An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:created the initial evidence log.disabled the wireless adapter on the device.interviewed the employee, who was unable to identify the website that was accessed.reviewed the web proxy traffic logs.Which of the following should the analyst do to remediate the infected device?
Answer(s): A
Option A is correct because remediation after a malware infection typically requires complete system replacement or reimaging with verified, clean images and updated firmware to ensure all traces of malware are removed and vulnerabilities addressed. A) correct — Reimage and firmware update ensure a trusted baseline and eradication of persistent threats, aligning with containment-to-remediation in incident response. B) Incorrect — Installing an additional malware scanner may help detection but does not guarantee eradication or prevent persistence; alerts do not substitute full remediation. C) Incorrect — Configuring a proxy for Internet access does not remove existing malware or address persistence, and may hinder performance. D) Incorrect — Deleting the user profile and restoring from backup may fail if backups are infected or malware persists in other system components.
A cloud team received an alert that unauthorized resources were being auto-provisioned. After investigating, the team suspects that cryptomining is occurring. Which of the following indicators would most likely lead the team to this conclusion?
Option A is correct because cryptomining typically drives sustained high GPU utilization as miners leverage GPU resources for hash calculations. Incorrect — B: Bandwidth consumption can occur from many other apps and doesn’t specifically indicate cryptomining. Incorrect — C: Unauthorized changes indicate compromise but not specifically mining activity. Incorrect — D: Unusual traffic spikes may occur from various processes and do not pinpoint cryptomining.
A company's security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?
Answer(s): C
Option C is correct because escalating to the Legal department aligns with policy enforcement and regulatory/contractual obligations regarding inappropriate use of resources, data governance, and potential legal risk. It ensures proper documentation, risk assessment, and coordination with compliance requirements before disciplinary actions or external notifications.A) Incorrect — Help desk handles operational support, not policy escalation or legal risk management.B) Incorrect — Law enforcement is only appropriate for criminal activity with evidence, not initial internal escalation for policy compliance.D) Incorrect — Board member involvement is not appropriate for day-to-day policy enforcement or incident handling.
Given the following CVSS string:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWhich of the following attributes correctly describes this vulnerability?
Answer(s): B
Option B is correct because CVSS:3.0 shows AV:N (Attack Vector: Network), indicating exploitation over a network.A) Incorrect — UI:N indicates no user interaction is required; option A would be true if UI:required.C) Incorrect — C:H (Confidentiality impact: High) indicates a complete compromise of confidentiality, not “does not affect.”D) Incorrect — AC:L (Attack Complexity: Low) means it is easy to exploit, not high; option D misstates the complexity.Note: The provided correct answer letter in your prompt is B, consistent with CVSS AV:N.
A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system. The analyst will use the following CVSSv3.1 impact metrics for prioritization:Which of the following vulnerabilities should be prioritized for remediation?
Answer(s): D
Option D is correct because CVSSv3.1 impact metrics prioritize vulnerabilities with the highest impact on data integrity, especially for a system where data accuracy is critical. If the metric value is 4, this reflects a High impact to integrity, warranting remediation before lower-impact scores.A) Incorrect — A score of 1 indicates Low impact to integrity, not aligning with high-priority remediation for data accuracy.B) Incorrect — A score of 2 indicates Medium impact, which is less urgent than High impact for data integrity concerns.C) Incorrect — A score of 3 indicates High impact but if the provided correct answer is D with a higher or more precise interpretation, 3 does not match the stated priority.
Patches for two highly exploited vulnerabilities were released on the same Friday afternoon. Information about the systems and vulnerabilities is shown in the tables below:Which of the following should the security analyst prioritize for remediation?
Option B is correct because prioritization should target the most at-risk asset with active exploitation and critical impact, aligning with risk-based vulnerability management. The table indicates Brady has exposure to a highly exploited vulnerability and is within a critical asset tier, warranting immediate remediation.A) Incorrect — Rogers does not show active exploitation or critical exposure comparable to Brady, so it should not be prioritized over the higher-risk asset.C) Incorrect — Brees may have exposure, but not at the highest exploitation level or critical asset impact described for Brady.D) Incorrect — Manning lacks the strongest indicators of active exploitation and critical priority compared with Brady.
A security analyst must preserve a system hard drive that was involved in a litigation request. Which of the following is the best method to ensure the data on the device is not modified?
Option A is correct because generating a hash value and creating a backup image preserves evidence by ensuring data integrity and an immutable baseline for later litigation review. B is incorrect because encryption protects confidentiality, not preventing modification to the original evidence. C is incorrect since a password does not guarantee integrity or prevent tampering. D is incorrect because a memory dump analyzes volatile data and does not preserve the hard drive image or ensure immutability of the storage evidence.
Which of the following best describes the goal of a tabletop exercise?
Option A is correct because tabletop exercises simulate incident scenarios in a discussion-based format to validate response procedures, roles, and decision-making without live execution. Incorrect — B describes live-fire exercises or red-teaming, not tabletop planning. Incorrect — C implies threat actor emulation, which is not the tabletop's purpose. Incorrect — D focuses on business continuity testing, which may use drills but tabletop primarily assesses incident response coordination, not BCP effectiveness alone.
Share your comments for CompTIA CS0-003 exam with other users:
could you post the link
hello send me dumps
it is very nice
i gave the amazon dva-c02 tests today and passed. very helpful.
there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
i need it, plz make it available
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
this is simple but tiugh as well
questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
its very useful
i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
real questions
very helpful assessments
hi there, i would like to get dumps for this exam
i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
please upload 1z0-1072-23 exam dups
i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
i am looking for oracle 1z0-116 exam
where we can get the answer to the questions
nice questions
question 129 is completely wrong.
i need dump
love the site.
can you please upload it back?
could you please re-upload this exam? thanks a lot!
great about shared quiz
goood helping
pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
wish you would allow more free questions
great simulation
very g inood
q35 should be a
sap c_ts450_2021