リアルCS0-002試験PDFテストエンジン 練習テスト問題 [Q148-Q172]

Share

リアルCS0-002試験PDFテストエンジン 練習テスト問題

CompTIA CS0-002リアル2025年最新のブレーン問題集で模擬試験問題集


CS0-002 試験は、セキュリティオペレーションセンター(SOC)、セキュリティ情報およびイベント管理(SIEM)システム、侵入検知および防止システム(IDPS)を使用するサイバーセキュリティアナリストを対象としています。この認定試験は、候補者がさまざまなツールや技術を使用してセキュリティインシデントや脅威を識別、分析、対応するスキルを試験することを目的としています。また、候補者がコンプライアンスおよびアセスメントの方法論に関する知識を示し、ステークホルダーと効果的にコミュニケーションをとる能力を試験します。

 

質問 # 148
In web application scanning, static analysis refers to scanning:

  • A. the compiled code of the application to detect possible issues.
  • B. an application that is installed on a system that is assigned a static IP.
  • C. the system for vulnerabilities before installing the application.
  • D. an application that is installed and active on a system.

正解:C


質問 # 149
A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

  • A. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
  • B. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
  • C. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port
  • D. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
  • E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking

正解:C、D


質問 # 150
As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data.
Which of the following types of testing is being performed?

  • A. Stress testing
  • B. Regression testing
  • C. Input validation
  • D. Fuzzing

正解:D


質問 # 151
Which of the following BEST describes what an organizations incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

  • A. The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.
  • B. The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.
  • C. The disclosure section should include the names and contact information of key employees who are needed for incident resolution
  • D. The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening m the future.

正解:A


質問 # 152
Which of the following can detect vulnerable third-parly libraries before code deployment?

  • A. Impact analysis
  • B. Dynamic analysis
  • C. Static analysis
  • D. Protocol analysis

正解:C

解説:
Static analysis is a method of analyzing the source code or binary code of an application without executing it. Static analysis can detect vulnerable third-party libraries before code deployment by scanning the code for references to known vulnerable libraries or versions and reporting any issues or risks12.
Impact analysis is a process of assessing the potential effects of a change on a system or service, such as performance, availability, security and compatibility. Impact analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to evaluate and communicate the consequences of a change.
Dynamic analysis is a method of analyzing the behavior or performance of an application by executing it under various conditions or inputs. Dynamic analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to identify any errors or defects that occur at runtime.
Protocol analysis is a method of examining the data exchanged between devices or applications over a network by capturing and interpreting the packets or messages. Protocol analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to monitor and troubleshoot network communication.


質問 # 153
An analyst performs a routine scan of a host using Nmap and receives the following output:

Which of the following should the analyst investigate FIRST?

  • A. Port 21
  • B. Port 23
  • C. Port 22
  • D. Port 80

正解:A


質問 # 154
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

  • A. A firewall rule that will block traffic from the specific IP addresses
  • B. An IDS signature modification for the specific IP addresses
  • C. An IPS signature modification for the specific IP addresses
  • D. A firewall rule that will block port 80 traffic

正解:A


質問 # 155
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
* TLS 1.2 is the only version of TLS running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.




  • A. Part 1 Answer:
    Check on the following:
    AppServ1 is only using TLS.1.2
    AppServ4 is only using TLS.1.2
    AppServ1 is using Apache 2.4.18 or greater
    AppServ3 is using Apache 2.4.18 or greater
    AppServ4 is using Apache 2.4.18 or greater
    Part 2 answer:
    Recommendation:
    Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48
  • B. Part 1 Answer:
    Check on the following:
    AppServ1 is only using TLS.1.2
    AppServ4 is only using TLS.1.2
    AppServ1 is using Apache 2.4.18 or greater
    AppServ4 is using Apache 2.4.18 or greater
    Part 2 answer:
    Recommendation:
    Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48

正解:A


質問 # 156
An organization has a policy that requires dedicated user accounts to run programs that need elevated privileges. Users must be part of a group that allows elevated permissions. While reviewing security logs, an analyst sees the following:

Which of the following hosts violates the organizational policies?

  • A. ford
  • B. pacer
  • C. gremlin
  • D. lincoln

正解:D

解説:
The host "lincoln" violates the organizational policies that require dedicated user accounts to run programs that need elevated privileges. The log file shows that the user "ldavis" tried to run programs such as "su root", "sudo apache.bin", and "sudo grep" on the host "lincoln", which indicate attempts to gain elevated privileges or access sensitive files. The other hosts do not show any evidence of policy violation.


質問 # 157
Which of the following data security controls would work BEST to prevent real Pll from being used in an organization's test cloud environment?

  • A. Digital rights management
  • B. Encryption
  • C. Data loss prevention
  • D. Access control
  • E. Data masking

正解:E

解説:
Explanation
Data masking is a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed-for example, in user training, sales demos, or software testing.


質問 # 158
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

  • A. DST 172.10.45.5.
  • B. DST 175.35.20.5.
  • C. DST 138.10.25.5.
  • D. DST 172.10.3.5.
  • E. DST 138.10.2.5.

正解:D


質問 # 159
A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further in investigation?

