comptia cs0-003 practice test

CompTIA CySA+ (CS0-003)

Last exam update: Apr 12 ,2024
Page 1 out of 15. Viewing questions 1-10 out of 149

Question 1

An older CVE with a vulnerability score of 7.1 was elevated to a score of 9.8 due to a widely available exploit being used to deliver ransomware. Which of the following factors would an analyst most likely communicate as the reason for this escalation?

  • A. Scope
  • B. Weaponization
  • C. CVSS
  • D. Asset value
Answer:

b

User Votes:
A 1 votes
50%
B 4 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

  • A. Upload the binary to an air gapped sandbox for analysis
  • B. Send the binaries to the antivirus vendor
  • C. Execute the binaries on an environment with internet connectivity
  • D. Query the file hashes using VirusTotal
Answer:

a

User Votes:
A 4 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
tmkencele
5 months ago

Upload the binary to an air gapped sandbox for analysis


Question 3

An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed?

  • A. Beaconing
  • B. Cross-site scripting
  • C. Buffer overflow
  • D. PHP traversal
Answer:

a

User Votes:
A 2 votes
50%
B 3 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

A malicious actor has gained access to an internal network by means of social engineering. The actor does not want to lose access in order to continue the attack. Which of the following best describes the current stage of the Cyber Kill Chain that the threat actor is currently operating in?

  • A. Weaponization
  • B. Reconnaissance
  • C. Delivery
  • D. Exploitation
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

An incident response analyst notices multiple emails traversing the network that target only the administrators of the company. The email contains a concealed URL that leads to an unknown website in another country. Which of the following best describes what is happening? (Choose two.)

  • A. Beaconing
  • B. Domain Name System hijacking
  • C. Social engineering attack
  • D. On-path attack
  • E. Obfuscated links
  • F. Address Resolution Protocol poisoning
Answer:

ce

User Votes:
A
50%
B 1 votes
50%
C 3 votes
50%
D
50%
E 3 votes
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000

Question 6

When starting an investigation, which of the following must be done first?

  • A. Notify law enforcement
  • B. Secure the scene
  • C. Seize all related evidence
  • D. Interview the witnesses
Answer:

b

User Votes:
A
50%
B 2 votes
50%
C 1 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A security analyst is trying to identify possible network addresses from different source networks belonging to the same company and region. Which of the following shell script functions could help achieve the goal?

  • A. function w() { a=$(ping -c 1 $1 | awk-F / END{print $1}) && echo $1 | $a }
  • B. function x() { b=traceroute -m 40 $1 | awk END{print $1}) && echo $1 | $b }
  • C. function y() { dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F .in-addr {print $1}).origin.asn.cymru.com TXT +short }
  • D. function z() { c=$(geoiplookup$1) && echo $1 | $c }
Answer:

c

User Votes:
A
50%
B
50%
C 2 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

A security analyst received a malicious binary file to analyze. Which of the following is the best technique to perform the analysis?

  • A. Code analysis
  • B. Static analysis
  • C. Reverse engineering
  • D. Fuzzing
Answer:

b

User Votes:
A
50%
B 4 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
nel
4 months, 2 weeks ago

reverse engineering


Question 9

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

  • A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
  • B. An on-path attack is being performed by someone with internal access that forces users into port 80
  • C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
  • D. An error was caused by BGP due to new rules applied over the company's internal routers
Answer:

b

User Votes:
A 1 votes
50%
B 3 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following best describes the goal of a tabletop exercise?

  • A. To test possible incident scenarios and how to react properly
  • B. To perform attack exercises to check response effectiveness
  • C. To understand existing threat actors and how to replicate their techniques
  • D. To check the effectiveness of the business continuity plan
Answer:

a

User Votes:
A 4 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2