無料更新されたCompTIA CS0-002テストエンジン問題には371問あります [Q17-Q36]

Share

無料更新されたCompTIA CS0-002テストエンジン問題には371問あります

ベストな問題集を使おうCompTIA CySA+ CS0-002専門試験問題

質問 # 17
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two
compromised devices.
Which of the following should be used to identify the traffic?

  • A. Disk imaging
  • B. Carving
  • C. Memory dump
  • D. Hashing
  • E. Packet analysis

正解:E


質問 # 18
A security analyst is reviewing the network security monitoring logs listed below:

Which of the following is the analyst MOST likely observing? (Select TWO).

  • A. 10.1.1.129 sent non-malicious requests, and the alert is a false positive.
  • B. 10.1.1.128 sent malicious requests, and the alert is a false positive.
  • C. 10.1.1.129 sent potential malicious requests to the web server.
  • D. 10.1.1 .129 successfully exploited a vulnerability on the web server.
  • E. 10.1.1.128 sent potential malicious traffic to the web server.

正解:B、D


質問 # 19
The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router. The company currently uses the same device
mentioned in the threat report. Which of the following configuration changes would BEST improve the organization's security posture?

  • A. Implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability
  • B. Implement an IDS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability
  • C. Implement an IPS rule that contains the IP addresses from the advanced persistent threat and patch the routers to protect against the vulnerability
  • D. Implement an IDS rule that contains content for the malware variant and patch the routers to protect against the vulnerability

正解:A


質問 # 20
The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

  • A. Brute-force attack
  • B. PCAP data collection
  • C. Wireless access point discovery
  • D. Rainbow attack

正解:D


質問 # 21
A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?

  • A. False positive
  • B. False negative
  • C. True positive
  • D. True negative

正解:A

解説:
A false positive is a condition in which harmless traffic is classified as a potential network attack by a NIDS. A NIDS is a network intrusion detection system that monitors network traffic for any signs of malicious or anomalous activity. A false positive can result in unnecessary alerts or actions by the NIDS, such as blocking legitimate traffic or generating false alarms. False positives can be caused by various factors, such as misconfigured rules, outdated signatures, noisy network traffic or benign anomalies3 .


質問 # 22
After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

  • A. File carving
  • B. Metadata analysis
  • C. Data recovery
  • D. Header analysis

正解:A


質問 # 23
A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics, cloned the hard drive, and took the hard drive home for further analysis. Which of the following did the security analyst violate?

  • A. Cloning procedures
  • B. Virtualization
  • C. Hashing procedures
  • D. Chain of custody

正解:D


質問 # 24
While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

  • A. Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.
  • B. Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.
  • C. Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server
  • D. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

正解:B

解説:
Cryptomining malware, or cryptojacking, is a type of malware that hides on a device and uses its computing resources to mine for valuable online currencies like Bitcoin. Cryptomining malware can cause performance issues, increased energy consumption, overheating, or hardware damage1 The analyst encountered cryptomining malware on the web server, as indicated by the following signs:
The analyst was unable to log in remotely or on the console, as the malware blocked access to prevent detection or removal.
The console messages showed that the server was running out of memory and CPU resources, as the malware consumed all available resources for mining.
The network captures showed many packets with a signature of "Stratum", which is a protocol used for communication between miners and mining pools2 The best step for the analyst to take next is to reboot the server and disable any cron jobs or startup scripts that start the mining software. This can help stop the mining activity and restore access to the server. The analyst should also scan the server for any other traces of malware and remove them.


質問 # 25
A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:
* The partners' PCs must not connect directly to the laboratory network.
* The tools the partners need to access while on the laboratory network must be available to all partners
* The partners must be able to run analyses on the laboratory network, which may take hours to complete
Which of the following capabilities will MOST likely meet the security objectives of the request?

  • A. Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis
  • B. Deployment of a jump box to allow access to the Laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis
  • C. Deployment of a firewall to allow access to the laboratory network and use of VDI In persistent mode to provide the necessary tools for analysis
  • D. Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools tor analysis

正解:C


質問 # 26
An analyst receives artifacts from a recent Intrusion and is able to pull a domain, IP address, email address, and software version. When of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

  • A. Capabilities
  • B. Adversary
  • C. Infrastructure
  • D. Victims

正解:B


質問 # 27
A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating dat a. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

  • A. Port security
  • B. Sinkholing
  • C. Data loss prevention
  • D. IDS signatures

正解:D


質問 # 28
The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

  • A. Configure the IPS with rules that will detect common malware signatures traveling from the guest network.
  • B. Require the guest machines to install the corporate-owned EDR solution.
  • C. Configure NAC to only allow machines on the network that are patched and have active antivirus.
  • D. Place a firewall In between the corporate network and the guest network

正解:C


質問 # 29
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.
Which of the following should the analyst do NEXT?

