CompTIAは2025年最新のCS0-002テスト解説(更新されたのは371問があります)
CS0-002試験問題集を提供していますCompTIA問題
CompTIA CS0-002 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 171
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?
- A. Avoid using password-based authentication for the application
- B. Recognize that error messaging does not provide confirmation of the correct element of authentication
- C. Disable error messaging for authentication
- D. Set the web page to redirect to an application support page when a bad password is entered.
正解:B
質問 # 172
A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:
Based on the output, which of the following services should be further tested for vulnerabilities?
- A. HTTP
- B. SMB
- C. SSH
- D. HTTPS
正解:B
質問 # 173
A product security analyst has been assigned to evaluate and validate a new products security capabilities Part ot the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint Which of the following BEST defines the activity being conducted?
- A. Stress testing
- B. Security regression testing
- C. Code review
- D. User acceptance testing
正解:B
質問 # 174
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:
Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
- A. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
- B. Examine the server logs for further indicators of compromise of a web application.
- C. Run kill -9 1325 to bring the load average down so the server is usable again.
- D. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
正解:B
質問 # 175
Portions of a legacy application are being refactored to discontinue the use of dynamic SQL Which of the following would be BEST to implement in the legacy application?
- A. SQL injection
- B. Web-application firewall
- C. Multifactor authentication
- D. Parameterized queries
- E. Input validation
正解:C
質問 # 176
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:
Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
- A. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
- B. Examine the server logs for further indicators of compromise of a web application.
- C. Run kill -9 1325 to bring the load average down so the server is usable again.
- D. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
正解:B
質問 # 177
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:
Which of the following should the analyst review to find out how the data was exfilltrated?
- A. Tuesday's logs
- B. Monday's logs
- C. Thursday's logs
- D. Wednesday's logs
正解:C
質問 # 178
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system.
After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?
- A. Array attack
- B. Injection attack
- C. Memory corruption
- D. Denial of service
正解:D
解説:
Reference: https://economictimes.indiatimes.com/definition/memory-corruption
質問 # 179
An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host
192.168.1.13 is shown below:
Which of the following statements is true?
- A. Running SSH on the Telnet port will now be sent across an unencrypted port.
- B. Running SSH on port 23 provides little additional security from running it on the standard port.
- C. The use of OpenSSH on its default secure port will supersede any other remote connection attempts.
- D. Remote SSH connections will automatically default to the standard SSH port.
- E. Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability
正解:B
質問 # 180
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

正解:
解説:
質問 # 181
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?
- A. Single sign-on
- B. Geofencing
- C. Reverse proxy
- D. IP restrictions
正解:B
解説:
Explanation/Reference: https://bluedot.io/library/what-is-geofencing/
質問 # 182
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
- A. email server that automatically deletes attached executables.
- B. firewall to block connection attempts to dynamic DNS hosts.
- C. IDS to match the malware sample.
- D. proxy to block all connections to <malwaresource>.
正解:C
質問 # 183
After running a packet analyzer on the network, a security analyst has noticed the following output:
Which of the following is occurring?
- A. A service discovery
- B. A port scan
- C. A ping sweep
- D. A network map
正解:B
質問 # 184
While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:
The analyst accesses the server console, and the following console messages are displayed:
The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:
Which of the following is the BEST step for the analyst to lake next in this situation?
- A. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.
- B. Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.
- C. Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.
- D. Load the network captures into a protocol analyzer to further investigate the communication with
128.30.100.23, as this may be a botnet command server
正解:D
質問 # 185
A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network Customers are not authorized to alter the configuration The company deployed a software process to manage unauthorized changes to the appliance log them, and forward them to a central repository for evaluation Which of the following processes is the company using to ensure the appliance is not altered from its ongmal configured state?
- A. CI/CD
- B. Software assurance
- C. Anti-tamper
- D. Change management
正解:D
解説:
Explanation
change management - process through which changes to the configuration of information systems are monitored and controlled. Each individual component should have a separate document or database record that describes its initial state and subsequent changes
質問 # 186
Due to a rise m cyberattackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally Which of the following countermeasures can BEST prevent the loss of customers' sensitive data?
- A. Implement multifactor authentication
- B. Implement privileged access management
- C. Add more security resources to the environment
- D. Implement a risk management process
正解:A
質問 # 187
Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring?
- A. Put employees' personal email accounts on the mail server on a blocklist.
- B. Set up IPS to scan for outbound emails containing names and contact information.
- C. Move outbound emails containing names and contact information to a sandbox for further examination.
- D. Configure the DLP transport rules to provide deep content analysis.
- E. Use Group Policy to prevent users from copying and pasting information into emails.
正解:D
解説:
Data loss prevention (DLP) is a set of policies and tools that aim to prevent unauthorized disclosure of sensitive data. DLP transport rules are rules that apply to email messages that are sent or received by an organization's mail server. These rules can provide deep content analysis, which means they can scan the content of email messages and attachments for sensitive data patterns, such as client lists or contact information. If a rule detects a violation of the DLP policy, it can take actions such as blocking, quarantining, or notifying the sender or recipient. This would improve security and help prevent sales team members from sending sensitive client lists to their personal accounts. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 14; https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/data-loss-prevention
質問 # 188
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection.
Which of the following is the BEST technical security control to mitigate this risk?
- A. Switch to the WPA2 protocol.
- B. Switch to 802 IX technology
- C. Switch to TACACS+ technology.
- D. Switch to RADIUS technology
正解:C
質問 # 189
......
CS0-002認定ガイドPDFは100%カバー率でリアル試験問題:https://jp.fast2test.com/CS0-002-premium-file.html
合格させるCS0-002レビューガイド、信頼され続けるCS0-002テストエンジン:https://drive.google.com/open?id=1WMG8M4-F6WzGSbu9CdlBqrsyuMS0UGMD