  • A. Timeline construction
  • B. File cloning
  • C. Data carving
  • D. Reverse engineering

正解:D

解説:
Reverse engineering is a process of analyzing a system or a component to understand how it works and how it was made. Reverse engineering can be used to examine malicious processes captured from memory and determine their functionality, origin, and purpose. Reverse engineering can help identify the type of malware, its infection vector, its capabilities, its communication methods, and its indicators of compromise2


質問 # 160
A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:

Office 365 User.
It looks like you account has been locked out Please click this <a href=Tittp7/accountfix-office356 com/login php">link</a> and follow the pfompts to restore access Regards.
Security Team
Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?

  • A. telnet office365.com 25
  • B. curl http:// accountfix-office365.com/login. php
  • C. tracert 122.167.40.119
  • D. nslookup accountfix-office365.com

正解:D


質問 # 161
An analyst performs a routine scan of a host using Nmap and receives the following output:

Which of the following should the analyst investigate FIRST?

  • A. Port 21
  • B. Port 23
  • C. Port 22
  • D. Port 80

正解:B


質問 # 162
A security analyst needs to reduce the overall attack surface.
Which of the following infrastructure changes should the analyst recommend?

  • A. Air gap sensitive systems.
  • B. Implement a honeypot.
  • C. Increase the network segmentation.
  • D. Implement a cloud-based architecture.

正解:C


質問 # 163
A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

  • A. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.
  • B. Shut down the system to prevent further degradation of the company network
  • C. Reimage the machine to remove the threat completely and get back to a normal running state.
  • D. Run an anti-malware scan on the system to detect and eradicate the current threat
  • E. Start a network capture on the system to look into the DNS requests to validate command and control traffic.

正解:D


質問 # 164
An analyst is responding to an incident within a cloud infrastructure Based on the logs and traffic analysis, the analyst thinks a container has been compromised Which of the following should Ihe analyst do FIRST?

  • A. Contact law enforcement to report the incident
  • B. Perform threat hunting in other areas of the cloud infrastructure
  • C. Perform a root cause analysis on the container and the service logs
  • D. Isolate the container from production using a predefined policy template

正解:D

解説:
The analyst should isolate the container from production using a predefined policy template first. Isolating the container is a containment measure that can help prevent the spread of the compromise to other containers or systems in the cloud infrastructure. Containment is an important step in the incident response process, as it can limit the impact and damage of an incident. Using a predefined policy template can help automate and standardize the isolation process, ensuring that it is done quickly and consistently1.


質問 # 165
An organization supports a large number of remote users. Which of the following is the BEST option to protect the data on the remote users1 laptops?

  • A. Require the use of VPNs.
  • B. implement a DLP solution.
  • C. Require employees to sign an NDA.
  • D. Use whole disk encryption.

正解:D


質問 # 166
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

  • A. An attacker was attempting to download files via a remote command execution vulnerability
  • B. An attacker was attempting to perform an XSS attack via a vulnerable third-party library.
  • C. An attacker was attempting to perform a DoS attack against the server.
  • D. An attacker was attempting to perform a buffer overflow attack to execute a payload in memory.

正解:A

解説:
Bin /Bash in this log. looks like reverse shell and definately remote command exacution and downloading something.


質問 # 167
A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords.
Which of the following should the analyst implement?

  • A. Single sign-on
  • B. Context-based authentication
  • C. Password complexity
  • D. Self-service password reset

正解:B


質問 # 168
Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.
INSTRUCTIONS
Review the information provided and determine the following:
1. How many employees clicked on the link in the phishing email?
2. On how many workstations was the malware installed?
3. What is the executable file name or the malware?

正解:

解説:
see the explanation.
Explanation
Select the following answer as per diagram below.


質問 # 169
A cybersecurity analyst is contributing to a team hunt on an organization's endpoints.
Which of the following should the analyst do FIRST?

  • A. Perform a process analysis.
  • B. Profile the threat actors and activities.
  • C. Establish a hypothesis.
  • D. Write detection logic.

正解:C

解説:
Explanation/Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting


質問 # 170
While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.
The threat intelligence analyst states that related sites were not visited but were searched for in a search engine.
Which of the following MOST likely happened in this situation?

  • A. The analyst is not using the standard approved browser.
  • B. The analyst has prefetch enabled on the browser in use.
  • C. The alert in unrelated to the analyst's search.
  • D. The analyst accidently clicked a link related to the indicator.

正解:B


質問 # 171
A security analyst receives an alert from the SIEM about a possible attack happening on the network The analyst opens the alert and sees the IP address of the suspected server as 192.168.54.66. which is part of the network 192 168 54 0/24. The analyst then pulls all the command history logs from that server and sees the following

Which of the following activities is MOST likely happening on the server?

  • A. Fuzzing
  • B. A vulnerability scan
  • C. A MITM attack
  • D. Enumeration

正解:C


質問 # 172
......

最速準備で試験合格!CS0-002問題の事前予備:https://jp.fast2test.com/CS0-002-premium-file.html

リリースCompTIA CS0-002更新された問題PDF:https://drive.google.com/open?id=1APtVPIhBYhMLmPRfun4PFdlLyG5974J3


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어