
CPTIAのPDFで合格させるスゴ問題集でCPTIA最新のリアル試験問題
有効なCPTIAテスト解答CPTIA試験PDF問題を試そう
質問 # 16
Investigator Ian gives you a drive image to investigate. What type of analysis are you performing?
- A. Live
- B. Static
- C. Dynamic
- D. Real-time
正解:B
解説:
When Investigator Ian gives you a drive image to investigate, the type of analysis you are performing is static analysis. Static analysis involves examining the contents of a drive, file, or binary without executing the system or the application. It's about analyzing the data at rest. This type of analysis is crucial for forensics investigations because it allows for the examination of files, directories, and system information without altering any state or data, thereby preserving the integrity of the evidence. Static analysis is contrasted with dynamic analysis, which involves analyzing a system in operation (real-time or live) or executing the application to observe its behavior.References:Incident Handler (CREST CPTIA) courses and study guides highlight the importance of static analysis in digital forensics, detailing methods for examining disk images, files, and other digital artifacts to gather evidence without compromising its integrity.
質問 # 17
A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data.
Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?
- A. Searchable functionality
- B. Data management
- C. Protection ranking
- D. Evaluating performance
正解:B
解説:
Incorporating a data management requirement in the threat knowledge repository is essential to provide the ability to modify or delete past or irrelevant threat data. Effective data management practices ensure that the repository remains accurate, relevant, and up-to-date by allowing for the adjustment and curation of stored information. This includes removing outdated intelligence, correcting inaccuracies, and updating information as new insights become available. A well-managed repository supports the ongoing relevance and utility of the threat intelligence, aiding in informed decision-making and threat mitigation strategies.References:
* "Building and Maintaining a Threat Intelligence Library," by Recorded Future
* "Best Practices for Creating a Threat Intelligence Policy, and How to Use It," by SANS Institute
質問 # 18
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
- A. behaviorial analysis
- B. Physical detection
- C. Mole detection
- D. Profiling
正解:A
解説:
Behavioral analysis is a technique used to detect insider threats by analyzing the behavior of employees, both individually and in group settings, to identify any actions that deviate from the norm. This method relies on monitoring and analyzing data related to user activities, access patterns, and other behaviors that could indicate malicious intent or a potential security risk from within the organization. Behavioral analysis can detect unusual access to sensitive data, abnormal data transfer activities, and other indicators of insider threats. This approach is proactive and can help in identifying potential insider threats before they result in significant harm to the organization.References:The Incident Handler (CREST CPTIA) certification materials cover various insider threat detection techniques, including the importance of behavioral analysis as a key method for identifying potential security risks posed by insiders.
質問 # 19
XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability in the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident.
Which of the following stages in IH&R process is James working on?
- A. Evidence gathering and forensics analysis
- B. Post-incident activities
- C. Notification
- D. Eradication
正解:B
解説:
James is working on the post-incident activities stage of the Incident Handling and Response (IH&R) process.
After containing the spread of the infection and removing the malware, the focus shifts to assessing the impact of the incident on the organization and preparing a detailed report. This phase involves analyzing the extent of the damage, determining the cost of the attack, evaluating how well the incident was managed, and identifying lessons learned to improve future response efforts. The objective is to restore systems to normal operation, ensure no remnants of the threat remain, and implement measures to prevent recurrence.References:
Incident Handler (CREST CPTIA) courses and study guides outline the IH&R process, emphasizing the importance of post-incident activities for organizational recovery and improvement of future security measures.
質問 # 20
Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails.
Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?
- A. SNMP
- B. ARP
- C. POP
- D. DKIM
正解:D
解説:
Racheal should check for DKIM (DomainKeys Identified Mail) in the email headers to analyze the authenticity of received emails. DKIM is an email authentication method designed to detect email spoofing. It provides a way for the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient can verify this signature to confirm that the email was not altered during its transmission and that it indeed comes from the specified domain, thereby helping to prevent email spoofing. Other options like SNMP (Simple Network Management Protocol), POP (Post Office Protocol), and ARP (Address Resolution Protocol) are not directly related to email authenticity checks.References:Incident Handler (CREST CPTIA) certification materials cover various protocols and standards for ensuring the security and authenticity of communications, including email security protocols like DKIM.
質問 # 21
Which one of the following is the correct flow of the stages in an incident handling and response (IH&R) process?
- A. Incident triage -> Eradication -#Containment-* Incident recording-* Preparation-* Recovery-
* Post-incident activities - B. Preparation -* Incident recording -> Incident triage -* Containment -*#Eradication->Recovery-
* Post-incident activities - C. Containment -* Incident recording -* Incident triage -> Preparation -* Recovery -> Eradication -* Post-incident activities
- D. Incident recording -> Preparation -> Containment * Incident triage -> Recovery > Eradication -> Post- incident activities
正解:B
解説:
The correct flow of stages in an Incident Handling and Response (IH&R) process as outlined in the Incident Handler (CREST CPTIA) by EC-Council begins with Preparation. This phase involves getting ready for potential incidents by developing plans, policies, and procedures, and ensuring that tools and team training are up to date. Incident Recording is the next stage, where incidents are documented and reported. Incident Triage follows, prioritizing incidents based on their impact and urgency. Containment is next, aiming to limit the damage of the incident and prevent further spread. Eradication comes after containment, where the root cause of the incident is removed. Recovery is the stage where affected systems are restored to their operational status. Post-Incident Activities conclude the process, reviewing and learning from the incident to improve future response efforts.
References:This structured approach is foundational in the CREST CPTIA program, ensuring that incident handlers are prepared to systematically address and manage cybersecurity incidents efficiently.
