CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 92 Topic 10 Discussion

CS0-003 Exam Topic 10 Question 92 Discussion:

Question #: 92

Topic #: 10

A security operations center analyst is reviewing a scan report and must prioritize items for remediation based on severity:

The Chief Information Security Officer requires the following:
• Encryption in transit
• Encryption at rest
• Encryption of customer data
Which of the following databases should the analyst remediate first?

Databaset

Database2

Database3

Database4

Get Premium CS0-003 Questions

Explanation

The CISO’s requirements prioritize protecting customer (sensitive) data with encryption both in transit and at rest. The database that violates the most critical requirements—especially for sensitive/customer data—should be remediated first.

Why Database4 is the highest priority

Sensitive data + no encryption in transit (Port 80): Port 80 indicates HTTP (clear-text), which means no encryption in transit. Secbay explicitly states: “HTTP is a clear-text protocol that is generally secured via an SSL/TLS tunnel to produce HTTPS transmission.”

Uses weak/unsupported TLS version (TLS 1.1) + sensitive data: Even if TLS is “listed,” TLS 1.1 is not considered acceptable in modern secure configurations. Secbay’s protocol acceptability list marks TLS 1.1 = No (not acceptable), while TLS 1.2/1.3 are acceptable.

Customer data must be encrypted in transit and at rest: Secbay provides the exact requirement-style statement: “The organization implements encryption for sensitive data both in transit and at rest… Sensitive customer data is encrypted…”

So Database4 is the most severe because it involves Sensitive (customer) data while failing the “encryption in transit” requirement (HTTP/80) and also relying on an unacceptable TLS version (1.1).

Why the other databases are lower priority

Database3: TLS 1.2 on 443 + encryption at rest enabled + sensitive data → it already meets the CISO requirements.

Database2: Port 80 (no transit encryption) and encryption at rest disabled, but the data type is proprietary, not explicitly customer/sensitive. It is still important, but Database4 is worse because it impacts sensitive/customer data.

Database1: Data type is public; while TLS 1.1 is weak, it does not violate the “customer data” requirement and is less severe than Database4’s clear-text transport for sensitive data.

References (CompTIA CySA+ CS0-003 documents / study guides used):

Secbay Press, CompTIA CySA+ Exam Prep Guide (CS0-003): encrypt sensitive customer data in transit and at rest

Secbay Press, CompTIA CySA+ Exam Prep Guide (CS0-003): HTTP is clear-text; TLS 1.1 not acceptable while TLS 1.2/1.3 are acceptable

Actual exam question for CompTIA CS0-003 exam by Dune82376 at May 24, 2026, 7:27:35 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 92 Topic 10 Discussion

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 92 Topic 10 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 92 Topic 10 Discussion

CompTIA CyberSecurity Analyst CySA+ Certification Exam CS0-003 Question # 92 Topic 10 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval