CompTIA CS0-002リアル試験問題テストエンジン問題集トレーニングには371問あります
CS0-002実際の問題解答PDFには100%カバー率リアル試験問題
CompTIA Cybersecurity Analyst(CySA +)認定は、コンピューティング技術産業協会(CompTIA)が提供するベンダー中立の認定です。CS0-002と指定された試験は、サイバーセキュリティ分析の分野で働くプロフェッショナルのスキルと知識を検証するために設計されています。この認定は、少なくとも4年間のサイバーセキュリティの経験を持ち、サイバーセキュリティ分析の専門知識を示すことでキャリアを進めたい個人を対象としています。
CySA+認定試験は、特定の技術ベンダーや製品に結び付けられていないベンダーニュートラルな認定試験です。これにより、異なる環境や技術で働くサイバーセキュリティ専門家にとって貴重な資格となります。また、この認定試験は米国国防総省(DoD)によって認められており、ISO 17024規格に準拠しているため、高品質の基準を満たしていることが保証されています。
質問 # 221
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.
Which of the following should the analyst do NEXT?
- A. Compute SHA-256 hashes for each binary.
- B. Encrypt the binaries using an authenticated AES-256 mode of operation.
- C. Decompile each binary to derive the source code.
- D. Inspect the permissions manifests within each application.
- E. Perform a factory reset on the affected mobile device.
正解:B
質問 # 222
An analyst receives an alert from the continuous-monitoring solution about unauthorized changes to the firmware versions on several field devices. The asset owners confirm that no firmware version updates were performed by authorized technicians, and customers have not reported any performance issues or outages.
Which Of the following actions would be BEST for the analyst to recommend to the asset owners to secure the devices from further exploitation?
- A. Change the passwords on the devices.
- B. Report the findings to the threat intel community.
- C. Implement BIOS passwords.
- D. Remove the assets from the production network for analysis.
正解:D
解説:
Explanation
If were referring to other devices, yes - Implement BIOS passwords before they are compromised. But the ones that were already compromised, they need to be removed from the system to avoid further exploitation.
Plus, if you put a password on there, the attacker may now have your password.
質問 # 223
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?
- A. Acceptable use policy
- B. Code of conduct policy
- C. Account management policy
- D. Password policy
正解:A
質問 # 224
A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.
Which of the following BEST describes the security analyst's goal?
- A. To optimize system performance
- B. To improve malware detection
- C. To create a system baseline
- D. To reduce the attack surface
正解:D
質問 # 225
An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?
- A. cat log xxd -r -p | egrep ' [0-9] {16}
- B. egrep ' (0-9) (16) ' log | xxdc
- C. cat log | xxd -r -p egrep '(0-9) (16)'
- D. egrep '(3(0-9)) (16) ' log
正解:C
質問 # 226
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:
FROM 192.168.1.20 A www.google.com 67.43.45.22
FROM 192.168.1.20 AAAA www.google.com 2006:67:AD:1FAB::102
FROM 192.168.1.43 A www.mail.com 193.56.221.99
FROM 192.168.1.2 A www.company.com 241.23.22.11
FROM 192.168.1.211 A www.uewiryfajfchfaerwfj.co 32.56.32.122
FROM 192.168.1.106 A www.whatsmyip.com 102.45.33.53
FROM 192.168.1.93 ARAA www.nbc.com 2002:10:976::1
FROM 192.168.1.78 A www.comptia.org 122.10.31.87
Which of the following most likely occurred?
- A. The attack caused an internal host to connect to a command and control server.
- B. The attack used encryption to obfuscate the payload and bypass detection by an IDS.
- C. The attack attempted to contact www.google.com to verify internet connectivity.
- D. The attack used an algorithm to generate command and control information dynamically.
正解:D
解説:
This is a technique that is commonly used by malware to evade detection and blocking by security tools. The malware generates random domain names that are used to communicate with the command and control server, which can change its IP address frequently. The domain names are usually long and nonsensical, such as www.uewiryfajfchfaerwfj.co in the log. The malware uses a predefined algorithm or a seed value to generate the same domain names as the server, so that they can find each other on the internet12.
質問 # 227
A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:
Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?
- A. The DMARC record does not have an SPF alignment tag.
