Which of the following threat-modeling procedures is in the OWASP Web Security Testing Guide?
Correct Answer: C
The OWASP Web Security Testing Guide (WSTG) includes a section on threat modeling, which is a structured approach to identify, quantify, and address the security risks associated with an application. The first step in the threat modeling process is decomposing the application, which involves creating use cases, identifying entry points, assets, trust levels, and data flow diagrams for the application. This helps to understand the application and how it interacts with external entities, as well as to identify potential threats and vulnerabilities1. The other options are not part of the OWASP WSTG threat modeling process.
CS0-003 Exam Question 57
Which of the following are the most relevant factors related to vulnerability management reporting and communication within an organization?
Correct Answer: D
Comprehensive and Detailed Explanation From Exact Extract: Vulnerability management reporting and communication focuses on giving stakeholders the information they need to prioritize, assign, track, and complete remediation. That typically includes: Risk severity / risk score (to prioritize and communicate urgency) Timelines (when fixes are due, often tied to SLOs/SLAs and internal targets) Dependencies (what must happen first or what systems/teams a fix relies on) Remediation ownership / responsible parties (who is accountable for fixing each item) This maps directly to Option D. Exact extract (CompTIA CySA+ CS0-003 Exam Objectives - Vulnerability management reporting): Vulnerability management reporting includes "Risk score ... [and] Prioritization." Exact extract (Secbay Press - Key components of action plans used for reporting/communication): "Timeline and Prioritization: Specify timelines for addressing each vulnerability..." "Responsible Parties: Clearly identify individuals or teams responsible..." "Communication Strategy: Outline how the organization will communicate progress..." These are the same practical reporting/communication items expressed in Option D: "Risk severity levels" ↔ risk score / severity used for prioritization "Timelines" ↔ timeline definition in action plans "Remediation ownership" ↔ responsible parties/accountability "Dependencies" are commonly tracked because they affect timelines and ownership (for example, engineering/ops sequencing and prerequisite changes), and they align with the objective's focus on prioritization/action planning and stakeholder communication. Why the other options are not the best match: A includes items that are valuable inputs to prioritization (risk assessment, BIA), but vulnerability reporting/communication (per objectives) is centered on reporting vulnerabilities, affected hosts, risk scoring, mitigations, recurrence, prioritization, and action plans, not BCPs as core reporting factors. B mixes relevant items (MTTR, dependencies) with disaster recovery plans, which are DR/BC-focused rather than core vulnerability reporting elements. C includes several incident response / SOC monitoring metrics (alert volume characteristics, MTTD) that are not the primary focus of vulnerability management reporting (even though false positives can be tracked as a VM metric, the overall set is misaligned). Reference (CompTIA CySA+ CS0-003 documents / study guides used): CompTIA CySA+ CS0-003 Exam Objectives v4.0: vulnerability management reporting includes risk score and prioritization; action plans and stakeholder communication Secbay Press, CompTIA CySA+ Exam Prep Guide (CS0-003): action plan components include timelines, responsible parties (ownership), and communication strategy
CS0-003 Exam Question 58
The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?
Correct Answer: C
ISO 27001 is an international standard that establishes a framework for implementing, maintaining, and improving an information security management system (ISMS). It helps organizations demonstrate their commitment to protecting their data and complying with various regulations and best practices. The other options are not relevant for this purpose: PCI DSS is a standard that focuses on protecting payment card data; COBIT is a framework that provides guidance on governance and management of enterprise IT; ITIL is a framework that provides guidance on service management and delivery.
CS0-003 Exam Question 59
Which of the following is the best way to provide realistic training for SOC analysts?
Correct Answer: C
Attack simulations provide realistic, hands-on scenarios that mirror true incidents, allowing SOC analysts to practice detection, analysis, and response skills under real-world pressure. These simulations are crucial for developing and reinforcing SOC procedures and incident workflows. Phishing assessments (A) are targeted, limited training. OpenVAS (B) is a vulnerability scanner, not a training tool. SOAR (D) is a response automation tool. Honeypots (E) help observe attacker behavior, but aren't training-focused. Reference: CS0-003 Objectives 3.3 - Incident Response Training Mya Heath All-in-One - Chapter 14: Post-Incident Activities and Training
CS0-003 Exam Question 60
A security analyst observed the following activity from a privileged account: . Accessing emails and sensitive information . Audit logs being modified . Abnormal log-in times Which of the following best describes the observed activity?
Correct Answer: D
The observed activity from a privileged account indicates an insider attack, which is when a trusted user or employee misuses their access rights to compromise the security of the organization. Accessing emails and sensitive information, modifying audit logs, and logging in at abnormal times are all signs of malicious behavior by a privileged user who may be trying to steal, tamper, or destroy data, or cover their tracks. An insider attack can cause significant damage to the organization's reputation, operations, and compliance12. Reference: The Privileged Identity Playbook Guides Management of Privileged User Accounts, How to Track Privileged Users' Activities in Active Directory