Free CS0-003 CompTIA Updates

Reconnaissance is the first stage in the Cyber Kill Chain and involves researching potential targets before carrying out any penetration testing. The reconnaissance stage may include identifying potential targets, finding their vulnerabilities, discovering which third parties are connected to them (and what data they can access), and exploring existing entry points as well as finding new ones. Reconnaissance can take place both online and offline. In this case, an analyst finds that an IP address outside of the company network is being used to run network and vulnerability scans across external-facing assets. This indicates that the analyst is witnessing reconnaissance activity by an attacker. Official References:

The system “blane” with the vulnerability name “snakedoctor” should be prioritized for patching as it has a network attack vector (AV:N), low attack complexity (AC:L), and high availability (A:H). These metrics indicate that it would be relatively easy to exploit this vulnerability over the internet, and the system is highly available. References: According to the CVSS v3.1 Specification Document, the exploitability metrics for CVSS are Attack Vector, Attack Complexity, Privileges Required, User Interaction, and Scope. These metrics measure how the vulnerability is accessed, the complexity of the attack, and the level of interaction and privileges required to exploit the vulnerability. The image shows a table with the values of these metrics for each system and vulnerability. Based on these values, the system “blane” has the highest exploitability score, as it has the most favorable conditions for an attacker. The other systems have either a lower attack vector, higher attack complexity, or lower availability, which make them less exploitable. Therefore, the system “blane” should be patched first.

A vulnerability scan report should include information about the affected hosts, such as their IP addresses, hostnames, operating systems, and services. It should also include a risk score for each vulnerability, which indicates the severity and potential impact of the vulnerability on the host and the organization. Official References:

The correct answer is A because SLOs — service-level objectives are measurable targets used to evaluate whether a service or process is meeting expected performance levels. When incident response is outsourced to a third party, SLOs help the organization measure whether the provider is meeting key performance expectations, such as detection time, response time, remediation time, and reporting quality.

Exact supporting extract: the Secbay CySA+ guide defines SLOs as specific, measurable targets set for the performance and reliability of a service or process. It also states that SLOs provide a framework for defining and measuring effectiveness, and that reporting on SLOs allows stakeholders to assess performance and make informed decisions.

The same guide explains that SLOs depict explicit measurements and may be set by a company or defined as part of a service-level agreement with a service provider. It also states that estimating whether SLOs are being met is a typical component of SLA management.

The official CySA+ objectives include SLOs under metrics and KPIs for reporting and communication.

Why the other options are incorrect:

B is incorrect because SLOs are performance targets, not a method for identifying hidden costs.

C is incorrect because SLOs may support risk management, but they do not directly calculate an objective risk score.

D is incorrect because risk appetite is a governance/risk-management concept, not the purpose of SLOs.

A is correct because SLOs allow the organization to measure third-party IR performance against defined KPIs.