- Home
- Curam Software
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- CuramSoftware.CS0-003.v2025-11-15.q188
- Question 90
Valid CS0-003 Dumps shared by EduDump.com for Helping Passing CS0-003 Exam! EduDump.com now offer the newest CS0-003 exam dumps, the EduDump.com CS0-003 exam questions have been updated and answers have been corrected get the newest EduDump.com CS0-003 dumps with Test Engine here:
Access CS0-003 Dumps Premium Version
(488 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 90/188
A vulnerability scan shows the following vulnerabilities in the environment:
At the same time, the following security advisory was released:
"A zero-day vulnerability with a CVSS score of 10 may be affecting your web server. The vendor is working on a patch or workaround." Which of the following actions should the security analyst take first?
At the same time, the following security advisory was released:
"A zero-day vulnerability with a CVSS score of 10 may be affecting your web server. The vendor is working on a patch or workaround." Which of the following actions should the security analyst take first?
Correct Answer: A
In this scenario, the security analyst is presented with multiple vulnerabilities, including a critical zero-day vulnerability affecting the web server with a CVSS score of 10. The CVSS (Common Vulnerability Scoring System) provides a standardized method for rating IT vulnerabilities, with a score of 10 indicating the highest severity.
Option A: Contact the web systems administrator and request that they shut down the asset.
Correct Choice: Given the critical nature of a zero-day vulnerability with a CVSS score of 10, immediate action is warranted to prevent potential exploitation. Shutting down the affected web server reduces the attack surface and mitigates the risk until a patch or workaround is available. This aligns with incident response best practices, where containment is a priority to prevent further damage.
Option B: Monitor the patch releases for all items and escalate patching to the appropriate team.
Incorrect Choice: While monitoring for patches is essential, it is a reactive approach. In the case of a zero-day vulnerability with active exploitation potential, waiting for a patch without implementing immediate protective measures exposes the organization to significant risk.
Option C: Run the vulnerability scan again to verify the presence of the critical finding and the zero-day vulnerability in the environment.
Incorrect Choice: Re-scanning may confirm the vulnerability's presence but does not address the immediate threat. Action to mitigate the risk should take precedence over verification, especially when the vulnerability is known and critical.
Option D: Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.
Incorrect Choice: Communicating with the web security team is important; however, in the face of a critical zero-day vulnerability, immediate action (such as shutting down the affected asset) is necessary before addressing other vulnerabilities.
Reference:
CompTIA CySA+ CS0-003 Exam Objective 3.2: "Given a scenario, perform incident response activities." This includes containment strategies to address active threats effectively.
Option A: Contact the web systems administrator and request that they shut down the asset.
Correct Choice: Given the critical nature of a zero-day vulnerability with a CVSS score of 10, immediate action is warranted to prevent potential exploitation. Shutting down the affected web server reduces the attack surface and mitigates the risk until a patch or workaround is available. This aligns with incident response best practices, where containment is a priority to prevent further damage.
Option B: Monitor the patch releases for all items and escalate patching to the appropriate team.
Incorrect Choice: While monitoring for patches is essential, it is a reactive approach. In the case of a zero-day vulnerability with active exploitation potential, waiting for a patch without implementing immediate protective measures exposes the organization to significant risk.
Option C: Run the vulnerability scan again to verify the presence of the critical finding and the zero-day vulnerability in the environment.
Incorrect Choice: Re-scanning may confirm the vulnerability's presence but does not address the immediate threat. Action to mitigate the risk should take precedence over verification, especially when the vulnerability is known and critical.
Option D: Forward the advisory to the web security team and initiate the prioritization strategy for the other vulnerabilities.
Incorrect Choice: Communicating with the web security team is important; however, in the face of a critical zero-day vulnerability, immediate action (such as shutting down the affected asset) is necessary before addressing other vulnerabilities.
Reference:
CompTIA CySA+ CS0-003 Exam Objective 3.2: "Given a scenario, perform incident response activities." This includes containment strategies to address active threats effectively.
