2024年最新の検証済みCS0-002問題集と解答であなたを合格確定させるCompTIA CySA+試験解答! [Q17-Q34]

Share

2024年最新の検証済みCS0-002問題集と解答であなたを合格確定させるCompTIA CySA+試験解答!

CS0-002試験問題集で100%合格率CS0-002試験!

質問 # 17
While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).

  • A. Add a rule on the affected system to block access to port TCP/22.
  • B. Configure /etc/passwd to deny root logins and restart the SSHD service.
  • C. Add a rule on the perimeter firewall to block the source IP address.
  • D. Add a rule on the network IPS to block SSH user sessions
  • E. Reset the passwords for all accounts on the affected system.
  • F. Configure /etc/sshd_config to deny root logins and restart the SSHD service.

正解:C、E


質問 # 18
Which of the following describes the difference between intentional and unintentional insider threats'?

  • A. The risk factor will be the same
  • B. Their access levels will be different
  • C. The rate of occurrence will be the same
  • D. Their behavior will be different

正解:D

解説:
The difference between intentional and unintentional insider threats is their behavior. Intentional insider threats are malicious actors who deliberately misuse their access to harm the organization or its assets. Unintentional insider threats are careless or negligent users who accidentally compromise the security of the organization or its assets. Their access levels, risk factors, and rates of occurrence may vary depending on various factors, but their behavior is the main distinction. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 12; https://www.cisa.gov/sites/default/files/publications/Insider_Threat_Mitigation_Guide_508.pdf


質問 # 19
A cyber incident response team finds a vulnerability on a company website that allowed an attacker to inject malicious code into its web application. There have been numerous unsuspecting users visiting the infected page, and the malicious code executed on the victim's browser has led to stolen cookies, hijacked sessions, malware execution, and bypassed access control. Which of the following exploits is the attacker conducting on the company's website?

  • A. Cross-site scripting
  • B. Rootkit
  • C. Logic bomb
  • D. Privilege escalation

正解:A


質問 # 20
Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

  • A. Adjusting the web-browser settings to block ActiveX controls
  • B. Configuring a firewall to block traffic on ports that use ActiveX controls
  • C. Deploying HIPS to block malicious ActiveX code
  • D. Installing network-based IPS to block malicious ActiveX code

正解:C


質問 # 21
A reverse engineer was analyzing malware found on a retailer's network and found code extracting track data in memory.
Which of the following threats did the engineer MOST likely uncover?

  • A. Ransomware
  • B. Key logger
  • C. POS malware
  • D. Rootkit

正解:C


質問 # 22
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

  • A. hping3 is returning a false positive.
  • B. The routing tables for ping and hping3 were different.
  • C. The original ping command needed root permission to execute.
  • D. ICMP is being blocked by a firewall.

正解:D


質問 # 23
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

  • A. The From address is invalid.
  • B. The IP address was blacklisted.
  • C. The To address is invalid.
  • D. The IP address and the remote server name are the same.
  • E. The email originated from the www.spamfilter.org URL.

正解:B


質問 # 24
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

  • A. Line 3
  • B. Line 2
  • C. Line 6
  • D. Line 1
  • E. Line 5
  • F. Line 4

正解:B


質問 # 25
A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

  • A. Soliciting third-party audit reports on an annual basis
  • B. Maintaining and reviewing the organizational risk assessment on a quarterly basis
  • C. Completing a business impact assessment for all critical service providers
  • D. Utilizing DLP capabilities at both the endpoint and perimeter levels
  • E. Executing vendor compliance assessments against the organization's security controls
  • F. Executing NDAs prior to sharing critical data with third parties

正解:A、E


質問 # 26
A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?

  • A. Host IPs
  • B. Gateway settings
  • C. Reserved MACs
  • D. DNS routing tables

正解:C


質問 # 27
An organization has the following risk mitigation policies
* Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000
* Other nsk mitigation will be pnontized based on risk value.
The following risks have been identified:

Which of the following is the ordei of priority for risk mitigation from highest to lowest?

  • A. A, C, D, B
  • B. D, C, B, A
  • C. B, C, D, A
  • D. C, B, A, D
  • E. C. D, A, B

正解:D

解説:
The order of priority for risk mitigation from highest to lowest is C, B, A, D. This order is based on applying the risk mitigation policies of the organization. According to the first policy, risks without compensating controls will be mitigated first if the risk value is greater than $50,000. Risk C has no compensating controls and a risk value of $75,000, so it is the highest priority. Risk B also has no compensating controls, but a risk value of $40,000, so it is the second priority. According to the second policy, other risk mitigation will be prioritized based on risk value. Risk A has a risk value of $60,000 and a compensating control of encryption, so it is the third priority. Risk D has a risk value of $50,000 and a compensating control of backup power supply, so it is the lowest priority.


質問 # 28
An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

  • A. ITIL
  • B. CVSS
  • C. OpenVAS
  • D. SLA
  • E. Qualys

正解:B


質問 # 29
The security team has determined that the current incident response resources cannot meet management's objective to secure a forensic image for all serious security incidents within 24 hours. Which of the following compensating controls can be used to help meet management's expectations?

  • A. Outsourcing
  • B. Scheduled reviews
  • C. Separation of duties
  • D. Dual control

正解:A


質問 # 30
Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

  • A. Fuzzing
  • B. Network mapping
  • C. Penetration testing
  • D. Reverse engineering

正解:C


質問 # 31
As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?

  • A. Service-level agreements
  • B. Organizational policies
  • C. Legal requirements
  • D. Vendor requirements and contracts

正解:C


質問 # 32
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

  • A. Set the web page to redirect to an application support page when a bad password is entered.
  • B. Recognize that error messaging does not provide confirmation of the correct element of authentication
  • C. Avoid using password-based authentication for the application
  • D. Disable error messaging for authentication

正解:B


質問 # 33
Which of the following is MOST dangerous to the client environment during a vulnerability assessment penetration test?

  • A. The testing is outside the contractual scope
  • B. There is a shorter period of time to assess the environment
  • C. No status reports are included with the assessment.
  • D. There is a longer period of time to assess the environment.

正解:A

解説:
The testing is outside the contractual scope is the most dangerous to the client environment during a vulnerability assessment penetration test. A contractual scope defines the boundaries and limitations of the testing, such as the target systems, networks, applications, methods, techniques, tools, time frame, and deliverables. Testing outside the contractual scope can violate the agreement between the tester and the client and cause legal or ethical issues. Testing outside the contractual scope can also damage or disrupt the client environment by affecting systems, networks, applications, or data that are not authorized or intended for testing. Testing outside the contractual scope can also compromise the validity and reliability of the test results and recommendations. There is a longer period of time to assess the environment (A) is not necessarily dangerous to the client environment during a vulnerability assessment penetration test. A longer period of time can allow for more thorough and comprehensive testing and analysis of the vulnerabilities and risks in the client environment. However, a longer period of time can also increase the exposure and likelihood of detection by attackers or defenders. There is a shorter period of time to assess the environment is also not necessarily dangerous to the client environment during a vulnerability assessment penetration test. A shorter period of time can reduce the exposure and likelihood of detection by attackers or defenders. However, a shorter period of time can also limit the depth and breadth of testing and analysis of the vulnerabilities and risks in the client environment. No status reports are included with the assessment (D) is not dangerous to the client environment during a vulnerability assessment penetration test. Status reports are documents that provide updates on the progress and findings of the testing to the client or stakeholders. Status reports can help to communicate effectively and transparently with the client or stakeholders and address any issues or concerns that may arise during the testing. However, status reports do not directly affect the client environment or its security.


質問 # 34
......

あなたを余裕でCS0-002試験合格させます!100%高合格率保証:https://jp.fast2test.com/CS0-002-premium-file.html

試験問題集リアルCompTIA CySA+問題集で371解答を使おう:https://drive.google.com/open?id=1WMG8M4-F6WzGSbu9CdlBqrsyuMS0UGMD


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어