Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

CompTIA CySA+ CS0-003 Book

Page: 4 / 24
Question 16

An organization receives a legal hold request from an attorney. The request pertains to emails related to a disputed vendor contract. Which of the following is the first step for the security team to take to ensure compliance with the request?

Options:

A.

Publicly disclose the request to other vendors.

B.

Notify the departments involved to preserve potentially relevant information.

C.

Establish a chain of custody, starting with the attorney's request.

D.

Back up the mailboxes on the server and provide the attorney with a copy.

Question 17

A SOC analyst identifies the following content while examining the output of a debugger command over a client-server application:

getconnection (database01, "alpha " , "AXTV. 127GdCx94GTd") ;

Which of the following is the most likely vulnerability in this system?

Options:

A.

Lack of input validation

B.

SQL injection

C.

Hard-coded credential

D.

Buffer overflow attacks

Question 18

An employee downloads a freeware program to change the desktop to the classic look of legacy Windows. Shortly after the employee installs the program, a high volume of random DNS queries begin

to originate from the system. An investigation on the system reveals the following:

Add-MpPreference -ExclusionPath '%Program Filest\ksysconfig'

Which of the following is possibly occurring?

Options:

A.

Persistence

B.

Privilege escalation

C.

Credential harvesting

D.

Defense evasion

Question 19

A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to build the case for the investigation. Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?

Options:

A.

Create a timeline of events detailinq the date stamps, user account hostname and IP information associated with the activities

B.

Ensure that the case details do not reflect any user-identifiable information Password protect the evidence and restrict access to personnel related to the investigation

C.

Create a code name for the investigation in the ticketing system so that all personnel with access will not be able to easily identity the case as an HR-related investigation

D.

Notify the SOC manager for awareness after confirmation that the activity was intentional

Page: 4 / 24
Exam Code: CS0-003
Exam Name: CompTIA CyberSecurity Analyst CySA+ Certification Exam
Last Update: Sep 12, 2024
Questions: 327
CS0-003 pdf

CS0-003 PDF

$28  $80
CS0-003 Engine

CS0-003 Testing Engine

$33.25  $95
CS0-003 PDF + Engine

CS0-003 PDF + Testing Engine

$45.5  $130