[2025年03月22日]CPTIA問題集PDFとテストエンジン 試験問題 [Q46-Q68]

Share

[2025年03月22日]CPTIA問題集PDFとテストエンジン 試験問題

検証済みのCPTIAテスト問題集と解答で正確な137問題解答あります

質問 # 46
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

  • A. Known knowns
  • B. Known unknowns
  • C. Unknown unknowns
  • D. Unknowns unknown

正解:B

解説:
The "known unknowns" stage in cyber-threat intelligence refers to the phase where an analyst has identified threats but the specific details, implications, or full nature of these threats are not yet fully understood.
Michael, in this scenario, has obtained information on threats and is in the process of analyzing this information to understand the nature of the threats better. This stage involves analyzing the known data to uncover additional insights and fill in the gaps in understanding, thereby transitioning the "unknowns" into
"knowns." This phase is critical in threat intelligence as it helps in developing actionable intelligence by deepening the understanding of the threats faced.References:
* "Intelligence Analysis: A Target-Centric Approach," by Robert M. Clark
* "Structured Analytic Techniques for Intelligence Analysis," by Richards J. Heuer Jr. and Randolph H.
Pherson


質問 # 47
An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.
Which of the following sources will help the analyst to collect the required intelligence?

  • A. Human, social media, chat rooms
  • B. OSINT, CTI vendors, ISAO/ISACs
  • C. Campaign reports, malware, incident reports, attack group reports, human intelligence
  • D. Active campaigns, attacks on other organizations, data feeds from external third parties

正解:B

解説:
For gathering strategic threat intelligence that provides a high-level overview of the current cybersecurity posture, potential financial impacts of cyber activities, and overarching threats, sources such as Open Source Intelligence (OSINT), Cyber Threat Intelligence (CTI) vendors, and Information Sharing and Analysis Organizations (ISAOs)/Information Sharing and Analysis Centers (ISACs) are invaluable. OSINT involves collecting data from publicly available sources, CTI vendors specialize in providing detailed threat intelligence services, and ISAOs/ISACs facilitate the sharing of threat data within specific industries or communities. These sources can provide broad insights into threat landscapes, helping organizations understand how to align their cybersecurity strategies with current trends and threats.References:
* "Cyber Threat Intelligence: Sources and Methods," by Max Kilger, Ph.D., SANS Institute Reading Room
* "Open Source Intelligence (OSINT): An Introduction to the Basic Concepts and the Potential Benefits for Information Security," by Kevin Cardwell, IEEE Xplore


質問 # 48
What is the correct sequence of steps involved in scheduling a threat intelligence program?
1. Review the project charter
2. Identify all deliverables
3. Identify the sequence of activities
4. Identify task dependencies
5. Develop the final schedule
6. Estimate duration of each activity
7. Identify and estimate resources for all activities
8. Define all activities
9. Build a work breakdown structure (WBS)

  • A. 1-->9-->2-->8-->3-->7-->4-->6-->5
  • B. 3-->4-->5-->2-->1-->9-->8-->7-->6
  • C. 1-->2-->3-->4-->5-->6-->9-->8-->7
  • D. 1-->2-->3-->4-->5-->6-->7-->8-->9

正解:A

解説:
The correct sequence for scheduling a threat intelligence program involves starting with the foundational steps of defining the project scope and objectives, followed by detailed planning and scheduling of tasks. The sequence starts with reviewing the project charter (1) to understand the project's scope, objectives, and constraints. Next, building a Work Breakdown Structure (WBS) (9) helps in organizing the team's work into manageable sections. Identifying all deliverables (2) clarifies the project's outcomes. Defining all activities (8) involves listing the tasks required to produce the deliverables. Identifying the sequence of activities (3) and estimating resources (7) and task dependencies (4) sets the groundwork for scheduling. Estimating the duration of each activity (6) is critical before developing the final schedule (5), which combines all these elements into a comprehensive plan. This approach ensures a structured and methodical progression from project initiation to execution.References:
* "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," Project Management Institute
* "Cyber Intelligence-Driven Risk," by Intel471


質問 # 49
In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?