- B. The DMARC record's DKIM alignment tag Is incorrectly configured.
- C. The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.
- D. The DMARC record's policy tag is incorrectly configured.
正解:A
質問 # 228
Which of the following are considered PII by themselves? (Select TWO).
- A. Employment start date
- B. Government ID
- C. Birth certificate
- D. Mother's maiden name
- E. Job title
- F. Employer address
正解:B、C
解説:
PII (Personally Identifiable Information) is any information that can be used to identify, contact, or locate a specific individual, either by itself or when combined with other information1. PII by itself is information that can uniquely identify an individual without any additional information. Examples of PII by itself are:
Government ID. A government ID is a number or code that is issued by a government authority to an individual for identification purposes. Examples of government IDs are social security numbers, passport numbers, driver's license numbers, etc. A government ID can uniquely identify an individual without any additional information.
Birth certificate. A birth certificate is a document that records the birth of an individual and contains information such as name, date of birth, place of birth, parents' names, etc. A birth certificate can uniquely identify an individual without any additional information.
Other examples of PII by itself are biometric data, DNA profile, fingerprints, etc. Examples of information that are not PII by themselves are:
Job title. A job title is a name or description of a position or role in an organization. A job title does not uniquely identify an individual without any additional information, as many individuals can have the same job title.
Employment start date. An employment start date is the date when an individual began working for an organization. An employment start date does not uniquely identify an individual without any additional information, as many individuals can have the same employment start date.
Employer address. An employer address is the location of an organization where an individual works. An employer address does not uniquely identify an individual without any additional information, as many individuals can work at the same employer address.
Mother's maiden name. A mother's maiden name is the surname that a woman had before she married. A mother's maiden name does not uniquely identify an individual without any additional information, as many individuals can have the same mother's maiden name.
Other examples of information that are not PII by themselves are gender, race, ethnicity, age, etc.
質問 # 229
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aonfrom the command line and receives the following output:
Which of the following lines indicates the computer may be compromised?
- A. Line 2
- B. Line 5
- C. Line 3
- D. Line 1
- E. Line 6
- F. Line 4
正解:F
質問 # 230
After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?
- A. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
- B. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer
- C. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
- D. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
正解:C
質問 # 231
A network attack that is exploiting a vulnerability in the SNMP is detected.
Which of the following should the cybersecurity analyst do FIRST?
- A. Apply the required patches to remediate the vulnerability.
- B. Temporarily block the attacking IP address.
- C. Escalate the incident to senior management for guidance.
- D. Disable all privileged user accounts on the network.
正解:A
解説:
Section: (none)
Explanation
質問 # 232
A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outside the company's headquarters. Which of the following presents the BEST solution to meet this goal?
- A. Set up a jump box for all help desk personnel to remotely access system resources.
- B. Open port 3389 on the firewall to the server to allow users to connect remotely.
- C. Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources.
- D. Use the company's existing web server for remote access and configure over port 8080.
正解:C
質問 # 233
A vulnerability analyst needs to identify all systems with unauthorized web servers on the
10.1.1.0/24 network. The analyst uses the following default Nmap scan:
nmap -sV -p 1-65535 10.1.1.0/24
Which of the following would be the result of running the above command?
- A. This scan identifies unauthorized servers.
- B. This scan probes all ports and returns open ones.
- C. This scan checks all TCP ports and returns versions.
- D. This scan checks all TCP ports.
正解:C
質問 # 234
A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?
- A. To create a design that simplifies the supporting network
- B. To complicate the network and frustrate a potential malicious attacker
- C. To reduce the attack surface of those systems by segmenting the network based on risk
- D. To reduce the number of IP addresses that are used on the network
正解:C
質問 # 235
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

正解:
解説:
質問 # 236
Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices.
The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?
- A. Endpoint detection and response
- B. Manual access reviews
- C. Multifactor authentication
- D. Role-based access control
正解:D
解説:
Explanation
RBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.
質問 # 237
Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:
- A. red learning.
- B. threat hunting.
- C. penetration testing.
- D. vulnerability scanning.
正解:B
質問 # 238
A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:
Which of the following options can the analyst conclude based on the provided output?
