CYSA CS0-003 UPDATED ACTUAL Questions and CORRECT Answers
1. A recent zero-day vulnerability is being actively ex- A.
ploited, requires no user interaction or privilege esca- CVSS:31/AV:N/AC:L/PR:N/UI:
lation, and has a significant impact to confidentiality
and integrity but not to availability. Which of the fol-
lowing CVE metrics would be most accurate for this
zero-day threat?
A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L
B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
2. Which of the following tools would work best to pre- D. DLP
vent the exposure of PII outside of an organization?
A. PAM
B. IDS
C. PKI
D. DLP
3. An organization conducted a web application vulner- C. Configure
ability assessment against the corporate website, and an Access-Control-Al-
the following output was observed: low-Origin header to au-
thorized domains
Which of the following tuning recommendations
should the security analyst share?
4. Which of the following items should be included in a D. Affected hosts
vulnerability scan report? (Choose two.) E. Risk score
A. Lessons learned
, B. Service-level agreement
C. Playbook
D. Affected hosts
E. Risk score
F. Education plan
5. The Chief Executive Officer of an organization recently A. A mean time to remedi-
heard that exploitation of new attacks in the industry ate of 30 days
was happening approximately 45 days after a patch
was released. Which of the following would best pro-
tect this organization?
A. A mean time to remediate of 30 days
B. A mean time to detect of 45 days
C. A mean time to respond of 15 days
D. Third-party application testing
6. A security analyst recently joined the team and is try- A. PowerShell
ing to determine which scripting language is being
used in a production script to determine if it is mali-
cious. Given the following script:
Which of the following scripting languages was used
in the script?
A. PowerShell
B. Ruby
C. Python
D. Shell script
7. A company's user accounts have been compromised. B. An on-path attack is be-
Users are also reporting that the company's internal ing performed by some-
portal is sometimes only accessible through HTTP, one with internal access
, other times; it is accessible through HTTPS. Which that forces users into port
of the following most likely describes the observed 80
activity?
A. There is an issue with the SSL certificate causing
port 443 to become unavailable for HTTPS access
B. An on-path attack is being performed by someone
with internal access that forces users into port 80
C. The web server cannot handle an increasing
amount of HTTPS requests so it forwards users to port
80
D. An error was caused by BGP due to new rules ap-
plied over the company's internal routers
8. Company Policy: prioritize remediation, prioritize con- B. Name: CAP.SHIELD
fidentiality over availability, prioritize patching of pub- -CVSS
licly available systems versus internally available sys- 3.1/AV:N/AC:L/PR:N/UI:N/S:
tems ternal System
Which is the highest priority to patch?
A. Name: THOR.HAMMER
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HInter-
nal System
B. Name: CAP.SHIELD -CVSS
3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExternal
System
C. Name: LOKI.DAGGER
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExter-
nal System
D. Name: THANOS.GAUNTLET
, -CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NInter-
nal System
9. Which of the following will most likely ensure that A. Business continuity plan
mission-critical services are available in the event of
an incident?
A. Business continuity plan
B. Vulnerability management plan
C. Disaster recovery plan
D. Asset management plan
10. The Chief Information Security Officer wants to elimi- A. Deploy a CASB and en-
nate and reduce shadow IT in the enterprise. Several able policy enforcement
high-risk cloud applications are used that increase the
risk to the organization. Which of the following solu-
tions will assist in reducing the risk?
A. Deploy a CASB and enable policy enforcement
B. Configure MFA with strict access
C. Deploy an API gateway
D. Enable SSO to the cloud applications
11. An incident response team receives an alert to start C. DNS
an investigation of an internet outage. The outage is
preventing all users in multiple locations from access-
ing external SaaS resources. The team determines the
organization was impacted by a DDoS attack. Which of
the following logs should the team review first?
A. CDN
B. Vulnerability scanner
1. A recent zero-day vulnerability is being actively ex- A.
ploited, requires no user interaction or privilege esca- CVSS:31/AV:N/AC:L/PR:N/UI:
lation, and has a significant impact to confidentiality
and integrity but not to availability. Which of the fol-
lowing CVE metrics would be most accurate for this
zero-day threat?
A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L
B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
2. Which of the following tools would work best to pre- D. DLP
vent the exposure of PII outside of an organization?
A. PAM
B. IDS
C. PKI
D. DLP
3. An organization conducted a web application vulner- C. Configure
ability assessment against the corporate website, and an Access-Control-Al-
the following output was observed: low-Origin header to au-
thorized domains
Which of the following tuning recommendations
should the security analyst share?
4. Which of the following items should be included in a D. Affected hosts
vulnerability scan report? (Choose two.) E. Risk score
A. Lessons learned
, B. Service-level agreement
C. Playbook
D. Affected hosts
E. Risk score
F. Education plan
5. The Chief Executive Officer of an organization recently A. A mean time to remedi-
heard that exploitation of new attacks in the industry ate of 30 days
was happening approximately 45 days after a patch
was released. Which of the following would best pro-
tect this organization?
A. A mean time to remediate of 30 days
B. A mean time to detect of 45 days
C. A mean time to respond of 15 days
D. Third-party application testing
6. A security analyst recently joined the team and is try- A. PowerShell
ing to determine which scripting language is being
used in a production script to determine if it is mali-
cious. Given the following script:
Which of the following scripting languages was used
in the script?
A. PowerShell
B. Ruby
C. Python
D. Shell script
7. A company's user accounts have been compromised. B. An on-path attack is be-
Users are also reporting that the company's internal ing performed by some-
portal is sometimes only accessible through HTTP, one with internal access
, other times; it is accessible through HTTPS. Which that forces users into port
of the following most likely describes the observed 80
activity?
A. There is an issue with the SSL certificate causing
port 443 to become unavailable for HTTPS access
B. An on-path attack is being performed by someone
with internal access that forces users into port 80
C. The web server cannot handle an increasing
amount of HTTPS requests so it forwards users to port
80
D. An error was caused by BGP due to new rules ap-
plied over the company's internal routers
8. Company Policy: prioritize remediation, prioritize con- B. Name: CAP.SHIELD
fidentiality over availability, prioritize patching of pub- -CVSS
licly available systems versus internally available sys- 3.1/AV:N/AC:L/PR:N/UI:N/S:
tems ternal System
Which is the highest priority to patch?
A. Name: THOR.HAMMER
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HInter-
nal System
B. Name: CAP.SHIELD -CVSS
3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExternal
System
C. Name: LOKI.DAGGER
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExter-
nal System
D. Name: THANOS.GAUNTLET
, -CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NInter-
nal System
9. Which of the following will most likely ensure that A. Business continuity plan
mission-critical services are available in the event of
an incident?
A. Business continuity plan
B. Vulnerability management plan
C. Disaster recovery plan
D. Asset management plan
10. The Chief Information Security Officer wants to elimi- A. Deploy a CASB and en-
nate and reduce shadow IT in the enterprise. Several able policy enforcement
high-risk cloud applications are used that increase the
risk to the organization. Which of the following solu-
tions will assist in reducing the risk?
A. Deploy a CASB and enable policy enforcement
B. Configure MFA with strict access
C. Deploy an API gateway
D. Enable SSO to the cloud applications
11. An incident response team receives an alert to start C. DNS
an investigation of an internet outage. The outage is
preventing all users in multiple locations from access-
ing external SaaS resources. The team determines the
organization was impacted by a DDoS attack. Which of
the following logs should the team review first?
A. CDN
B. Vulnerability scanner