  • A. Incident recording and assignment
  • B. Notification
  • C. Incident triage
  • D. Containment

正解:C

解説:
Incident triage is the phase in the incident handling and response process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is critical for determining the severity of incidents and deciding on the allocation of resources for effective response. It involves initial analysis to understand the nature of the incident, its impact, and urgency, which guides the subsequent response actions.
References:The incident triage phase is a foundational concept in the CREST CPTIA curriculum, emphasizing the importance of a structured approach to responding to security incidents, ensuring that resources are focused where they are needed most.


質問 # 50
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

  • A. Alison should use https://archive.org to extract the required website information.
  • B. Alison should run the Web Data Extractor tool to extract the required website information.
  • C. Alison should use SmartWhois to extract the required website information.
  • D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

正解:A

解説:
To retrieve historical information about a company's website, including content that may have been removed or altered, Alison should use the Internet Archive's Wayback Machine, accessible athttps://archive.org. The Wayback Machine is a digital archive of the World Wide Web and other information on the Internet, providing free access to snapshots of websites at various points in time. This tool is invaluable for researchers and analysts looking to understand the evolution of a website or recover lost information.References:
* "Using the Wayback Machine for Cybersecurity Research," Internet Archive Blogs
* "Digital Forensics with the Archive's Wayback Machine," by Jeff Kaplan, Internet Archive


質問 # 51
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. Heacquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?

  • A. Proactive surveillance feeds
  • B. External intelligence feeds
  • C. CSV data feeds
  • D. Internal intelligence feeds

正解:D

解説:
Internal intelligence feeds are derived from data and information collected within an organization's own networks and systems. Jian's activities, such as real-time assessment of system activities and acquiring feeds from honeynets, P2P monitoring, infrastructure, and application logs, fall under the collection of internal intelligence feeds. These feeds are crucial for identifying potential threats and vulnerabilities within the organization and form a fundamental part of a comprehensive threat intelligence program. They contrast with external intelligence feeds, which are sourced from outside the organization and include information on broader cyber threats, trends, and TTPs of threat actors.References:
* "Building an Intelligence-Led Security Program" by Allan Liska
* "Threat Intelligence: Collecting, Analysing, Evaluating" by M-K. Lee, L. Healey, and P. A. Porras


質問 # 52
Which of the following encoding techniques replaces unusual ASCII characters with
"%" followed by the character's two-digit ASCII code expressed in hexadecimal?

  • A. Unicode encoding
  • B. Base64 encoding
  • C. HTML encoding
  • D. URL encoding

正解:D

解説:
URL encoding, also known as percent-encoding, is a mechanism for encoding information in a Uniform Resource Identifier (URI) under certain circumstances. This technique involves replacing unsafe ASCII characters with a "%" followed by two hexadecimal digits that represent the character's ASCII code. This is necessary for embedding characters that are not allowed in URLs directly, such as spaces and symbols, or characters that have special meanings within URLs, ensuring that the URL is correctly interpreted by web browsers and servers.
References:The concept of URL encoding is fundamental to web application security, a topic that is covered in the CREST CPTIA program by EC-Council. Understanding encoding techniques is crucial for incident handlers dealing with web-based attacks and investigations.


質問 # 53
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

  • A. Normalization
  • B. Convenience sampling
  • C. Data visualization
  • D. Sandboxing

正解:A

解説:
Normalization in the context of data analysis refers to the process of organizing data to reduce redundancy and improve efficiency in storing and sharing. By filtering, tagging, and queuing, Miley is effectively normalizing the data-converting it from various unstructured formats into a structured, more accessible format. This makes the data easierto analyze, store, and share. Normalization is crucial in cybersecurity and threat intelligence to manage the vast amounts of data collected and ensure that only relevant data is retained and analyzed. This technique contrasts with sandboxing, which is used for isolating and analyzing suspicious code; data visualization, which involves representing data graphically; and convenience sampling, which is a method of sampling where samples are taken from a group that is conveniently accessible.References:
* "The Application of Data Normalization to Database Security," International Journal of Computer Science Issues
* SANS Institute Reading Room, "Data Normalization Considerations in Cyber Threat Intelligence"


質問 # 54
Investigator Ian gives you a drive image to investigate. What type of analysis are you performing?

