CompTIA CS0-003 Exam Practice Test Instant Access

Question 1

A security analyst has prepared a vulnerability scan that contains all of the company's functional subnets. During the initial scan, users reported that network printers began to print pages that contained unreadable text and icons.

Which of the following should the analyst do to ensure this behavior does not oocur during subsequent vulnerability scans?

APerform non-credentialed scans.

BIgnore embedded web server ports.

CCreate a tailored scan for the printer subnet.

DIncrease the threshold length of the scan timeout.

Answer : C

The best way to prevent network printers from printing pages during a vulnerability scan is to create a tailored scan for the printer subnet that excludes the ports and services that trigger the printing behavior. The other options are not effective for this purpose: performing non-credentialed scans may not reduce the impact on the printers; ignoring embedded web server ports may not cover all the possible ports that cause printing; increasing the threshold length of the scan timeout may not prevent the printing from occurring.

According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of vulnerability scanning tools, such as Nessus, Nmap, and Qualys, in chapter 4. Specifically, it explains the meaning and function of each component in vulnerability scanning, such as credentialed vs. non-credentialed scans, port scanning, and scan scheduling1, pages 149-160. It also discusses the common issues and challenges of vulnerability scanning, such as network disruptions, false positives, and scan scope1, pages 161-162. Therefore, this is a reliable source to verify the answer to the question.

Question 2

An analyst investigated a website and produced the following:

Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?

Anmap -sS -T4 -F insecure.org

Bnmap -o insecure.org

Cnmap -sV -T4 -F insecure.org

Dnmap -A insecure.org

Answer : C

Question 3

An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most likely performed?

ARFI

BLFI

CCSRF

DXSS

Answer : C

CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. An attacker may trick the user into clicking a malicious link or submitting a forged form that performs an action on the user's behalf, such as changing their password or transferring funds. If the user has several tabs open in the browser, they may not notice the CSRF request or the resulting change in their account. Updating the browser may have cleared the user's cache or cookies, preventing them from logging in to their account after the CSRF attack.

Question 4

Which of the following best explains the importance of communicating with staff regarding the official public communication plan related to incidents impacting the organization?

ATo establish what information is allowed to be released by designated employees

BTo designate an external public relations firm to represent the organization

CTo ensure that all news media outlets are informed at the same time

DTo define how each employee will be contacted after an event occurs

Answer : A

Communicating with staff about the official public communication plan is important to avoid unauthorized or inaccurate disclosure of information that could harm the organization's reputation, security, or legal obligations. It also helps to ensure consistency and clarity of the messages delivered to the public and other stakeholders.

https://resources.sei.cmu.edu/asset_files/Handbook/2021_002_001_651819.pdf

Question 5

Which of the following is the most appropriate action a security analyst to take to effectively identify the most security risks associated with a locally hosted server?

ARun the operating system update tool to apply patches that are missing.

BContract an external penetration tester to attempt a brute-force attack.

CDownload a vendor support agent to validate drivers that are installed.

DExecute a vulnerability scan against the target host.

Answer : D

A vulnerability scan is a process of identifying and assessing the security weaknesses of a system or network. A vulnerability scan can help a security analyst to effectively identify the most security risks associated with a locally hosted server, such as missing patches, misconfigurations, outdated software, or exposed services. A vulnerability scan can also provide recommendations on how to remediate the identified vulnerabilities and improve the security posture of the server12 Reference: 1: What is a Vulnerability Scan? | Definition and Examples 2: Securing a server: risks, challenges and best practices - Vaadata

Question 6

During a scan of a web server in the perimeter network, a vulnerability was identified that could be exploited over port 3389. The web server is protected by a WAF. Which of the following best represents the change to overall risk associated with this vulnerability?

AThe risk would not change because network firewalls are in use.

BThe risk would decrease because RDP is blocked by the firewall.

CThe risk would decrease because a web application firewall is in place.

DThe risk would increase because the host is external facing.

Answer : B

Port 3389 is commonly used by Remote Desktop Protocol (RDP), which is a service that allows remote access to a system. A vulnerability on this port could allow an attacker to compromise the web server or use it as a pivot point to access other systems. However, if the firewall blocks this port, the risk of exploitation is reduced.

Question 7

A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?

AXDR logs

BFirewall logs

CIDS logs

DMFA logs

Answer : A

XDR logs will confirm the malware infection because XDR is a system that collects and analyzes data from multiple sources, such as endpoints, networks, cloud applications, and email security, to detect and respond to advanced threats12. XDR can provide a comprehensive view of the attack chain and the context of the malware infection. Firewall logs, IDS logs, and MFA logs are not sufficient to confirm the malware infection, as they only provide partial or indirect information about the network traffic, intrusion attempts, or user authentication. Reference: Cybersecurity Analyst+ - CompTIA, XDR: definition and benefits for MSPs| WatchGuard Blog, Extended detection and response - Wikipedia

CompTIA CS0-003 CompTIA Cybersecurity Analyst (CySA+) Exam Practice Test