CompTIA CySA+ CS0-003 Passing Score

Incident response playbooksprovide a structuredstep-by-step guidefor handling security incidents. Theydefine actions to takewhen specificthreat indicators or eventsoccur, ensuring acoordinated and consistent response​.

Option A (Prioritizing business-critical assets)relates more todisaster recovery (DR)than incident response.

Option C (Documenting asset management)is part ofIT governance, not incident response.

Option D (Defining DR sites)falls underbusiness continuity planning, not real-time incident handling.

Thus,B is the best answer, asplaybooks are designed to trigger appropriate responses to incidents​.

The correct answers for key factors in the change management process to reduce the impact of system failures are:

D. Identify assets with dependence that could be impacted by the change.

F. Ensure that all assets are properly listed in the inventory management system.

D. Identify assets with dependence that could be impacted by the change: This is crucial in change management because understanding the interdependencies among assets can help anticipate and mitigate the potential cascading effects of a change. By identifying these dependencies, the organization can plan more effectively for changes and minimize the risk of unintended consequences that could lead to system failures.

F. Ensure that all assets are properly listed in the inventory management system: Maintaining an accurate and comprehensive inventory of assets is fundamental in change management. Knowing exactly what assets the organization possesses and their characteristics allows for better planning and impact analysis when changes are made. This ensures that no critical component is overlooked during the change process, reducing the risk of failures due to incomplete information.

Other Options:

A. Ensure users document system recovery plan prior to deployment: While documenting a system recovery plan is important, it ' s more related to disaster recovery and business continuity planning than directly reducing the impact of system failures due to changes.

B. Perform a full system-level backup following the change: While backups are essential, they are generally a reactive measure to recover from a failure, rather than a proactive measure to reduce the impact of system failures in the first place.

C. Leverage an audit tool to identify changes that are being made: While using an audit tool is helpful for tracking changes and ensuring compliance, it is not directly linked to reducing the impact of system failures due to changes.

E. Require diagrams to be completed for all critical systems: While having diagrams of critical systems is useful for understanding and managing them, it is not a direct method for reducing the impact of system failures due to changes. Diagrams are more about documentation and understanding rather than proactive change management.

An important aspect that should be included in the lessons-learned step after an incident is to identify any improvements or changes in the incident response plan or procedures. The lessons-learned step is a process that involves reviewing and evaluating the incident response activities and outcomes, as well as identifying and documenting any strengths, weaknesses, gaps, or best practices. Identifying any improvements or changes in the incident response plan or procedures can help enhance the security posture, readiness, or capability of the organization for future incidents

The correct answer is A because path traversal, also called directory traversal, occurs when an attacker manipulates file or directory path input, such as ../, to access files outside the intended directory. The best code-level fix is to validate and sanitize user-supplied file and directory names so the application does not accept traversal sequences or malicious path characters.

Exact supporting extract: the Sybex CySA+ Study Guide explains that a directory traversal attack occurs when an attacker inserts filesystem path values into a query string to access files outside the authorized area. It also states that controls should include avoiding filenames in user-manipulatable fields and using input validation to prevent special characters required for directory traversal.

The All-in-One CySA+ guide also states that directory traversal mitigations include input validation to ensure user input does not contain directory traversal sequences and filename sanitization to remove directory traversal sequences or other malicious characters.

Why the other options are incorrect:

B is incorrect because output encoding is mainly used to prevent output-based attacks such as XSS.

C is incorrect because scrubbing SQL commands relates to SQL injection, not path traversal.

D is a useful defense-in-depth measure, but it does not directly rewrite the vulnerable code to prevent path traversal.