  • A. Dynamic
  • B. Live
  • C. Real-time
  • D. Static

正解:D

解説:
When Investigator Ian gives you a drive image to investigate, the type of analysis you are performing is static analysis. Static analysis involves examining the contents of a drive, file, or binary without executing the system or the application. It's about analyzing the data at rest. This type of analysis is crucial for forensics investigations because it allows for the examination of files, directories, and system information without altering any state or data, thereby preserving the integrity of the evidence. Static analysis is contrasted with dynamic analysis, which involves analyzing a system in operation (real-time or live) or executing the application to observe its behavior.References:Incident Handler (CREST CPTIA) courses and study guides highlight the importance of static analysis in digital forensics, detailing methods for examining disk images, files, and other digital artifacts to gather evidence without compromising its integrity.


質問 # 55
Tibson works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MS SQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack.
Identify the regular expression used by Tibson to detect SQL injection attack on MS SQL Server.

  • A. ((\.|%2E)(\.|%2E)(\/|%2F|\\|%5C))
  • B. ((\%3C)|<)((\%2F)|\/)*(script)((\%3E)|>)
  • C. ((\.\.\\)|(\.\.\/))
  • D. /exec(\s|\+)+(s|x)p\w+/ix

正解:D

解説:
The regular expression/exec(\s|\+)+(s|x)p\w+/ixis designed to match patterns that resemble SQL injection attempts, specifically targeting MS SQL Server. This expression looks for the use of theexeccommand followed by one or more spaces or plus signs, and then patterns that start withsporxp, which are prefixes commonly used in SQL Server stored procedures and extended stored procedures. These are often targeted in SQL injection attacks to execute malicious SQL statements. The regular expression provided is a tool used by incident responders like Tibson to identify and analyze potential SQL injection attempts by looking for suspicious patterns in SQL queries.


質問 # 56
An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.
What stage of the threat modeling is Mr. Andrews currently in?

  • A. Threat determination and identification
  • B. Threat ranking
  • C. Threat profiling and attribution
  • D. System modeling

正解:C

解説:
During the threat modeling process, Mr. Andrews is in the stage of threat profiling and attribution, where he is collecting important information about the threat actor and characterizing the analytic behavior of the adversary. This stage involves understanding the technological details, goals, motives, and potential capabilities of the adversaries, which is essential for building effective countermeasures. Threat profiling and attribution help in creating a detailed picture of the adversary, contributing to a more focused and effective defense strategy.References:
* "The Art of Threat Profiling," by John Pirc, SANS Institute Reading Room
* "Threat Modeling: Designing for Security," by Adam Shostack


質問 # 57
For analyzing the system, the browser data can be used to access various credentials.
Which of the following tools is used to analyze the history data files in Microsoft Edge browser?

  • A. BrowsingHistoryView
  • B. ChromeHistoryView
  • C. MZCacheView
  • D. MZHistoryView

正解:A

解説:
BrowsingHistoryView is a tool designed to collect and analyze history data from various web browsers, including Microsoft Edge. It allows users to view the browsing history stored by their browsers in one unified interface. This includes URLs visited, page titles, visit times, and the number of visits to each page. While ChromeHistoryView is specific to Google Chrome, BrowsingHistoryView supports multiple browsers, making it versatile for analyzing history data across different platforms. MZCacheView and MZHistoryView do not exist as tools recognized for this purpose in the context of Microsoft Edge or other browser history analysis.References:Incident Handler (CREST CPTIA) courses and study guides emphasize the importance of using digital forensic tools, such as BrowsingHistoryView, for analyzing web browser data during investigations.


質問 # 58
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?

