A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?

1. A. Potential precursor to an attack
2. B. Unauthorized peer-to-peer communication
3. C. Rogue device on the network
4. D. System updates

Correct Answer: A

Which of the following entities should an incident manager work with to ensure correct processes are adhered to when communicating incident reporting to the general public, as a best practice? (Select two).

1. A. Law enforcement
2. B. Governance
3. C. Legal
4. D. Manager
5. E. Public relations
6. F. Human resources

Correct Answer: CE
An incident manager should work with the legal and public relations entities to ensure correct processes are adhered to when communicating incident reporting to the general public, as a best practice. The legal entity can provide guidance on the legal implications and obligations of disclosing the incident, such as compliance with data protection laws, contractual obligations, and liability issues. The public relations entity can help craft the appropriate message and tone for the public communication, as well as manage the reputation and image of the organization in the aftermath of the incident. These two entities can help the incident manager balance the need for transparency and accountability with the need for confidentiality and security12. References: Incident Communication Templates, Incident Management: Processes, Best Practices & Tools - Atlassian

An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain for this aircraft. Which of the following would be the best threat intelligence source to learn about this new campaign?

1. A. Information sharing organization
2. B. Blogs/forums
3. C. Cybersecuritv incident response team
4. D. Deep/dark web

Correct Answer: A
An information sharing organization is a group or network of organizations that share threat intelligence, best practices, or lessons learned related to cybersecurity issues or incidents. An information sharing organization can help security analysts learn about new ransomware campaigns or other emerging threats, as well as get recommendations or guidance on how to prevent, detect, or respond to them. An information sharing organization can also help security analysts collaborate or coordinate with other organizations in the same industry or region that may face similar threats or challenges.

An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

1. A. Set an HttpOnlvflaq to force communication by HTTPS
2. B. Block requests without an X-Frame-Options header
3. C. Configure an Access-Control-Allow-Origin header to authorized domains
4. D. Disable the cross-origin resource sharing header

Correct Answer: B
The output shows that the web application is vulnerable to clickjacking attacks, which allow an attacker to overlay a hidden frame on top of a legitimate page and trick users into clicking on malicious links. Blocking requests without an X-Frame-Options header can prevent this attack by instructing the browser to not display the page within a frame.

While reviewing web server logs, a security analyst discovers the following suspicious line:

Which of the following is being attempted?

1. A. Remote file inclusion
2. B. Command injection
3. C. Server-side request forgery
4. D. Reverse shell

Correct Answer: B
The suspicious line in the web server logs is an attempt to execute a command on the server, indicating a command injection attack.References: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5, page 197; CompTIA CySA+ CS0-003 Certification Study Guide, Chapter 5, page 205.