CS0-003 Exam Question 31

When undertaking a cloud migration of multiple SaaS applications, an organization's systems administrators struggled with the complexity of extending identity and access management to cloud-based assets. Which of the following service models would have reduced the complexity of this project?
  • CS0-003 Exam Question 32

    A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to build the case for the investigation. Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?
  • CS0-003 Exam Question 33

    A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:
    Security Policy 1006: Vulnerability Management
    1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.
    2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.
    3. The Company shall prioritize patching of publicly available systems and services over patching of internally available system.
    According to the security policy, which of the following vulnerabilities should be the highest priority to patch?
  • CS0-003 Exam Question 34

    A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?
  • CS0-003 Exam Question 35

    A security analyst has found a moderate-risk item in an organization's point-of-sale application. The organization is currently in a change freeze window and has decided that the risk is not high enough to correct at this time. Which of the following inhibitors to remediation does this scenario illustrate?