  • A. Financial services
  • B. Hacking forums
  • C. Social network settings
  • D. Job sites

正解:B

解説:
Alice, looking to gather information on emerging threats including attack methods, tools, and post-attack techniques, should turn to hacking forums. These online platforms are frequented by cybercriminals and security researchers alike, where information on the latest exploits, malware, and hacking techniques is shared and discussed. Hacking forums can provide real-time insights into the tactics, techniques, and procedures (TTPs) used by threat actors, offering a valuable resource for threat intelligence analysts aiming to enhance their organization's defenses.References:
* "Hacking Forums: A Ground for Cyber Threat Intelligence," by Digital Shadows
* "The Value of Hacking Forums for Threat Intelligence," by Flashpoint


質問 # 59
What is the most recent NIST standard for incident response?

  • A. 800-61r2
  • B. 800-61r3
  • C. 800-53r3
  • D. 800-171r2

正解:A

解説:
As of my last update, the most recent NIST standard for incident response was NIST Special Publication 800-
61 Revision 2 (800-61r2), titled "Computer Security Incident Handling Guide." This document provides guidelines for establishing an effective incident response program, including preparation, detection and analysis, containment, eradication, recovery, and post-incident activity.
References:The document is a key resource in the field of incident response, frequently cited in the CREST CPTIA curriculum for its comprehensive guidelines on managing and responding to cybersecurity incidents.


質問 # 60
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

  • A. Bandwidth attack
  • B. MAC spoofing attack
  • C. Distributed Denial-of-Service (DDoS) attack
  • D. DHCP attacks

正解:C

解説:
The attack described, where multiple connection requests from different geo-locations are received by a server within a short time span leading to stress and reduced performance, is indicative of a Distributed Denial-of-Service (DDoS) attack. In a DDoS attack, the attacker floods the target's resources (such as a server) with excessive requests from multiple sources, making it difficult for the server to handle legitimate traffic, leading to degradation or outright unavailability of service. The use of multiple geo-locations for the attack sources is a common characteristic of DDoS attacks, making them harder to mitigate.References:
* "Understanding Denial-of-Service Attacks," US-CERT
* "DDoS Quick Guide," DHS/NCCIC


質問 # 61
Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS). In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?

  • A. The customer
  • B. The PaaS provider
  • C. Your company
  • D. Building management

正解:C

解説:
In the scenario where your company sells Software as a Service (SaaS) and is hosted on the cloud using it as a Platform as a Service (PaaS), your company is responsible for eradicating malware in your customer's database. This is because, as the SaaS provider, your company manages the software and is responsible for its security and maintenance, including the databases that store customer data. While the PaaS provider is responsible for the underlying infrastructure, platform, and possibly some middleware security aspects, the application layer security, including data and application management, falls to the SaaS provider. Building management wouldnot be involved in digital security matters, and while customers are responsible for their data, the actual software maintenance and security in a SaaS model are the provider's responsibility.
References:Incident Handler (CREST CPTIA) certification materials often discuss cloud service models (IaaS, PaaS, SaaS) and their associated security responsibilities, highlighting the importance of understanding who is responsible for what in cloud environments.


質問 # 62
Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.
What mistake Sam did that led to this situation?

  • A. Sam used unreliable intelligence sources.
  • B. Sam used data without context.
  • C. Sam did not use the proper standardization formats for representing threat data.
  • D. Sam did not use the proper technology to use or consume the information.

正解:A

解説:
Sam's mistake was using threat intelligence from sources that he did not verify for reliability. Relying on intelligence from unverified or unreliable sources can lead to the incorporation of inaccurate, outdated, or irrelevant information into the organization's threat intelligence program. This can result in "noise," which refers to irrelevant or false information that can distract from real threats, and potentially put the organization's network at risk. Verifying the credibility and reliability of intelligence sources is crucial to ensure that the data used for making security decisions is accurate and actionable.References:
* "Best Practices for Threat Intelligence Sharing," by FIRST (Forum of Incident Response and Security Teams)
* "Evaluating Cyber Threat Intelligence Sources," by Jon DiMaggio, SANS Institute InfoSec Reading Room


