CS0-003 試験問題を無料オンラインアクセス

A cryptocurrency service company is primarily concerned with ensuring the accuracy of the data on one of its systems. A security analyst has been tasked with prioritizing vulnerabilities for remediation for the system.
The analyst will use the following CVSSv3.1 impact metrics for prioritization:

Which of the following vulnerabilities should be prioritized for remediation?

• A.2
• B.4
• C.1
• D.3

After reviewing the final report for a penetration test, a cybersecurity analyst prioritizes the remediation for input validation vulnerabilities. Which of the following attacks is the analyst seeking to prevent?

• A.Pharming
• B.Phishing
• C.DNS poisoning
• D.Cross-site scripting

A security analyst is reviewing the logs of a web server and notices that an attacker has attempted to exploit a SQL injection vulnerability. Which of the following tools can the analyst use to analyze the attack and prevent future attacks?

• A.A network intrusion detection system
• B.A web proxy
• C.A web application firewall
• D.A vulnerability scanner

A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst. Which of the following is the best way to relay the process information to the junior analyst?

• A.Let the junior analyst research and develop a process.
• B.Ask another team member to demonstrate their process.
• C.Write a step-by-step document on the team wiki outlining the process.
• D.Email a link to a website that shows someone demonstrating a similar process.

A threat intelligence analyst is updating a document according to the MITRE ATT & CK framework. The analyst detects the following behavior from a malicious actor: "The malicious actor will attempt to achieve unauthorized access to the vulnerable system." In which of the following phases should the analyst include the detection?

• A.Subtechniques
• B.Techniques
• C.Tactics
• D.Procedures