- Question List (188q)
- Question 1: A disgruntled open-source developer has decided to sabotage ...
- Question 2: A cybersecurity analyst is tasked with scanning a web applic...
- Question 3: Numerous emails were sent to a company's customer distributi...
- Question 4: Several reports with sensitive information are being disclos...
- Question 5: Which of the following would eliminate the need for differen...
- Question 6: A company is implementing a vulnerability management program...
- Question 7: A security analyst identifies a device on which different ma...
- Question 8: An MSSP received several alerts from customer 1, which cause...
- Question 9: The Chief Information Security Officer for an organization r...
- Question 10: An IT professional is reviewing the output from the top comm...
- Question 11: A security program was able to achieve a 30% improvement in ...
- Question 12: Which of the following best describes the importance of KPIs...
- Question 13: Which of the following is a useful tool for mapping, trackin...
- Question 14: An analyst is imaging a hard drive that was obtained from th...
- Question 15: A security analyst identified the following suspicious entry...
- Question 16: A small company does no! have enough staff to effectively se...
- Question 17: A SOC team lead occasionally collects some DNS information f...
- Question 18: A company brings in a consultant to make improvements to its...
- Question 19: Which Of the following techniques would be best to provide t...
- Question 20: An organization was compromised, and the usernames and passw...
- Question 21: Several critical bugs were identified during a vulnerability...
- Question 22: Which of the following is the best use of automation in cybe...
- Question 23: A security analyst wants to implement new monitoring control...
- Question 24: An organization recently changed its BC and DR plans. Which ...
- Question 25: An incident responder was able to recover a binary file thro...
- Question 26: A company is in the process of implementing a vulnerability ...
- Question 27: Which of the following best explains the importance of utili...
- Question 28: A company receives a penetration test report summary from a ...
- Question 29: A security analyst received a malicious binary file to analy...
- Question 30: While reviewing web server logs, an analyst notices several ...
- Question 31: A security analyst needs to ensure that systems across the o...
- Question 32: A SOC analyst identifies the following content while examini...
- Question 33: An analyst investigated a website and produced the following...
- Question 34: Which of the following is the best way to begin preparation ...
- Question 35: Which of the following will most likely cause severe issues ...
- Question 36: An XSS vulnerability was reported on one of the public websi...
- Question 37: An analyst is designing a message system for a bank. The ana...
- Question 38: During an internal code review, software called "ACE" was di...
- Question 39: An organization is planning to adopt a zero-trust architectu...
- Question 40: An organization has activated the CSIRT. A security analyst ...
- Question 41: Which of the following best describes the goal of a disaster...
- Question 42: A zero-day command injection vulnerability was published. A ...
- Question 43: During an incident involving phishing, a security analyst ne...
- Question 44: An analyst is reviewing a dashboard from the company's SIEM ...
- Question 45: During an incident, a security analyst discovers a large amo...
- Question 46: A company has the following security requirements: . No publ...
- Question 47: Which of the following does "federation" most likely refer t...
- Question 48: An organization has a critical financial application hosted ...
- Question 49: The Chief Information Security Officer wants the same level ...
- Question 50: A network security analyst for a large company noticed unusu...
- Question 51: A cybersecurity analyst notices unusual network scanning act...
- Question 52: A security analyst receives an alert for suspicious activity...
- Question 53: Which of the following would help to minimize human engageme...
- Question 54: A security manager is looking at a third-party vulnerability...
- Question 55: An analyst wants to ensure that users only leverage web-base...
- Question 56: A company has a primary control in place to restrict access ...
- Question 57: A security analyst is reviewing a recent vulnerability scan ...
- Question 58: A security analyst detects an email server that had been com...
- Question 59: A high volume of failed RDP authentication attempts was logg...
- Question 60: After identifying a threat, a company has decided to impleme...
- Question 61: A payroll department employee was the target of a phishing a...
- Question 62: Which of the following techniques can help a SOC team to red...
- Question 63: An incident response analyst is investigating the root cause...
- Question 64: Which of the following best describes the process of requiri...