質問 # 63
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

  • A. Distributed storage
  • B. Cloud storage
  • C. Object-based storage
  • D. Centralized storage

正解:D

解説:
Centralized storage architecture refers to a system where data is stored in a localized system, server, or storage hardware. This type of storage is capable of holding a limited amount of data in its database and is locally available for data usage. Centralized storage is commonly used in smaller organizations or specific departments within larger organizations where the volume of data is manageable and does not require the scalability offered by distributed or cloud storage solutions. Centralized storage systems simplify data management and access but might present challenges in terms of scalabilityand data recovery.References:
* "Data Storage Solutions for Your Business: Centralized vs. Decentralized," Techopedia
* "The Basics of Centralized Data Storage," by Margaret Rouse, SearchStorage


質問 # 64
Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform memory dump analysis?

  • A. iNetSim
  • B. OllyDbg and IDA Pro
  • C. Scylla and OllyDumpEx
  • D. Procmon and ProcessExplorer

正解:C

解説:
For memory dump analysis, tools like Scylla and OllyDumpEx are more suited. These tools are designed to analyze and extract information from memory dumps, which can be crucial for understanding the state of a system at the time of an incident. Scylla is used for reconstructing imports in dumped binaries, while OllyDumpEx is an OllyDbg plugin used for dumping process memory. Both tools are valuable for incident handlers like Rinni who are performing memory dump analysis to uncover evidence or understand the behavior of malicious software.


質問 # 65
Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

  • A. VAST
  • B. OCTAVE
  • C. DREAD
  • D. TRIKE

正解:B

解説:
The threat modeling methodology employed by Lizzy, which involves building asset-based threat profiles, identifying infrastructure vulnerabilities, and developing security strategies and plans, aligns with the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) methodology. OCTAVE focuses on organizational risk and security practices, emphasizing self-directed risk assessments to identify and prioritize threats to organizational assets and develop appropriate security strategies and plans. This methodology is asset-driven and revolves around understanding critical assets, identifying threats to those assets, and assessing vulnerabilities, leading to the development of a comprehensive security strategy.
References:
* The CERT Guide to System and Network Security Practices by Julia H. Allen
* "OCTAVE Method Implementation Guide Version 2.0," Carnegie Mellon University, Software Engineering Institute


質問 # 66
Which of the following GPG18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?

  • A. Principle 2
  • B. Principle 7
  • C. Principle 5
  • D. Principle 3

正解:C

解説:
The GPG18 and Forensic readiness planning (SPF) principles outline various guidelines to enhance an organization's readiness for forensic investigation and response. Principle 5, which suggests that organizations should adopt a scenario-based Forensic Readiness Planning approach that learns from experience gained within the business, emphasizes the importance of being prepared for a wide range of potential incidents by leveraging lessons learned from past experiences. This approach helps in continuously improving forensic readiness and response capabilities by adapting to the evolving threat landscape and organizational changes.
References:While specific documentation from GPG18 and SPF might detail these principles, the CREST CPTIA program by EC-Council covers the concept of forensic readiness planning, including adopting scenario-based approaches and learning from past incidents as a fundamental aspect of enhancing an organization's incident response and forensic capabilities.


質問 # 67
Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?

  • A. Yesware
  • B. Zendio
  • C. Email Dossier
  • D. G Suite Toolbox

正解:C

解説:
Email Dossier is a tool designed to assist in the investigation of email incidents by analyzing and validating email headers and providing detailed information about the origin, routing, and authenticity of an email.
When Michael is tasked with handling an email incident and needs to check the validity of an email received from an unknown source, Email Dossier can be utilized to trace the email's path, assess its credibility, and identify potential red flags associated with phishing or other malicious email-based attacks.
References:The CREST CPTIA curriculum emphasizes the importance of tools and techniques for email incident handling, including the use of Email Dossier for investigating suspicious emails and aiding in the response to email-based threats.


質問 # 68
......

CREST CPTIAテストエンジンPDFで完全版無料問題集:https://jp.fast2test.com/CPTIA-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어