Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

New Release CS0-003 CompTIA CySA+ Questions

Page: 13 / 27
Total 367 questions

CompTIA CyberSecurity Analyst CySA+ Certification Exam Questions and Answers

Question 49

A vulnerability management team is unable to patch all vulnerabilities found during their weekly scans. Using the third-party scoring system described below, the team patches the most urgent vulnerabilities:

Additionally, the vulnerability management team feels that the metrics Smear and Channing are less important than the others, so these will be lower in priority. Which of the following vulnerabilities should be patched first, given the above third-party scoring system?

Options:

A.

InLoud:

Cobain: Yes

Grohl: No

Novo: Yes

Smear: Yes

Channing: No

B.

TSpirit:

Cobain: Yes

Grohl: Yes

Novo: Yes

Smear: No

Channing: No

C.

ENameless:

Cobain: Yes

Grohl: No

Novo: Yes

Smear: No

Channing: No

D.

PBleach:

Cobain: Yes

Grohl: No

Novo: No

Smear: No

Channing: Yes

Question 50

A new SOC manager reviewed findings regarding the strengths and weaknesses of the last tabletop exercise in order to make improvements. Which of the following should the SOC manager utilize to improve the process?

Options:

A.

The most recent audit report

B.

The incident response playbook

C.

The incident response plan

D.

The lessons-learned register

Question 51

A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time. Which of the following inhibitors to remediation does this scenario illustrate?

Options:

A.

Service-level agreement

B.

Business process interruption

C.

Degrading functionality

D.

Proprietary system

Question 52

A security analyst discovers an LFI vulnerability that can be exploited to extract credentials from the underlying host. Which of the following patterns can the security analyst use to search the web server

logs for evidence of exploitation of that particular vulnerability?

Options:

A.

/etc/ shadow

B.

curl localhost

C.

; printenv

D.

cat /proc/self/

Page: 13 / 27
Total 367 questions