- Question 65: SIMULATION A healthcare organization must develop an action ...
- Question 66: A security analyst needs to develop a solution to protect a ...
- Question 67: The security analyst received the monthly vulnerability repo...
- Question 68: SIMULATION Approximately 100 employees at your company have ...
- Question 69: The Chief Information Security Officer is directing a new pr...
- Question 70: A security analyst needs to identify a computer based on the...
- Question 71: A report contains IoC and TTP information for a zero-day exp...
- Question 72: Which of the following is the best way to provide realistic ...
- Question 73: A cybersecurity analyst is recording the following details *...
- Question 74: Which of the following threat-modeling procedures is in the ...
- Question 75: A security analyst obtained the following table of results f...
- Question 76: Following an attack, an analyst needs to provide a summary o...
- Question 77: Which of the following is the best framework for assessing h...
- Question 78: A user downloads software that contains malware onto a compu...
- Question 79: During a security test, a security analyst found a critical ...
- Question 80: A security analyst must preserve a system hard drive that wa...
- Question 81: Which of the following tools would work best to prevent the ...
- Question 82: A company is deploying new vulnerability scanning software t...
- Question 83: A security analyst noticed the following entry on a web serv...
- Question 84: An analyst is investigating a phishing incident and has retr...
- Question 85: While reviewing web server logs, a security analyst discover...
- Question 86: An organization utilizes multiple vendors, each with its own...
- Question 87: A vulnerability analyst received a list of system vulnerabil...
- Question 88: Which of the following is the appropriate phase in the incid...
- Question 89: While reviewing the web server logs, a security analyst noti...
- Question 90: A vulnerability scan shows the following vulnerabilities in ...
- Question 91: Which of the following is the most appropriate action a secu...
- Question 92: Which of the following responsibilities does the legal team ...
- Question 93: An organization is conducting a pilot deployment of an e-com...
- Question 94: Several vulnerability scan reports have indicated runtime er...
- Question 95: An employee downloads a freeware program to change the deskt...
- Question 96: An analyst needs to provide recommendations based on a recen...
- Question 97: Which of the following is a reason why proper handling and r...
- Question 98: Which of the following phases of the Cyber Kill Chain involv...
- Question 99: After updating the email client to the latest patch, only ab...
- Question 100: A company recently experienced a security incident. The secu...
- Question 101: Which of the following concepts is using an API to insert bu...
- Question 102: A security analyst at a company called ACME Commercial notic...
- Question 103: Which of the following ensures that a team receives simulate...
- Question 104: An organization has established a formal change management p...
- Question 105: A SOC analyst recommends adding a layer of defense for all e...
- Question 106: A vulnerability management team found four major vulnerabili...
- Question 107: An organization needs to bring in data collection and aggreg...
- Question 108: A penetration tester submitted data to a form in a web appli...
- Question 109: Which of the following best describes the document that defi...
- Question 110: The security team at a company, which was a recent target of...
- Question 111: A cybersecurity analyst is doing triage in a SIEM and notice...
- Question 112: A security analyst needs to ensure that systems across the o...
- Question 113: An analyst has been asked to validate the potential risk of ...
- Question 114: Given the following CVSS string- CVSS:3.0/AV:N/AC:L/PR:N/UI:...
- Question 115: A company's security team is updating a section of the repor...
- Question 116: Which of the following most accurately describes the Cyber K...
- Question 117: A security analyst runs the following command: # nmap -T4 -F...
- Question 118: Joe, a leading sales person at an organization, has announce...
- Question 119: A security analyst discovers an ongoing ransomware attack wh...
- Question 120: An older CVE with a vulnerability score of 7.1 was elevated ...
- Question 121: An analyst recommends that an EDR agent collect the source I...
- Question 122: An analyst is evaluating a vulnerability management dashboar...
- Question 123: Which of the following is the first step that should be perf...
- Question 124: A company classifies security groups by risk level. Any grou...
- Question 125: An incident response team found IoCs in a critical server. T...
