exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 110 discussion

Actual exam question from CompTIA's CS0-003
Question #: 110
Topic #: 1
[All CS0-003 Questions]

A security analyst needs to mitigate a known, exploited vulnerability related to an attack vector that embeds software through the USB interface. Which of the following should the analyst do first?

  • A. Conduct security awareness training on the risks of using unknown and unencrypted USBs.
  • B. Write a removable media policy that explains that USBs cannot be connected to a company asset.
  • C. Check configurations to determine whether USB ports are enabled on company assets.
  • D. Review logs to see whether this exploitable vulnerability has already impacted the company.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
[Removed]
Highly Voted 1 year, 3 months ago
Selected Answer: C
I would check C before looking for D. No point in looking for that needle in a haystack if there is no haystack.
upvoted 12 times
...
leesuh
Most Recent 1 week, 1 day ago
Selected Answer: A
Can someone explain why A is not an option?
upvoted 1 times
...
luiiizsoares
3 months, 3 weeks ago
Selected Answer: C
Correct Answer: C. Check configurations to determine whether USB ports are enabled on company assets. Analysis: The first step in mitigating the vulnerability is to understand the current state of USB port configurations across company assets. This allows the analyst to quickly determine if USB ports are enabled and could be an attack vector, and to take immediate action such as disabling them or implementing security controls.
upvoted 1 times
...
BanesTech
10 months, 2 weeks ago
Selected Answer: C
Option D, is incorrect. Reviewing logs to see whether the vulnerability has already been exploited is important for understanding the scope of potential impact, but it doesn't address the immediate need to mitigate the vulnerability itself. Therefore, option C is the most appropriate initial step to take in response to the identified vulnerability.
upvoted 3 times
...
sujon_london
11 months, 3 weeks ago
Selected Answer: D
The first step a security analyst should take when dealing with a known, exploited vulnerability is to assess the current impact on the organization. Reviewing logs to determine if the vulnerability has already been exploited within the company is crucial for understanding the scope of the issue and for planning an appropriate response. This step is essential for incident response and for preventing further exploitation of the vulnerability[1][2][5]. Once the immediate impact is assessed, the analyst can then move on to implementing policies, conducting security awareness training, and adjusting configurations to prevent future incidents
upvoted 1 times
sujon_london
11 months, 3 weeks ago
My apology after careful consideration of Urgency: Addressing a known and exploited vulnerability requires immediate action to prevent further compromise.So, I have changed my mind to choose answer C instead of D.
upvoted 5 times
...
...
Bobden
1 year ago
Selected Answer: A
I think A is the only real mitigation option. C is "checking" if the company is vulnerable, I would have said C if it was "blocking USB ports". D is checking if the company has been affected, this is not a mitigation.
upvoted 2 times
...
VVV4WIN
1 year, 3 months ago
Selected Answer: C
ITManager worded it very well. I was torn between C & D, but he convinced me it is C.
upvoted 4 times
...
[Removed]
1 year, 3 months ago
Selected Answer: C
C) check configurations I agree with ITManager below. Can't find a needle that doesn't exist. Plus, the question says the analyst needs to mitigate (or reduce the risk) of the vulnerability. Checking to see if it has already been exploited (D) doesn't do anything to reduce the risk. It still exists whether the logs show it or not. To reduce the risk, you need to be proactive. C is the best option as it would allow you to disable USB ports if need be.
upvoted 4 times
...
chaddman
1 year, 4 months ago
Selected Answer: D
D. Review logs to see whether this exploitable vulnerability has already impacted the company. This initial step will help the analyst understand the scope and severity of the issue within the organization and inform subsequent mitigation efforts. If the logs reveal that the vulnerability has been exploited, immediate remedial actions will be needed to contain and eliminate the threat.
upvoted 2 times
...
kmordalv
1 year, 6 months ago
Selected Answer: C
When dealing with a known and exploited vulnerability related to an attack vector that involves embedding software through the USB interface, the primary concern is to immediately stop the active exploitation and prevent further attacks. Given the options provided, the answeer is the best Check configurations for USB ports (Option C): This is the most immediate action to take. Disabling or securing USB ports on company assets will prevent the attacker from further exploiting the vulnerability through this attack vector. It's a quick and effective way to mitigate ongoing attacks.
upvoted 1 times
stolleryp
1 year, 4 months ago
I don't agree with this. I think that Option D is the best response. Option C checks if it's a possibility whereas Option D checks whether it has happened.
upvoted 3 times
Mehe323
10 months ago
The question asks about mitigation, D is not a mitigation option but detection. Before mitigating anything, you have to know what the current state/configuration is.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago