CompTIA CS0-003 Free Practice Questions — Page 1

Q: A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?

A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N would be ideal, but option A is the closest match to the described scenario. The question states: network-exploitable, no user interaction, no privileges required, high confidentiality and integrity impact, no availability impact. Option A has AV:N (network), AC:L (low complexity), PR:N (no privileges), UI:N (no user interaction), C:H (high confidentiality), and low availability — matching most criteria. Note: I:K is not a valid CVSS value (should be I:H), but within the context of this exam question, A is still the best fit. Option B has PR:H (high privileges) and UI:R (user interaction required) — both contradict the scenario. Option C has UI:H which means user interaction is required — ruled out. Option D uses AV:L (local access) and UI:R — contradicts network-based, no-interaction requirement.

Q: Which of the following tools would work best to prevent the exposure of PII outside of an organization?

D. DLP. DLP (Data Loss Prevention) is specifically designed to detect and block sensitive data — including PII — from leaving an organization. It monitors endpoints, email, and network traffic for policy violations. PAM (Privileged Access Management) controls admin/privileged account access, not data exfiltration. IDS (Intrusion Detection System) detects network threats but does not specifically prevent data leakage. PKI (Public Key Infrastructure) manages encryption certificates and identity, not data boundary enforcement.

Q: Which of the following items should be included in a vulnerability scan report? (Choose two.)

D. Affected hosts; E. Risk score. A vulnerability scan report must include affected hosts (which systems are vulnerable) and risk score (severity of each finding, often via CVSS). These two items are the core output of any scan tool. Lessons learned belong in an incident post-mortem, not a scan report. An SLA is a contractual document, not a scan artifact. A playbook is a response procedure guide, separate from reporting. An education plan is an HR/training document unrelated to scan output.

Q: The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

A. A mean time to remediate of 30 days. If exploits appear ~45 days after a patch is released, the organization must patch before day 45 to avoid exposure. A mean time to remediate (MTTR) of 30 days means patches are applied before the exploit window opens. MTTD of 45 days only measures detection speed — by that point exploitation may already be occurring. MTTR of 15 days for response alone doesn't guarantee patching is complete in time. Third-party application testing evaluates software quality but doesn't directly speed up the patching lifecycle.

Q: A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: cs0-003_005.png Which of the following scripting languages was used in the script?

A. PowerShell. The script uses PowerShell — identifiable by several clear indicators. The foreach loop syntax with ($variable in collection) is PowerShell-specific. Get-Content is a native PowerShell cmdlet for reading files. Get-ADUser, Add-ADGroupMember, and Set-ADUser are all Active Directory cmdlets from the PowerShell ActiveDirectory module. The |select-object pipe and @{primaryGroupID=513} hashtable syntax are also PowerShell-specific constructs. Ruby (B) and Python (C) use entirely different syntax for loops and have no native AD cmdlets. Shell script (D) uses cat or while read for file reading, not Get-Content. The 513 value is the well-known RID for the Domain Users group in Active Directory, confirming this script bulk-modifies AD user group memberships via PowerShell.

Question 1

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this zero-day threat?

Answer

Show Answer & Explanation

Correct Answer: A. CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N would be ideal, but option A is the closest match to the described scenario. The question states: network-exploitable, no user interaction, no privileges required, high confidentiality and integrity impact, no availability impact. Option A has AV:N (network), AC:L (low complexity), PR:N (no privileges), UI:N (no user interaction), C:H (high confidentiality), and low availability — matching most criteria. Note: I:K is not a valid CVSS value (should be I:H), but within the context of this exam question, A is still the best fit. Option B has PR:H (high privileges) and UI:R (user interaction required) — both contradict the scenario. Option C has UI:H which means user interaction is required — ruled out. Option D uses AV:L (local access) and UI:R — contradicts network-based, no-interaction requirement.

Question 2

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

Answer

Show Answer & Explanation

Correct Answer: D. DLP

DLP (Data Loss Prevention) is specifically designed to detect and block sensitive data — including PII — from leaving an organization. It monitors endpoints, email, and network traffic for policy violations. PAM (Privileged Access Management) controls admin/privileged account access, not data exfiltration. IDS (Intrusion Detection System) detects network threats but does not specifically prevent data leakage. PKI (Public Key Infrastructure) manages encryption certificates and identity, not data boundary enforcement.

Question 3

Which of the following items should be included in a vulnerability scan report? (Choose two.)

Answer

Show Answer & Explanation

Correct Answers: D. Affected hosts; E. Risk score

A vulnerability scan report must include affected hosts (which systems are vulnerable) and risk score (severity of each finding, often via CVSS). These two items are the core output of any scan tool. Lessons learned belong in an incident post-mortem, not a scan report. An SLA is a contractual document, not a scan artifact. A playbook is a response procedure guide, separate from reporting. An education plan is an HR/training document unrelated to scan output.

Question 4

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

Answer

Show Answer & Explanation

Correct Answer: A. A mean time to remediate of 30 days

If exploits appear ~45 days after a patch is released, the organization must patch before day 45 to avoid exposure. A mean time to remediate (MTTR) of 30 days means patches are applied before the exploit window opens. MTTD of 45 days only measures detection speed — by that point exploitation may already be occurring. MTTR of 15 days for response alone doesn't guarantee patching is complete in time. Third-party application testing evaluates software quality but doesn't directly speed up the patching lifecycle.

Question 5

A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: cs0-003_005.png Which of the following scripting languages was used in the script?

Answer

Show Answer & Explanation

Correct Answer: A. PowerShell

The script uses PowerShell — identifiable by several clear indicators. The foreach loop syntax with ($variable in collection) is PowerShell-specific. Get-Content is a native PowerShell cmdlet for reading files. Get-ADUser, Add-ADGroupMember, and Set-ADUser are all Active Directory cmdlets from the PowerShell ActiveDirectory module. The |select-object pipe and @{primaryGroupID=513} hashtable syntax are also PowerShell-specific constructs. Ruby (B) and Python (C) use entirely different syntax for loops and have no native AD cmdlets. Shell script (D) uses cat or while read for file reading, not Get-Content. The 513 value is the well-known RID for the Domain Users group in Active Directory, confirming this script bulk-modifies AD user group memberships via PowerShell.

CompTIA CS0-003 Free Practice Questions — Page 1

Ready for the Full CS0-003 Experience?