- Question 126: An analyst has received an IPS event notification from the S...
- Question 127: A security analyst is trying to identify anomalies on the ne...
- Question 128: Which of the following best describes the reporting metric t...
- Question 129: A cybersecurity analyst has recovered a recently compromised...
- Question 130: A web application has a function to retrieve content from an...
- Question 131: A software developer has been deploying web applications wit...
- Question 132: A security analyst scans a host and generates the following ...
- Question 133: An incident response analyst notices multiple emails travers...
- Question 134: Which of the following explains the importance of a timeline...
- Question 135: An organization has implemented code into a production envir...
- Question 136: Which of the following would likely be used to update a dash...
- Question 137: After completing a review of network activity. the threat hu...
- Question 138: The management team requests monthly KPI reports on the comp...
- Question 139: A systems administrator is reviewing after-hours traffic flo...
- Question 140: An analyst notices there is an internal device sending HTTPS...
- Question 141: Which of the following would an organization use to develop ...
- Question 142: A vulnerability management team is unable to patch all vulne...
- Question 143: A systems analyst is limiting user access to system configur...
- Question 144: An organization would like to ensure its cloud infrastructur...
- Question 145: During normal security monitoring activities, the following ...
- Question 146: An analyst is reviewing a vulnerability report and must make...
- Question 147: A security analyst recently joined the team and is trying to...
- Question 148: Which of the following is described as a method of enforcing...
- Question 149: A company's user accounts have been compromised. Users are a...
- Question 150: A Chief Information Security Officer has requested a dashboa...
- Question 151: Which of the following describes the best reason for conduct...
- Question 152: A security analyst must assist the IT department with creati...
- Question 153: Which of the following is the best metric for an organizatio...
- Question 154: An organization has tracked several incidents that are liste...
- Question 155: While configuring a SIEM for an organization, a security ana...
- Question 156: A Chief Information Security Officer wants to lock down the ...
- Question 157: Which of the following is often used to keep the number of a...
- Question 158: Due to an incident involving company devices, an incident re...
- Question 159: Using open-source intelligence gathered from technical forum...
- Question 160: During an extended holiday break, a company suffered a secur...
- Question 161: A company has decided to expose several systems to the inter...
- Question 162: Which of the following would help an analyst to quickly find...
- Question 163: A cloud team received an alert that unauthorized resources w...
- Question 164: A Chief Information Security Officer has outlined several re...
- Question 165: The Chief Executive Officer of an organization recently hear...
- Question 166: Which of the following best describes the importance of impl...
- Question 167: A new SOC manager reviewed findings regarding the strengths ...
- Question 168: A security analyst has received an incident case regarding m...
- Question 169: A cybersecurity analyst is participating with the DLP projec...
- Question 170: A security analyst detected the following suspicious activit...
- Question 171: A security analyst needs to identify a computer based on the...
- Question 172: An analyst is conducting routine vulnerability assessments o...
- Question 173: During an incident, analysts need to rapidly investigate by ...
- Question 174: A security analyst is trying to detect connections to a susp...
- Question 175: Which of the following is the most likely reason for an orga...
- Question 176: A systems administrator notices unfamiliar directory names o...
- Question 177: Which of the following documents sets requirements and metri...
- Question 178: K company has recently experienced a security breach via a p...
- Question 179: A systems administrator is reviewing after-hours traffic flo...
- Question 180: An auditor is reviewing an evidence log associated with a cy...
- Question 181: A new cybersecurity analyst is tasked with creating an execu...
- Question 182: Each time a vulnerability assessment team shares the regular...
- Question 183: An analyst is trying to capture anomalous traffic from a com...
- Question 184: AXSS vulnerability was reported on one of the non-sensitive/...
- Question 185: A security analyst is improving an organization's vulnerabil...
- Question 186: A security analyst is working on a server patch management p...
- Question 187: A security team needs to demonstrate how prepared the team i...
- Question 188: The SOC received a threat intelligence notification indicati...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-003.v2025-11-15.q188.pdf