CS0-003 Exam - Free CompTIA Questions and Answers

Question #1 (Topic: Exam A)

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?

A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L B. CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L C. CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H D. CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H

Answer: A

Question #2 (Topic: Exam A)

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

A. PAM B. IDS C. PKI D. DLP

Answer: D

Question #3 (Topic: Exam A)

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

A. Set an HttpOnly flag to force communication by HTTPS B. Block requests without an X-Frame-Options header C. Configure an Access-Control-Allow-Origin header to authorized domains D. Disable the cross-origin resource sharing header

Answer: C

Question #4 (Topic: Exam A)

Which of the following items should be included in a vulnerability scan report? (Choose two.)

A. Lessons learned B. Service-level agreement C. Playbook D. Affected hosts E. Risk score F. Education plan

Answer: DE

Question #5 (Topic: Exam A)

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

A. A mean time to remediate of 30 days B. A mean time to detect of 45 days C. A mean time to respond of 15 days D. Third-party application testing

Answer: A

CompTIA CS0-003 - CompTIA CySA+ (CS0-003) Exam