Exactprep CS0-003 Questions

The captured traffic shows TCP packets with the Flags [FPU], which indicate that the FIN, PSH, and URG flags are set. This is characteristic of an Nmap Xmas scan. The Xmas scan is a type of port scan that sends packets with these flags set to determine port states based on responses from the target system. This technique is often used in stealth scanning to evade detection by firewalls or IDS/IPS​.

Nikto's web scan (B) is used for identifying web server vulnerabilities but does not generate TCP packets with such unusual flags​.

Socat's proxying (C) would not exhibit the specific Xmas scan pattern.

Angry IP Scanner (D) is a general-purpose scanner that does not use the TCP flags seen in this capture​.

The correct regular expression to match a GET request to this API endpoint is " ". This pattern checks for the specific URL with an id parameter that accepts integer values. The syntax \d+ matches one or more digits, which aligns with the requirement for a single integer argument. Other options either use incorrect syntax or do not accurately capture the expected URL format. Regular expressions are vital in filtering and identifying patterns in logs, as recommended by CompTIA Cybersecurity Analyst (CySA+) practices for threat hunting and log analysis.

Port 1433 is commonly used by Microsoft SQL Server, which is a database management system. A spike in traffic on this port between two IP addresses on opposite sides of a WAN connection could indicate a database replication process, which is a way of copying and distributing data from one database server to another. This could be a legitimate activity performed by an administrator, but it should be communicated to the security operations center (SOC) to avoid confusion and false alarms.

1. Analyze the Screenshot: The provided image shows a vulnerability scan report (likely from OWASP ZAP). The specific alert highlighted in blue is "Cross-Domain Misconfiguration" with 34 occurrences. In CompTIA performance-based questions, the highlighted item dictates the problem you need to solve.

2. Identify the Vulnerability: Cross-Domain Misconfiguration typically refers to issues with CORS (Cross-Origin Resource Sharing).

CORS is a mechanism that allows a server to indicate any other origins (domains, schemes, or ports) than its own from which a browser should permit loading of resources.

A common misconfiguration occurs when the server sends the header Access-Control-Allow-Origin: *. This wildcard tells the browser to allow any website to access the resources on your server, which defeats the browser's Same-Origin Policy protection.

3. Evaluate the Solution (Option C): To tune this and fix the vulnerability without breaking functionality for legitimate partners, the analyst should change the configuration from a wildcard (*) to a specific allowlist.

Remediation: Set the Access-Control-Allow-Origin header to strictly define which authorized domains (e.g., are allowed to access the resources.

This aligns perfectly with Option C.

Why the other options are incorrect:

A. Set an HttpOnly flag to force communication by HTTPS:

This is incorrect for two reasons. First, it addresses the "Cookie No HttpOnly Flag" alert, not the highlighted "Cross-Domain" alert. Second, the definition is technically wrong: the HttpOnly flag prevents client-side scripts (like JavaScript) from accessing cookies (mitigating XSS); it does not force HTTPS. The Secure flag or HSTS headers are used to force HTTPS.

B. Block requests without an X-Frame-Options header:

This is the remediation for Clickjacking (seen in the alert list as "Missing Anti-clickjacking Header"), not Cross-Domain Misconfiguration.

D. Disable the cross-origin resource sharing header:

While removing the header entirely defaults the browser back to the strict Same-Origin Policy (which is secure), "tuning" implies adjusting the setting to work correctly. If the application requires cross-domain communication (which the presence of the header suggests), disabling it entirely would break the application. Configuring it correctly (Option C) is the professional remediation.