CompTIA Updated CS0-003 Exam Questions and Answers by daniella

Reimaging the device is the most effective way to eliminate persistent malware because some sophisticated malware, such as rootkits and firmware-level threats, can survive traditional scans and removals.

If a system keeps getting reinfected after cleaning, it may indicate a deeply embedded persistent threat, possibly in:

The Master Boot Record (MBR) or EFI firmware.

A compromised system restore point.

A hidden backdoor left by the malware.

Why Not Other Options?

A (Update and scan in safe mode) → Might help, but if malware is persistent, it will likely return.

C (Upgrade OS) → Does not necessarily remove malware; some malware survives OS upgrades.

D (Secondary scanner) → Useful for detection but does not guarantee complete removal.

Best Practice:

Replace the hard drive to eliminate firmware-level infections.

Reimage the system from a known-good source.

Update the OS and security patches before reconnecting to the network.

Wireshark is a network protocol analyzer that allows analysts to capture and inspect data packets traveling through a network. This makes it ideal for investigating unusual network activity, as it provides detailed insights into the nature and content of network traffic. In this case, Wireshark can help identify potentially malicious packets and understand the nature of the observed traffic. Options A (WAF) and C (EDR) are primarily used for monitoring and protecting web applications and endpoints, respectively, and Nmap (D) is typically used for network discovery and mapping, not detailed traffic analysis. According to CompTIA CySA+, packet analysis tools like Wireshark are invaluable for deep-dive investigations into network anomalies.

SQL injection is a type of attack that injects malicious SQL statements into a web application’s input fields or parameters, in order to manipulate or access the underlying database. The request shown in the image contains an SQL injection attempt, as indicated by the “UNION SELECT” statement, which is used to combine the results of two or more queries. The attacker is trying to extract information from the database by appending the malicious query to the original one

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. It can help security professionals understand, detect, and mitigate cyber threats by providing a comprehensive framework of TTPs.