Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CS0-003

CompTIA CS0-003 Exam Questions
CompTIA CySA+ (CS0-003) (Page 19 )

Updated On: 24-Feb-2026
Page 19 of 96
PDF with 533 Questions

A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server.
Which of the following best describes the activity that is taking place?

  1. Data exfiltration
  2. Rogue device
  3. Scanning
  4. Beaconing

Answer(s): D



An incident response team is working with law enforcement to investigate an active web server compromise. The decision has been made to keep the server running and to implement compensating controls for a period of time. The web service must be accessible from the internet via the reverse proxy and must connect to a database server.
Which of the following compensating controls will help contain the adversary while meeting the other requirements? (Choose two).

  1. Drop the tables on the database server to prevent data exfiltration.
  2. Deploy EDR on the web server and the database server to reduce the adversary’s capabilities.
  3. Stop the httpd service on the web server so that the adversary cannot use web exploits.
  4. Use microsegmentation to restrict connectivity to/from the web and database servers.
  5. Comment out the HTTP account in the /etc/passwd file of the web server.
  6. Move the database from the database server to the web server.

Answer(s): B,D



An incident response team member is triaging a Linux server. The output is shown below:


Which of the following is the adversary most likely trying to do?

  1. Create a backdoor root account named zsh.
  2. Execute commands through an unsecured service account.
  3. Send a beacon to a command-and-control server.
  4. Perform a denial-of-service attack on the web server.

Answer(s): B



A SOC analyst identifies the following content while examining the output of a debugger command over a client-server application:
getConnection(database01,"alpha" ,"AxTv.127GdCx94GTd");
Which of the following is the most likely vulnerability in this system?

  1. Lack of input validation
  2. SQL injection
  3. Hard-coded credential
  4. Buffer overflow

Answer(s): C



A technician is analyzing output from a popular network mapping tool for a PCI audit:


Which of the following best describes the output?

  1. The host is not up or responding.
  2. The host is running excessive cipher suites.
  3. The host is allowing insecure cipher suites.
  4. The Secure Shell port on this host is closed.

Answer(s): C






Post your Comments and Discuss CompTIA CS0-003 exam dumps with other Community members:

Join the CS0-003 Discussion