00:15:00

Free CompTIA CySA+ CS0-003 Practice Test

Prepare for the CompTIA CySA+ CS0-003 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 15 minutes (60 seconds per question)
  • Included Objectives:
    Security Operations
    Vulnerability Management
    Incident Response and Management
    Reporting and Communication
Change
Question 1 of 15

During a routine audit, a security analyst notices a consistent and unexpected increase in resource usage on a typically low activity file server. This elevation does not align with any authorized system updates or user operations. What is the MOST probable explanation for this observation?

  • The server’s cooling system is malfunctioning, resulting in performance inconsistencies.

  • A recent application misconfiguration is causing known processes to utilize more resources than usual.

  • Routine software updates are pending, causing a temporary rise in system resource demand.

  • The system may be compromised by unauthorized software performing resource-intensive operations.

Question 2 of 15

When performing a vulnerability scan on an environment that contains sensitive operational technology, such as an industrial control system, what type of scanning is recommended to minimize potential disruptions?

  • Full port scanning

  • Active scanning

  • Compliance scanning

  • Passive scanning

Question 3 of 15

Which technique is used to divide a network into smaller, isolated sections for enhanced security?

  • Fingerprinting

  • Credentialed Scanning

  • Segmentation

  • Map Scanning

Question 4 of 15

During a routine vulnerability assessment, it is discovered that a financial application critical to year-end reporting contains a vulnerability that, if exploited, could compromise sensitive financial data. The patch for this vulnerability would necessitate multiple service interruptions over a week. With year-end financial processes pending, which recommendation should the cybersecurity analyst prioritize in the action plan to ensure the least disruption while maintaining security?

  • Implement compensating controls and defer patching until after the year-end processing, minimizing disruption to business operations.

  • Leave the system unpatched and accept the risk because year-end reporting is considered a higher priority.

  • Proceed with repatching during the year-end processing period due to the critical nature of the vulnerability.

  • Increase logging and monitoring around the financial application but do not apply the patch or any compensating controls until an assessment post year-end is conducted.

Question 5 of 15

Which type of tool is commonly used to capture and analyze network traffic for detecting security incidents?

  • Password cracker

  • Firewalls

  • Vulnerability scanner

  • Packet analyzer

Question 6 of 15

A cybersecurity team tracks the mean time to detect (MTTD) as one of their key performance indicators (KPIs). What does a decrease in the MTTD over time indicate about the team's performance?

  • The team's overall mean time to remediate incidents has increased.

  • The team is responding to security incidents faster.

  • The team is identifying security incidents more quickly.

  • The team is experiencing fewer security alerts.

Question 7 of 15

During an incident response operation, a compromised server needs to be restored to a trusted state. Describe the proper action to re-image the server effectively.

  • Run a comprehensive antivirus program to clean the malware and then update security patches.

  • Perform a system restore from the compromised server's own backup files.

  • Install the latest operating system patches and restore system settings from a recent backup.

  • Erase the current system and install a pre-configured, verified clean image

Question 8 of 15

A security analyst notices repeated communication attempts to an external IP address from several internal hosts at regular intervals. This behavior is most likely indicative of which type of malicious activity?

  • Privilege escalation

  • Data exfiltration

  • Beaconing

  • Malicious processes

Question 9 of 15

What could signal a potential security threat within an organization's network when monitoring user account activity?

  • The sudden creation of multiple new user accounts outside normal business hours

  • The routine creation of new user accounts following HR onboarding procedures

  • The updating of existing user account passwords in accordance with company policy

  • The removal of user accounts for employees who have left the company

Question 10 of 15

Which type of control is responsible for actions taken to mitigate the impact of a security incident after it has been detected?

  • Preventative

  • Detective

  • Corrective

  • Responsive

Question 11 of 15

Which of the following best describes a proprietary system as an inhibitor to remediation?

  • A system that is outdated but still used within the organization

  • A system with open-source code accessible to the public

  • A system whose internal design is controlled by a single organization and not publicly disclosed

  • A system designed specifically for public sector use

Question 12 of 15

When referring to vulnerability management metrics, what does the 'Top 10' indicator typically represent?

  • The 10 most recent security patches released by software vendors

  • A list of the 10 most recently hired cybersecurity employees in an organization

  • The most critical vulnerabilities identified in an environment that should be addressed as a priority

  • The 10 longest unresolved vulnerabilities within a system

Question 13 of 15

When performing log analysis after detecting a potential security incident, what is the primary purpose of correlating time stamps across diverse systems and devices?

  • To determine when to re-image affected systems

  • To construct an accurate timeline of events

  • To enforce legal hold across the enterprise

  • To streamline the process of recovery and remediation

Question 14 of 15

A recent vulnerability scan has identified a critical vulnerability in your company's web application that must be mitigated. The organization's policy prioritizes quick fixes to reduce immediate risk. Which of the following actions most effectively aligns with this policy?

  • Implement a temporary web application firewall (WAF) rule to block malicious traffic.

  • Contact the vendor for a permanent solution.

  • Disable the affected feature of the web application.

  • Update the application to the latest version.

Question 15 of 15

A company has identified a critical vulnerability in its financial reporting system, which relies on a decade-old proprietary software. Patching the system would likely result in downtime and potential business process interruptions. Which inhibitor to remediation is most relevant in this scenario?

  • Service-level agreement (SLA)

  • Memorandum of understanding (MOU)

  • Business process interruption

  • Organizational governance