CompTIA CS0-003 - CompTIA CySA+ (CS0-003) Exam

Question #1 (Topic: Exam A)
A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?
A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H
Answer: A
Question #2 (Topic: Exam A)
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
A. PAM B. IDS C. PKI D. DLP
Answer: D
Question #3 (Topic: Exam A)
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?
A. Set an HttpOnly flag to force communication by HTTPS B. Block requests without an X-Frame-Options header C. Configure an Access-Control-Allow-Origin header to authorized domains D. Disable the cross-origin resource sharing header
Answer: C
Question #4 (Topic: Exam A)
Which of the following items should be included in a vulnerability scan report? (Choose two.)
A. Lessons learned B. Service-level agreement C. Playbook D. Affected hosts E. Risk score F. Education plan
Answer: DE
Question #5 (Topic: Exam A)
The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?
A. A mean time to remediate of 30 days B. A mean time to detect of 45 days C. A mean time to respond of 15 days D. Third-party application testing
Answer: A
Download Exam
Page: 1 / 95
Total 473 questions