comptia cs0-003 practice test

CompTIA CySA+ (CS0-003)

Last exam update: Dec 14 ,2024
Page 1 out of 15. Viewing questions 1-10 out of 149

Question 1

An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?

  • A. Scope
  • B. Weaponization
  • C. CVSS
  • D. Asset value
Mark Question:
Answer:

b

User Votes:
A 4 votes
50%
B 6 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Rama
1 month, 3 weeks ago

weaponisation


Question 2

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

  • A. Upload the binary to an air gapped sandbox for analysis Most Votes
  • B. Send the binaries to the antivirus vendor
  • C. Execute the binaries on an environment with internet connectivity
  • D. Query the file hashes using VirusTotal
Mark Question:
Answer:

a

User Votes:
A 10 votes
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
tmkencele
1 year, 1 month ago

Upload the binary to an air gapped sandbox for analysis

Rama
1 month, 3 weeks ago

sending to antivirus vendors


Question 3

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?

  • A. Beaconing
  • B. Cross-site scripting
  • C. Buffer overflow
  • D. PHP traversal
Mark Question:
Answer:

a

User Votes:
A 7 votes
50%
B 3 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

  • A. Weaponization
  • B. Reconnaissance
  • C. Delivery
  • D. Exploitation
Mark Question:
Answer:

d

User Votes:
A 2 votes
50%
B
50%
C
50%
D 8 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Rama
1 month, 3 weeks ago

exploitation


Question 5

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)

  • A. Beaconing
  • B. Domain Name System hijacking
  • C. Social engineering attack Most Votes
  • D. On-path attack
  • E. Obfuscated links Most Votes
  • F. Address Resolution Protocol poisoning
Mark Question:
Answer:

ce

User Votes:
A 1 votes
50%
B 1 votes
50%
C 10 votes
50%
D
50%
E 10 votes
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
Rama
1 month, 3 weeks ago

soccial engineering and obfuscated attack


Question 6

When starting an investigation, which of the following must be done first?

  • A. Notify law enforcement
  • B. Secure the scene
  • C. Seize all related evidence
  • D. Interview the witnesses
Mark Question:
Answer:

b

User Votes:
A
50%
B 8 votes
50%
C 1 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Rama
1 month, 3 weeks ago

secure the scene


Question 7

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?

  • A. function w() { a=$(ping -c 1 $1 | awk-F / END{print $1}) && echo $1 | $a }
  • B. function x() { b=traceroute -m 40 $1 | awk END{print $1}) && echo $1 | $b }
  • C. function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F .in-addr {print $1}).origin.asn.cymru.com TXT +short }
  • D. function z() { c=$(geoiplookup$1) && echo $1 | $c }
Mark Question:
Answer:

c

User Votes:
A
50%
B 1 votes
50%
C 6 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

A security analyst received a malicious binary file to analyze. Which of the following is the best technique to perform the analysis?

  • A. Code analysis
  • B. Static analysis
  • C. Reverse engineering
  • D. Fuzzing
Mark Question:
Answer:

b

User Votes:
A 2 votes
50%
B 6 votes
50%
C 3 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
nel
1 year ago

reverse engineering

Rama
1 month, 3 weeks ago

statis analysis


Question 9

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

  • A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
  • B. An on-path attack is being performed by someone with internal access that forces users into port 80
  • C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
  • D. An error was caused by BGP due to new rules applied over the company's internal routers
Mark Question:
Answer:

b

User Votes:
A 2 votes
50%
B 7 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Rama
1 month, 3 weeks ago

internal attack force to use port 80 sometimes


Question 10

Which of the following best describes the goal of a tabletop exercise?

  • A. To test possible incident scenarios and how to react properly Most Votes
  • B. To perform attack exercises to check response effectiveness
  • C. To understand existing threat actors and how to replicate their techniques
  • D. To check the effectiveness of the business continuity plan
Mark Question:
Answer:

a

User Votes:
A 10 votes
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Rama
1 month, 3 weeks ago

incident response and reeact plan

To page 2