- A. The scanning job did not successfully complete due to an out of scope error
- B. The scanning job was successfully completed, and no vulnerabilities were detected
- C. The scanner executed a crawl process to discover pages to be assessed
- D. The scanning vendor used robots to make the scanning job faster
正解:C
解説:
The output shows the result of using OWASP ZAP's Spider tab after a vulnerability scan was completed. The Spider tab allows users to crawl web applications and discover pages and resources that can be assessed for vulnerabilities. The output shows that the scanner discovered various pages under different directories, such as /admin/, /blog/, /contact/, etc., as well as some parameters and forms that can be used for testing inputs and outputs. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 9; https://www.zaproxy.org/docs/desktop/start/features/spider/
質問 # 239
An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization's network and identify active hosts. An analyst sees the following output from a packet capture:
Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
- A. ttl=64 indicates the testing team is setting the time to live below the firewall's threshold
- B. 0 data bytes indicates the testing team is crafting empty ICMP packets
- C. flags=RA indicates the testing team is using a Christmas tree attack
- D. NO FLAGS are set indicates the testing team is using hping
正解:D
質問 # 240
The developers recently deployed new code to three web servers. A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.
If the venerability is not valid, the analyst must take the proper steps to get the scan clean.
If the venerability is valid, the analyst must remediate the finding.
After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.
INTRUCTIONS:
The simulation includes 2 steps.
Step1:Review the information provided in the network diagram and then move to the STEP 2 tab.

STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.
正解:
解説:
質問 # 241
A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?
- A. Implement strong authentication controls for all contractors
- B. Implement a secure supply chain program with governance
- C. Implement user behavior analytics for key staff members
- D. Implement blacklisting for IP addresses from outside the country
正解:B
解説:
Implementing a secure supply chain program with governance would be the best way to ensure the third-party service provider meets the requirement of only sourcing talent from its own country. A secure supply chain program is a set of policies, procedures, and controls that aim to protect the integrity and security of the products and services delivered by third-party vendors. A secure supply chain program can help mitigate the risks of geopolitical and national security interests by verifying the origin, identity, and trustworthiness of the vendors and their employees1. Governance is a key component of a secure supply chain program, as it provides oversight, accountability, and enforcement of the policies and procedures.
質問 # 242
A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques'?
- A. ITIL
- B. Kill chain
- C. MITRE ATT&CK
- D. Diamond Model of Intrusion Analysis
正解:C
質問 # 243
A company recently experienced financial fraud, which included shared passwords being compromised and improper levels of access being granted The company has asked a security analyst to help improve its controls.
Which of the following will MOST likely help the security analyst develop better controls?
- A. An evidence summarization
- B. A lessons-learned report
- C. An incident response plan
- D. An indicator of compromise
正解:C
質問 # 244
Understanding attack vectors and integrating intelligence sources are important components of:
- A. an incident response plan.
- B. proactive threat hunting
- C. risk management compliance.
- D. a vulnerability management plan.
正解:B
解説:
threat hunting activities.
1. Establishing a hypothesis,
2. Profile threat actors/activities,
3. Threat hunting tactics,
4. Reducing attack surface,
5. Bundle critical systems/assets into groups/protected zones,
6. Attack vectors understood, assessed and addressed
7. Integrated intelligence
8. Improving detection capabilities.
質問 # 245
A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other processes will need to be created based on input from prior processes
Which of the following is the BEST method for accomplishing this task?
- A. API integration and data enrichment
- B. Continuous integration and configuration management
- C. Workflow orchestration and scripting
- D. Machine learning and process monitoring
正解:C
質問 # 246
......
CompTIAサイバーセキュリティアナリスト(CySA +)認定は、高度な知識とスキルを持つサイバーセキュリティ専門家を求める雇用主に高く評価されています。この認定は、グローバルに認められており、サイバーセキュリティ専門家が自分の専門知識を示し、キャリアの見通しを向上させるための優れた方法です。この試験は、サイバーセキュリティに経験があり、キャリアを次のレベルに進めたい人に最適です。
Fast2test CS0-002試験練習テスト問題:https://jp.fast2test.com/CS0-002-premium-file.html
CS0-002試験問題解答:https://drive.google.com/open?id=1APtVPIhBYhMLmPRfun4PFdlLyG5974J3