  • A. Perform a factory reset on the affected mobile device.
  • B. Encrypt the binaries using an authenticated AES-256 mode of operation.
  • C. Compute SHA-256 hashes for each binary.
  • D. Inspect the permissions manifests within each application.
  • E. Decompile each binary to derive the source code.

正解:B


質問 # 30
While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:
* All sensitive data must be classified
* All sensitive data must be purged on a quarterly basis
* Certificates of disposal must remain on file for at least three years This framework control is MOST likely classified as:

  • A. prescriptive
  • B. preventive
  • C. risk-based
  • D. corrective

正解:A

解説:
prescrcriptiveitive. now look at definition of prescriptive. The definition of prescriptive is the imposition of rules, or something that has become established because it has been going on a long time and has become customary. A handbook dictating the rules for proper behavior is an example of something that would be described as a prescriptive handbookules are being implimented.
Preventative controls describe any security measure that's designed to stop unwanted or unauthorized activity from occurring. Examples include physical controls such as fences, locks, and alarm systems; technical controls such as antivirus software, firewalls, and IPSs; and administrative controls like separation of duties, data classification, and auditing. https://www.f5.com/labs/articles/education/what-are-security-controls


質問 # 31
A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

  • A. Geographic access requirements
  • B. Data masking procedures
  • C. Regular business impact analysis functions
  • D. Enhanced encryption functions

正解:A

解説:
Explanation
Data Sovereignty means that data is subject to the laws and regulations of the geographic location where that data is collected and processed. Data sovereignty is a country-specific requirement that data must remain within the borders of the jurisdiction where it originated. At its core, data sovereignty is about protecting sensitive, private data and ensuring it remains under the control of its owner. You're only worried about that if you're in multiple locations. . https://www.virtru.com/blog/gdpr-data-sovereignty-matters-globally


質問 # 32
Employees of a large financial company are continuously being Infected by strands of malware that are not detected by EDR tools. When of the following Is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?

  • A. Hard drive encryption
  • B. Network segmentation
  • C. Additional host firewall rules
  • D. VDI environment
  • E. Network access control
  • F. MFA on the workstations

正解:C


質問 # 33
A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository Which of the following will ensure the application is valid?

  • A. Hash the application's installation file and compare it to the hash provided by the vendor
  • B. Remove the user's system from the network to avoid collateral contamination
  • C. Ask the user to refresh the existing definition file for the antivirus software
  • D. Perform a malware scan on the file in the internal repository

正解:A


質問 # 34
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of Incident in the future?

  • A. Implement a UTM instead of a stateful firewall and enable gateway antivirus.
  • B. Establish a ransomware awareness program and implement secure and verifiable backups.
  • C. Back up the workstations to facilitate recovery and create a gold Image.
  • D. Virtualize all the endpoints with dairy snapshots of the virtual machines.

正解:B

解説:
Ransomware is a type of malware that encrypts the files or disks of a victim's device and demands a ransom for the decryption key. Ransomware can cause significant damage, disruption, and data loss for individuals and organizations. To prevent this type of incident in the future, the best strategy is to combine user education and data protection. A ransomware awareness program can help users recognize and avoid potential ransomware attacks, such as phishing emails, malicious attachments, or compromised websites. A secure and verifiable backup system can help users recover their data in case of a ransomware infection, without paying the ransom or relying on the attackers. A backup system should be regularly tested and updated, and stored offline or in a separate location from the original data.


質問 # 35
Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

  • A. Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection
  • B. Set up an FTP server that both companies can access and export the required financial data to a folder.
  • C. Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.
  • D. Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

正解:A


質問 # 36
......


CS0-002試験は、サイバーセキュリティ分析と対応に関する専門知識を実証したい専門家にとって優れた選択肢です。この認定は、米国国防総省によって認められており、政府および軍事組織における多くのサイバーセキュリティの役割のベースライン要件です。さらに、この認定は民間組織によって広く認識されており、サイバーセキュリティ業界でのキャリアを前進させたい専門家にとって貴重な資産です。

 

100%の合格率を試そう!更新されたのはCS0-002試験問題 [2025年更新]:https://jp.fast2test.com/CS0-002-premium-file.html

合格させるCS0-002試験にはリアル問題解答:https://drive.google.com/open?id=1APtVPIhBYhMLmPRfun4PFdlLyG5974J3


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어