Skip to main content
🖥️ CompTIA ⭐ Premium

CompTIA CySA+ (CS0-003) - 340 Questions

By Webmaster Certland ❤️ 0 likes

Practice exam for the CompTIA CySA+ CS0-003 certification. Covers security operations, vulnerability management, incident response and management, and reporting and communication.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A SOC analyst is reviewing SIEM alerts and notices that log timestamps from a remote branch office are consistently 3 hours ahead of the SIEM server time. Which configuration issue is most likely causing this discrepancy?

A The remote branch office log sources are not synchronized to a common NTP server
B The logging level on the remote branch office devices is set too high
C Network latency between the branch office and SIEM is causing log delivery delays
D The SIEM log ingestion pipeline is processing events out of order

2. A security analyst needs to investigate a potential intrusion on a Windows workstation. Which Windows Registry hive should the analyst examine to find recently executed programs that do not appear in standard process lists?

A HKLM\SYSTEM
B HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
C HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
D HKLM\SAM

3. An organization wants to implement a solution that automatically executes a series of predefined response actions when a specific SIEM alert fires, such as isolating an endpoint and blocking an IP at the firewall. Which technology best fulfills this requirement?

A Endpoint Detection and Response (EDR)
B Security Information and Event Management (SIEM)
C Security Orchestration, Automation, and Response (SOAR)
D Intrusion Detection System (IDS)

4. A threat analyst observes that an internal host is making outbound DNS queries for randomly generated 32-character subdomains of a single domain at regular 60-second intervals. Which type of malicious activity does this behavior most likely indicate?

A Command-and-control (C2) beaconing using DNS tunneling
B Internal network port scanning
C Data exfiltration over HTTP
D Distributed denial-of-service amplification attack

5. A SOC analyst captures network traffic and wants to filter for all TCP SYN packets directed at a web server to identify potential reconnaissance activity. Which Wireshark display filter should the analyst use?

A tcp.flags == 0x002
B tcp.flags.syn == 1 && tcp.flags.ack == 0
C tcp.port == 80
D ip.dst == 192.168.1.100 && tcp

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium 7-day trial
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Start 7-day free trial

Information

Questions 340
Time 2h 45min
Difficulty Medium
Minimum Score 75.00%
▶ Try 5 questions — no account needed 🔒 Unlock all questions — Premium 🤍 Like

Related Exams

⭐ Premium

CompTIA A+ Core 1 (220-1201) - 340 Questions

340 questions · 0 attempts
⭐ Premium

CompTIA A+ Core 2 (220-1202) - 340 Questions

340 questions · 0 attempts
⭐ Premium

CompTIA Network+ (N10-009) - 340 Questions

340 questions · 0 attempts
⭐ Premium

CompTIA Security+ (SY0-701) - 340 Questions

340 questions · 0 attempts

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.