CYSA+ CS0-003 UPDATED ACTUAL Questions and CORRECT Answers
1. An analyst is performing penetration testing and vul- E. CAN bus
nerability assessment activities against a new vehicle
automation platform.
Which of the following is MOST likely an attack vector
that is being utilized as part of the testing and assess-
ment?
A. FaaS
B. RTOS
C. SoC
D. GPS
E. CAN bus
2. An information security analyst observes anomalous C. Use Wireshark to
behavior on the SCADA devices in a power plant. This capture packets between
behavior results in the industrial generators overheat- SCADA devices and the
ing and destabilizing the power supply. management system.
Which of the following would BEST identify potential
indicators of compromise?
A. Use Burp Suite to capture packets to the SCADA
device's IP.
B. Use tcpdump to capture packets from the SCADA
device IP.
C. Use Wireshark to capture packets between SCADA
devices and the management system.
D. Use Nmap to capture packets from the manage-
ment system to the SCADA devices.
3. Which of the following would MOST likely be included B. Public relations
in the incident response procedure after a security
, breach of customer PII?
A. Human resources
B. Public relations
C. Marketing
D. Internal network operations center
4. An analyst is working with a network engineer to A. Segment the network
resolve a vulnerability that was found in a piece of to constrain access to ad-
legacy hardware, which is critical to the operation of ministrative interfaces.
the organization's production line. The legacy hard-
ware does not have third-party support, and the OEM
manufacturer of the controller is no longer in opera-
tion. The analyst documents the activities and verifies
these actions prevent remote exploitation of the vul-
nerability.
Which of the following would be the MOST appropri-
ate to remediate the controller?
A. Segment the network to constrain access to admin-
istrative interfaces.
B. Replace the equipment that has third-party sup-
port.
C. Remove the legacy hardware from the network.
D. Install an IDS on the network between the switch
and the legacy equipment
5. A small electronics company decides to use a con- D. FPGA applications are
tractor to assist with the development of a new easily cloned, increasing
FPGA-based device. Several of the development phas- the possibility of intellec-
es will occur off-site at the contractor's labs. tual property theft.
, Which of the following is the main concern a security
analyst should have with this arrangement?
A. Making multiple trips between development sites
increases the chance of physical damage to the FP-
GAs.
B. Moving the FPGAs between development sites will
lessen the time that is available for security testing.
C. Development phases occurring at multiple sites
may produce change management issues.
D. FPGA applications are easily cloned, increasing the
possibility of intellectual property theft.
6. A security analyst is trying to determine if a host is A. ICMP is being blocked
active on a network. The analyst first attempts the by a firewall.
following:
$ ping 192.168.1.4
4 packets transmitted, 0 packets received, 100.0%
packet loss
The analyst runs the following command next:
$ sudo hping3 -c 4 -n -i 192.168.1.4
4 packets transmitted, 4 packets received, 0% loss
Which of the following would explain the difference in
results?
A. ICMP is being blocked by a firewall.
B. The routing tables for ping and hping3 were differ-
ent.
C. The original ping command needed root permis-
, sion to execute.
D. hping3 is returning a false positive.
7. A cybersecurity analyst is contributing to a team hunt C. Profile the threat actors
on an organization's endpoints. and activities.
Which of the following should the analyst do FIRST?
A. Write detection logic.
B. Establish a hypothesis.
C. Profile the threat actors and activities.
D. Perform a process analysis
8. A security analyst received a SIEM alert regarding high C. Denial of service
levels of memory consumption for a critical system.
After several attempts to remediate the issue, the sys-
tem went down. A root cause analysis revealed a bad
actor forced the application to not reclaim memory.
This caused the system to be depleted of resources.
Which of the following BEST describes this attack?
A. Injection attack
B. Memory corruption
C. Denial of service
D. Array attack
9. Which of the following software security best practices A. Parameterized queries
would prevent an attacker from being able to run C. Input validation
arbitrary SQL commands within a web application?
