours

Buy Now
Question # 82

A security analyst needs to secure digital evidence related to an incident. The security analyst must ensure that the accuracy of the data cannot be repudiated. Which of the following should be implemented?

Options:

A.

Offline storage

B.

Evidence collection

C.

Integrity validation

D.

Legal hold

Buy Now
Question # 83

The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company:

Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email?

Options:

A.

Vulnerability A

B.

Vulnerability B

C.

Vulnerability C

D.

Vulnerability D

Buy Now
Exam Code: CS0-003
Exam Name: CompTIA CyberSecurity Analyst CySA+ Certification Exam
Last Update: Apr 2, 2025
Questions: 424
CS0-003 pdf

CS0-003 PDF

$25.5  $84.99
CS0-003 Engine

CS0-003 Testing Engine

$28.5  $94.99
CS0-003 PDF + Engine

CS0-003 PDF + Testing Engine

$40.5  $134.99