support@Free-Braindumps.com
Register Login
Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  1. Home
  2. Exams
  3. CompTIA
  4. CS0-003

CompTIA CS0-003 Exam Actual Questions
CompTIA CySA+ (CS0-003) (Page 31 )

Updated On: 13-Jun-2026
Page 14 of 73
PDF with 571 Questions

A security analyst is performing vulnerability scans on the network. The analyst installs a scanner appliance, configures the subnets to scan, and begins the scan of the network. Which of the following would be missing from a scan performed with this configuration?

  1. Operating system version
  2. Registry key values
  3. Open ports
  4. IP address

Answer(s): B

Explanation:

Option B is correct because a scanner appliance performing network vulnerability scanning typically does not access host registry hive values; registry keys are part of host-specific OS data that may require authenticated access or agent-based collection, not inferred from network-facing scanning. Incorrect — A: OS version is often derived from banner data, fingerprinting, or payload responses in network scans. Incorrect — C: Open ports are fundamental findings of network scans. Incorrect — D: IP address is part of the scanned topology and baseline; scanners enumerate IPs within configured subnets.



A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server logs for evidence of exploitation of that particular vulnerability?

  1. /etc/shadow
  2. curl localhost
  3. ; printenv
  4. cat /proc/self/

Answer(s): A

Explanation:

Option A is correct because /etc/shadow contains hashed user passwords on many Unix-like systems; LFI exploitation aimed at credential extraction would often target filesystem paths to access password data. Incorrect — B) curl localhost would trigger a local HTTP request but does not indicate credential extraction via LFI in logs. C) ; printenv is a shell command fragment not a log pattern for credential files and is less indicative of LFI exploitation in web server logs. D) cat /proc/self/ attempts to read process information, not credentials, and is not a typical indicator of LFI credential exfiltration in logs.



A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?

  1. Non-credentialed scanning
  2. Passive scanning
  3. Agent-based scanning
  4. Credentialed scanning

Answer(s): B

Explanation:

The correct option is B.
A) Incorrect — Non-credentialed scanning may miss many vulnerabilities and still risks traffic generation, potentially impacting OT/ICS devices through active probes.
B) Correct — Passive scanning monitors network traffic without actively contacting devices, reducing the chance of disrupting OT/ICS operations.
C) Incorrect — Agent-based scanning requires deploying agents on devices, which can affect OT/ICS stability and introduce change control concerns.
D) Incorrect — Credentialed scanning uses active authentication to assess deeper findings, increasing load and potential disruption on OT/ICS environments.



A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?

  1. Leave the proxy as is.
  2. Decomission the proxy.
  3. Migrate the proxy to the cloud.
  4. Patch the proxy.

Answer(s): B

Explanation:

Option B is correct because decommissioning unused assets aligns with asset disposal and risk reduction practices when a device is out of production, unneeded, and presents a high-severity CVE risk (9.8). Leaving it in service (A) preserves risk and provides no remediation. Migrating to the cloud (C) is irrelevant for a physical, unused proxy and does not address patching or retirement. Patching (D) is inappropriate if the device is decommissioned and not in active use; patching a nonessential, offline asset wastes effort and may introduce unnecessary exposure during handling. INSUFFICIENT_KNOWLEDGE



An analyst is examining events in multiple systems but is having difficulty correlating data points. Which of the following is most likely the issue with the system?

  1. Access rights
  2. Network segmentation
  3. Time synchronization
  4. Invalid playbook

Answer(s): C

Explanation:

Option C is correct because time synchronization across systems ensures consistent timestamps for correlation and SIEM event analysis; desynchronization leads to scattered or misordered data, hindering correlation. Incorrect — A (Access rights) affects who can generate or access data but not the ability to correlate timestamps. Incorrect — B (Network segmentation) can isolate data sources, complicating collection, but does not directly cause timestamp misalignment. Incorrect — D (Invalid playbook) implies automation rules are incorrect, affecting responses or data processing rather than the fundamental time alignment for correlation.



An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

  1. SOAR
  2. SIEM
  3. SLA
  4. IoC

Answer(s): A

Explanation:

Option A is correct because SOAR (Security Orchestration, Automation, and Response) enables automated workflows to collect indicators (like source IP), trigger responses (firewall blocks), and enforce policies across the network, aligning with the analyst’s recommendation for automated remediation.
B) Incorrect — SIEM collects and analyzes logs for detection and alerting but does not inherently automate cross-network enforcement or directly push firewall blocks without integration/workflows.
C) Incorrect — SLA is a contractual agreement about service levels, not a security tooling capability to automate incident response or enforcement.
D) Incorrect — IoC (Indicator of Compromise) is data used for detection, not a mechanism to automate enforcement or policy deployment.



An end-of-life date was announced for a widely used OS. A business-critical function is performed by some machinery that is controlled by a PC, which is utilizing the OS that is approaching the end-of-life date. Which of the following best describes a security analyst's concern?

  1. Any discovered vulnerabilities will not be remediated.
  2. An outage of machinery would cost the organization money.
  3. Support will not be available for the critical machinery.
  4. There are no compensating controls in place for the OS.

Answer(s): A

Explanation:

Option A is correct because end-of-life software will no longer receive patches or vulnerability remediation, leaving systems exposed to newly discovered exploits. Incorrect — B misstates the primary risk; while outages are possible, the core concern is unpatched vulnerabilities. Incorrect — C is not guaranteed; some vendors may offer extended support, but the primary risk remains lack of security updates, not guaranteed support. Incorrect — D may be true in some cases, but the fundamental issue is the absence of ongoing vulnerability remediation, which is captured by A.



Which of the following describes the best reason for conducting a root cause analysis?

  1. The root cause analysis ensures that proper timelines were documented.
  2. The root cause analysis allows the incident to be properly documented for reporting.
  3. The root cause analysis develops recommendations to improve the process.
  4. The root cause analysis identifies the contributing items that facilitated the event.

Answer(s): D

Explanation:

Option D is correct because a root cause analysis identifies the contributing items and underlying factors that facilitated the incident, enabling targeted remediation and prevention of recurrence. Incorrect — A: timelines documentation is a project management/forensics artifact, not the primary value of RCA. Incorrect — B: reporting is important but RCA’s primary purpose is uncovering causes, not just documentation for reports. Incorrect — C: recommendations to improve processes are typically a downstream outcome of RCA, but the core purpose is identifying contributing factors, not inherently developing recommendations. Incorrect — A and B misattribute the primary goal of RCA to documentation rather than causation analysis.



  PDF
Viewing page 31 of 73
Viewing questions 241 - 248 out of 571 questions


CS0-003 Exam Discussions & Posts (Share your experience with others)

AI Tutor AI Tutor 👋 I’m here to help!