(Choose two.)
A. Parameterized queries
1. An analyst is performing penetration testing and vul- E. CAN bus
nerability assessment activities against a new vehicle
automation platform.
Which of the following is MOST likely an attack vector
that is being utilized as part of the testing and assess-
ment?
A. FaaS
B. RTOS
C. SoC
D. GPS
E. CAN bus
2. An information security analyst observes anomalous C. Use Wireshark to
behavior on the SCADA devices in a power plant. This capture packets between
behavior results in the industrial generators overheat- SCADA devices and the
ing and destabilizing the power supply. management system.
Which of the following would BEST identify potential
indicators of compromise?
A. Use Burp Suite to capture packets to the SCADA
device's IP.
B. Use tcpdump to capture packets from the SCADA
device IP.
C. Use Wireshark to capture packets between SCADA
devices and the management system.
D. Use Nmap to capture packets from the manage-
ment system to the SCADA devices.
3. Which of the following would MOST likely be included B. Public relations
in the incident response procedure after a security
, breach of customer PII?
A. Human resources
B. Public relations
C. Marketing
D. Internal network operations center
4. An analyst is working with a network engineer to A. Segment the network
resolve a vulnerability that was found in a piece of to constrain access to ad-
legacy hardware, which is critical to the operation of ministrative interfaces.
the organization's production line. The legacy hard-
ware does not have third-party support, and the OEM
manufacturer of the controller is no longer in opera-
tion. The analyst documents the activities and verifies
these actions prevent remote exploitation of the vul-
nerability.
Which of the following would be the MOST appropri-
ate to remediate the controller?
A. Segment the network to constrain access to admin-
istrative interfaces.
B. Replace the equipment that has third-party sup-
port.
C. Remove the legacy hardware from the network.
D. Install an IDS on the network between the switch
and the legacy equipment
5. A small electronics company decides to use a con- D. FPGA applications are
tractor to assist with the development of a new easily cloned, increasing
FPGA-based device. Several of the development phas- the possibility of intellec-
es will occur off-site at the contractor's labs. tual property theft.
, Which of the following is the main concern a security
analyst should have with this arrangement?
A. Making multiple trips between development sites
increases the chance of physical damage to the FP-
GAs.
B. Moving the FPGAs between development sites will
lessen the time that is available for security testing.
C. Development phases occurring at multiple sites
may produce change management issues.
D. FPGA applications are easily cloned, increasing the
possibility of intellectual property theft.
6. A security analyst is trying to determine if a host is A. ICMP is being blocked
active on a network. The analyst first attempts the by a firewall.
following:
$ ping 192.168.1.4
4 packets transmitted, 0 packets received, 100.0%
packet loss
The analyst runs the following command next:
$ sudo hping3 -c 4 -n -i 192.168.1.4
4 packets transmitted, 4 packets received, 0% loss
Which of the following would explain the difference in
results?
A. ICMP is being blocked by a firewall.
B. The routing tables for ping and hping3 were differ-
ent.
C. The original ping command needed root permis-
, sion to execute.
D. hping3 is returning a false positive.
7. A cybersecurity analyst is contributing to a team hunt C. Profile the threat actors
on an organization's endpoints. and activities.
Which of the following should the analyst do FIRST?
A. Write detection logic.
B. Establish a hypothesis.
C. Profile the threat actors and activities.
D. Perform a process analysis
8. A security analyst received a SIEM alert regarding high C. Denial of service
levels of memory consumption for a critical system.
After several attempts to remediate the issue, the sys-
tem went down. A root cause analysis revealed a bad
actor forced the application to not reclaim memory.
This caused the system to be depleted of resources.
Which of the following BEST describes this attack?
A. Injection attack
B. Memory corruption
C. Denial of service
D. Array attack
9. Which of the following software security best practices A. Parameterized queries
would prevent an attacker from being able to run C. Input validation
arbitrary SQL commands within a web application?
(Choose two.)
A. Parameterized queries
