Free CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Exam Practice Test

Which of the following does 'federation' most likely refer to within the context of identity and access management?

• Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access
• An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains
• Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user
• Correlating one's identity with the attributes and associated applications the user has access to

An analyst wants to ensure that users only leverage web-based software that has been pre-approved by the organization. Which of the following should be deployed?

• Blocklisting
• Allowlisting
• Graylisting
• Webhooks

A managed security service provider is having difficulty retaining talent due to an increasing workload caused by a client doubling the number of devices connected to the network. Which of the followingwould best aid in decreasing the workload without increasing staff?

• SIEM
• XDR
• SOAR
• EDR

Which of the following phases of the Cyber Kill Chain involves the adversary attempting to establish communication with a successfully exploited target?

• Command and control
• Actions on objectives
• Exploitation
• Delivery

Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?

• Mean time to detect
• Mean time to respond
• Mean time to remediate
• Service-level agreement uptime

An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain for this aircraft. Which of the following would be the best threat intelligence source to learn about this new campaign?

• Information sharing organization
• Blogs/forums
• Cybersecuritv incident response team
• Deep/dark web

A payroll department employee was the target of a phishing attack in which an attacker impersonated a department director and requested that direct deposit information be updated to a new account. Afterward, a deposit was made into the unauthorized account. Which of the following is one of the first actions the incident response team should take when they receive notification of the attack?

• Scan the employee's computer with virus and malware tools.
• Review the actions taken by the employee and the email related to the event
• Contact human resources and recommend the termination of the employee.
• Assign security awareness training to the employee involved in the incident.

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

• PAM
• IDS
• PKI
• DLP

Which of the following threat-modeling procedures is in the OWASP Web Security Testing Guide?

• Review Of security requirements
• Compliance checks
• Decomposing the application
• Security by design

During an extended holiday break, a company suffered a security incident. This information was properly relayed to appropriate personnel in a timely manner and the server was up to date and configured with appropriate auditing and logging. The Chief Information Security Officer wants to find out precisely what happened. Which of the following actions should the analyst take first?

• Clone the virtual server for forensic analysis
• Log in to the affected server and begin analysis of the logs
• Restore from the last known-good backup to confirm there was no loss of connectivity
• Shut down the affected server immediately