Home/ CompTIA Certifications/ CS0-003 Practice/ Page 2

CompTIA CS0-003 Free Practice Questions — Page 2

CompTIA CySA+ • 5 questions • Answers & explanations included

Question 6

A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?

A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
B. An on-path attack is being performed by someone with internal access that forces users into port 80
C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
D. An error was caused by BGP due to new rules applied over the company's internal routers
Show Answer & Explanation

Correct Answer: B. An on-path attack is being performed by someone with internal access that forces users into port 80

An on-path (man-in-the-middle) attack can intercept HTTPS traffic and downgrade it to HTTP, forcing users to port 80 — explaining the inconsistent behavior. Compromised user accounts align with credential harvesting via intercepted traffic. Option A would cause consistent HTTPS failure, not intermittent switching. Option C is a load issue, not a security event, and wouldn't explain compromised accounts. Option D (BGP misconfiguration) affects routing, not protocol-level HTTP/HTTPS switching.

Question 7

A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below: Security Policy 1006: Vulnerability Management 1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities. 2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data. 3. The Company shall prioritize patching of publicly available systems and services over patching of internally available system. According to the security policy, which of the following vulnerabilities should be the highest priority to patch?

A. Name: THOR.HAMMER - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Internal System
B. Name: CAP.SHIELD - CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N External System
C. Name: LOKI.DAGGER - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H External System
D. Name: THANOS.GAUNTLET - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Internal System
Show Answer & Explanation

Correct Answer: B. Name: CAP.SHIELD - CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N External System

Policy rules applied in order: (1) use CVSS exploitability/impact, (2) prefer confidentiality over availability, (3) prefer external over internal. Both B and C are external systems — so rule 3 eliminates A and D. Between B and C, both have identical CVSS scores, but B impacts confidentiality (C:H) while C impacts only availability (A:H). Policy rule 2 says prioritize confidentiality — so CAP.SHIELD (B) wins. D is internal with C:H but loses to B because B is external.

Question 8

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?

A. Business continuity plan
B. Vulnerability management plan
C. Disaster recovery plan
D. Asset management plan
Show Answer & Explanation

Correct Answer: A. Business continuity plan

A Business Continuity Plan (BCP) ensures mission-critical services remain operational during and after an incident. It covers people, processes, and systems to maintain operations. A Disaster Recovery Plan (C) focuses on restoring IT systems after a disruption — it's reactive, not proactive continuity. A vulnerability management plan addresses risk reduction, not operational continuity. An asset management plan tracks inventory, not service availability during incidents.

Question 9

The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?

A. Deploy a CASB and enable policy enforcement
B. Configure MFA with strict access
C. Deploy an API gateway
D. Enable SSO to the cloud applications
Show Answer & Explanation

Correct Answer: A. Deploy a CASB and enable policy enforcement

A CASB (Cloud Access Security Broker) sits between users and cloud services, giving visibility and control over shadow IT and unauthorized cloud app usage. It can enforce policies, block risky apps, and monitor data movement. MFA (B) strengthens authentication but doesn't discover or block shadow IT. An API gateway (C) manages API traffic, not unsanctioned cloud app usage. SSO (D) centralizes login but doesn't reduce or block high-risk unauthorized apps.

Question 10

An incident response team receives an alert to start an investigation of an internet outage. The outage is preventing all users in multiple locations from accessing external SaaS resources. The team determines the organization was impacted by a DDoS attack. Which of the following logs should the team review first?

A. CDN
B. Vulnerability scanner
C. DNS
D. Web server
Show Answer & Explanation

Correct Answer: C. DNS

DNS logs should be reviewed first because a DDoS attack often targets or exploits DNS infrastructure, and DNS is the first resolution point for accessing external SaaS resources. DNS logs reveal flood patterns, query anomalies, or resolution failures affecting all locations simultaneously. CDN logs (A) are useful but secondary. Vulnerability scanner logs (B) are irrelevant to a live DDoS event. Web server logs (D) only show application-layer traffic, not network-level outage causes.

Ready for the Full CS0-003 Experience?

Access all 96 pages of practice questions and simulate the real exam with timed mode.

Start Interactive Quiz →