An organization is planning to adopt a zero-trust architecture. Which of the following is most aligned with this approach?
Correct Answer: A
Comprehensive and Detailed Step-by-Step Network segmentation supports zero-trust principles by ensuring sensitive systems are isolated and access is restricted based on identity, role, and context. Unlike traditional models, zero-trust architecture does not automatically trust authenticated users or internal network traffic. It enforces strict access controls to minimize risk. Reference: CompTIA CySA+ Study Guide (Chapter 2: Zero Trust and Network Segmentation, Page 52) CompTIA CySA+ Objectives (Domain 1.1 - Zero Trust Architecture)
CS0-003 Exam Question 52
A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the respective system owners to help determine the best methodology that seeks to promote confidentiality, availability, and integrity of the data being hosted. Which of the following should the security analyst perform first to categorize and prioritize the respective systems?
Correct Answer: D
Determining the asset value of each system is the best action to perform first, as it helps to categorize and prioritize the systems based on the sensitivity of the data they host. The asset value is a measure of how important a system is to the organization, in terms of its financial, operational, or reputational impact. The asset value can help the security analyst to assign a risk level and a protection level to each system, and to allocate resources accordingly. The other actions are not as effective as determining the asset value, as they do not directly address the goal of promoting confidentiality, availability, and integrity of the data. Interviewing the users who access these systems may provide some insight into how the systems are used and what data they contain, but it may not reflect the actual value or sensitivity of the data from an organizational perspective. Scanning the systems to see which vulnerabilities currently exist may help to identify and remediate some security issues, but it does not help to categorize or prioritize the systems based on their data sensitivity. Configuring alerts for vendor-specific zero-day exploits may help to detect and respond to some emerging threats, but it does not help to protect the systems based on their data sensitivity.
CS0-003 Exam Question 53
A cybersecurity analyst is recording the following details * ID * Name * Description * Classification of information * Responsible party In which of the following documents is the analyst recording this information?
Correct Answer: A
A risk register typically contains details like ID, name, description, classification of information, and responsible party. It's used for tracking identified risks and managing them. Recording details like ID, Name, Description, Classification of information, and Responsible party is typically done in a Risk Register. This document is used to identify, assess, manage, and monitor risks within an organization. It's not directly related to incident response or change control documentation.
CS0-003 Exam Question 54
The SOC receives a number of complaints regarding a recent uptick in desktop error messages that are associated with workstation access to an internal web application. An analyst, identifying a recently modified XML file on the web server, retrieves a copy of this file for review, which contains the following code: Which of The following XML schema constraints would stop these desktop error messages from appearing?
Correct Answer: B
The XML file contains JavaScript embedded within a <description> tag that executes an alert message, which is a common Cross-Site Scripting (XSS) attack vector. The issue occurs because the XML schema does not restrict the input to safe characters, allowing arbitrary script execution when the XML file is processed by a vulnerable application. Solution: Implement Input Validation Using an XML Schema Constraint Option B enforces a whitelist approach by allowing only alphanumeric characters and spaces ([a-zA-Z 0-9]*). This prevents the inclusion of malicious JavaScript or special characters such as <, >, or &, which are required for XSS injection. Why are the other options incorrect? Option A: Restricts input to a Social Security Number (SSN) format ([0-9]{3}-[0-9]{2}-[0-9]{4}). While it prevents JavaScript injection, it is too restrictive and would break legitimate text-based content in the XML. Option C: Restricts input to only numeric values ([0-9]*), preventing JavaScript injection but also breaking legitimate non-numeric content in the <description> field. Option D: Restricts input to a single positive integer, which does not align with the expected text-based content. Thus, Option B is the correct answer, as it enforces proper input validation while still allowing expected text input.
CS0-003 Exam Question 55
Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
Correct Answer: A
The incident response policy or plan is a document that defines the roles and responsibilities, procedures and processes, communication and escalation protocols, and reporting and documentation requirements for handling security incidents. The lead should review what is documented in the incident response policy or plan to determine who should be communicated with and when during a security incident, as well as what information should be shared and how. The incident response policy or plan should also be aligned with the organizational policies and legal obligations regarding incident notification and disclosure.