CompTIA CS0-003 Übungsprüfungen
Zuletzt aktualisiert am 27.04.2025- Prüfungscode: CS0-003
- Prüfungsname: CompTIA Cybersecurity Analyst (CySA+) Exam
- Zertifizierungsanbieter: CompTIA
- Zuletzt aktualisiert am: 27.04.2025
Joe, a leading sales person at an organization, has announced on social media that he is leaving his current role to start a new company that will compete with his current employer. Joe is soliciting his current employer’s customers. However, Joe has not resigned or discussed this with his current supervisor yet.
Which of the following would be the best action for the incident response team to recommend?
- A . Isolate Joe’s PC from the network
- B . Reimage the PC based on standard operating procedures
- C . Initiate a remote wipe of Joe’s PC using mobile device management
- D . Perform no action until HR or legal counsel advises on next steps
Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?
- A . TO provide metrics and test continuity controls
- B . To verify the roles of the incident response team
- C . To provide recommendations for handling vulnerabilities
- D . To perform tests against implemented security controls
A Chief Information Security Officer (CISO) is concerned that a specific threat actor who is known to target the company’s business type may be able to breach the network and remain inside of it for an extended period of time.
Which of the following techniques should be performed to meet the CISO’s goals?
- A . Vulnerability scanning
- B . Adversary emulation
- C . Passive discovery
- D . Bug bounty
Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?
- A . Determine the sophistication of the audience that the report is meant for
- B . Include references and sources of information on the first page
- C . Include a table of contents outlining the entire report
- D . Decide on the color scheme that will effectively communicate the metrics
A security analyst received a malicious binary file to analyze.
Which of the following is the best technique to perform the analysis?
- A . Code analysis
- B . Static analysis
- C . Reverse engineering
- D . Fuzzing
A security analyst discovers an ongoing ransomware attack while investigating a phishing email. The analyst downloads a copy of the file from the email and isolates the affected workstation from the network.
Which of the following activities should the analyst perform next?
- A . Wipe the computer and reinstall software
- B . Shut down the email server and quarantine it from the network.
- C . Acquire a bit-level image of the affected workstation.
- D . Search for other mail users who have received the same file.
After completing a review of network activity. the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m.
Which of the following is potentially occurring?
- A . Irregular peer-to-peer communication
- B . Rogue device on the network
- C . Abnormal OS process behavior
- D . Data exfiltration
After completing a review of network activity. the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m.
Which of the following is potentially occurring?
- A . Irregular peer-to-peer communication
- B . Rogue device on the network
- C . Abnormal OS process behavior
- D . Data exfiltration
A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?
- A . The use of infrastructure-as-code capabilities leads to an increased attack surface.
- B . Patching the underlying application server becomes the responsibility of the client.
- C . The application is unable to use encryption at the database level.
- D . Insecure application programming interfaces can lead to data compromise.
Several vulnerability scan reports have indicated runtime errors as the code is executing. The dashboard that lists the errors has a command-line interface for developers to check for vulnerabilities.
Which of the following will enable a developer to correct this issue? (Select two).
- A . Performing dynamic application security testing
- B . Reviewing the code
- C . Fuzzing the application
- D . Debugging the code
- E . Implementing a coding standard
- F . Implementing IDS