CS0-003 Practice Exam Questions and Answers grade A+ SOLUTIONS

Question # 1 Which of the following is described as a method of enforcing a security policy between cloud customers and cloud services? A.CASB B.DMARC C.SIEM D.PAM Question # 2 A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue? Options: A.Increasing training and awareness for all staff B.Ensuring that malicious websites cannot be visited C.Blocking all scripts downloaded from the internet D.Disabling all staff members' ability to run downloaded applications Question # 3 Which of the following is often used to keep the number of alerts to a manageable level when establishing a process to track and analyze violations? A.Log retention B.Log rotation C.Maximum log size D.Threshold value Question # 4 A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods should be used to resolve this issue? A.Credentialed scan B.External scan C.Differential scan D.Network scan Question # 5 A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device. Instructions: Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan. For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time. Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results. The Linux Web Server, File-Print Server and Directory Server are draggable. If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. Question # 6 An analyst notices there is an internal device sending HTTPS traffic with additional characters in the header to a known-malicious IP in another country. Which of the following describes what the analyst has noticed? A.Beaconing B.Cross-site scripting C.Buffer overflow D.PHP traversal Question # 7 An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window. However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent? A.Proprietary systems B.Legacy systems C.Unsupported operating systems D.Lack of maintenance windows Question # 8 A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device's operating system. Which of the following best meets this requirement? A.SIEM B.CASB C.SOAR D.EDR Question # 9 Which of the following would help an analyst to quickly find out whether the IP address in a SIEM alert is a known-malicious IP address? A.Join an information sharing and analysis center specific to the company's industry. CONTINUED.......