Online Access Free CS0-003 Practice Test

The threat intelligence team is using the MITRE ATT & CK framework to map threat actors' TTPs to the team's internal reference library. Which of the following best describes the reason visualization and stage alignment are helpful for the incident response team?

• A.Aligning an action to a specific stage in an incident allows the incident response team to better define intent and anticipate the next action.
• B.A visual mapping helps the incident response team identify the stage and relevant TTPs faster than a white paper for each threat actor.
• C.Knowing the attack stage helps the incident response team determine how to structure custom SIEM alerts to detect security events of interest.
• D.Having a common framework provides structure for relaying the known indicators of concern to the security monitoring team.

An analyst reviews the following web server log entries:
%2E%2E/%2E%2E/%2ES2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd
No attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?

• A.A PHP injection was leveraged to ensure that the sensitive file could be accessed.
• B.Directory traversal was performed to obtain a sensitive file for further reconnaissance.
• C.A SQL injection query took place to gather information from a sensitive file.
• D.Base64 was used to prevent the IPS from detecting the fully encoded string.

An analyst investigated a website and produced the following:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-21 10:21 CDT
Nmap scan report for insecure.org (45.33.49.119)
Host is up (0.054s latency).
rDNS record for 45.33.49.119: ack.nmap.org
Not shown: 95 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
25/tcp closed smtp
80/tcp open http Apache httpd 2.4.6
113/tcp closed ident
443/tcp open ssl/http Apache httpd 2.4.6
Service Info: Host: issues.nmap.org
Service detection performed. Please report any incorrect results at https://nmap .org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.52 seconds
Which of the following syntaxes did the analyst use to discover the application versions on this vulnerable website?

• A.nmap-sV -T4 -F insecure.org
• B.nmap-0 insecure.org
• C.nmap-A insecure.org
• D.nmap-sS -T4 -F insecure.org

A security analyst identifies a device on which different malware was detected multiple times, even after the systems were scanned and cleaned several times. Which of the following actions would be most effective to ensure the device does not have residual malware?

• A.Upgrade the device to the latest OS version.
• B.Download a secondary scanner and rescan the device.
• C.Update the device and scan offline in safe mode.
• D.Replace the hard drive and reimage the device.

After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder. Which of the following is most likely the goal of the forensic analysis in this case?

• A.Notify law enforcement of the incident.
• B.Determine root cause information.
• C.Provide a full picture of the existing risks.
• D.Further contain the incident.