質問 # 22
Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident?
- A. Network intrusion incident
- B. Unauthorized access incident.
- C. Denial-of-service incicent
- D. Inappropriate usage incident
正解:D
解説:
An inappropriate usage incident involves misuse of the organization's resources or violations of its acceptable use policies. Sam's actions, where he sends emails to third-party organizations with a spoofed email address of his employer, constitute misuse of the organization's email system and misrepresentation of the organization. This behavior can harm the organization's reputation, violate policy, and potentially lead to legal consequences. Inappropriate usage incidents can range from unauthorized use of systems for personal gain to the dissemination of unapproved content.
References:The Incident Handler (CREST CPTIA) by EC-Council includes discussions on various types of security incidents, emphasizing the importance of addressing and mitigating not just external threats but also internal misuse and policy violations.
質問 # 23
You are talking to a colleague who Is deciding what information they should include in their organization's logs to help with security auditing. Which of the following items should you tell them to NOT log?
- A. Session ID
- B. userid
- C. Timestamp
- D. Source IP eddross
正解:B
解説:
Logging User IDs (D) can pose privacy concerns and may conflict with regulations such as the General Data Protection Regulation (GDPR), which emphasizes the protection of personal data and privacy. Therefore, while logging details such as Timestamps, Session IDs, and Source IP addresses are essential for security auditing to track when events occur, who is initiating sessions, and from where, care must be taken with User IDs. The handling of personally identifiable information (PII) must comply with privacy laws and organizational policies to safeguard individual privacy rights.
References:Security best practices and compliance frameworks discussed in the CREST guide incident handlers on what information should and should not be logged, emphasizing the need to balance security auditing requirements with privacy and regulatory obligations.
質問 # 24
Which of the following is not the responsibility of first responders?
- A. Protecting the crime scene
- B. Identifying the crime scene
- C. Packaging and transporting the electronic evidence
- D. Preserving temporary and fragile evidence and then shut down or reboot the victim's computer
正解:D
解説:
The responsibility of first responders does not include shutting down or rebooting the victim's computer as a measure to preserve temporary and fragile evidence. In fact, such actions can potentially alter or destroy volatile data that could be crucial for the investigation. The primary responsibilities of first responders include protecting and identifying the crime scene, and ensuring the preservation of evidence in its original state as much as possible, which may involve isolating affected systems from the network but not necessarily shutting them down or rebooting them without proper forensic readiness and consideration.
質問 # 25
James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?
- A. Data breach/loss
- B. Insufficient duo diligence
- C. Insecure interface and APIs
- D. Abuse end nefarious use of cloud services
正解:D
解説:
James's activities, including creating anonymous access to cloud services to carry out attacks such as password and key cracking, hosting malicious data, and conducting DDoS attacks, exemplify the abuse and nefarious use of cloud services. This threat involves exploiting cloud computing resources to conduct malicious activities, which can impact the cloud service provider as well as other users of the cloud services.
This abuse ranges from using the cloud platform's resources for computationally intensive tasks like cracking passwords or encryption keys to conducting DDoS attacks that can disrupt services for legitimate users.
References:The Incident Handler (CREST CPTIA) certification emphasizes understanding cloud-specific security challenges, including the abuse of cloud services, and recommends strategies for mitigating such risks, highlighting the need for comprehensive security measures to protect cloud environments.
質問 # 26
Which stage of the incident response and handling process involves auditing the system and network log files?
- A. Containment
- B. Incident disclosure
- C. Incident triage
- D. Incident eradication
正解:C
解説:
Auditing the system and network log files is a crucial step in the incident triage phase of the incident response and handling process. During incident triage, incident handlers assess and prioritize incidents based on their severity, impact, and the urgency of the response required. Part of this assessment involves reviewing log files to understand the nature of the incident, its scope, and the systems or networks affected. This information helps in categorizing the incident and deciding on the appropriate response actions. Unlike containment, which aims to limit the damage, incident disclosure, which involves communicating about the incident, or incident eradication, which focuses on removing the threat, incident triage is about evaluating and prioritizing the incident based on detailed log analysis among other factors.References:The Incident Handler (CREST CPTIA) courses and study guides emphasize the role of incident triage in the early stages of the incident response process, highlighting the importance of log file analysis in assessing and prioritizing incidents.
質問 # 27
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. Heacquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?
- A. Internal intelligence feeds
- B. External intelligence feeds
- C. Proactive surveillance feeds
- D. CSV data feeds
正解:A
解説:
Internal intelligence feeds are derived from data and information collected within an organization's own networks and systems. Jian's activities, such as real-time assessment of system activities and acquiring feeds from honeynets, P2P monitoring, infrastructure, and application logs, fall under the collection of internal intelligence feeds. These feeds are crucial for identifying potential threats and vulnerabilities within the organization and form a fundamental part of a comprehensive threat intelligence program. They contrast with external intelligence feeds, which are sourced from outside the organization and include information on broader cyber threats, trends, and TTPs of threat actors.References:
* "Building an Intelligence-Led Security Program" by Allan Liska
* "Threat Intelligence: Collecting, Analysing, Evaluating" by M-K. Lee, L. Healey, and P. A. Porras
質問 # 28
An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?
- A. The right time
- B. The right order
- C. The right presentation
- D. The right content
正解:C
解説:
For intelligence to be effectively disseminated and utilized by consumers, it must be presented in a manner that is concise, accurate, easily understandable, and engaging. This involves a careful balance of narrative, numerical data, tables, graphics, and potentially multimedia elements to convey the information clearly and compellingly. The right presentation takes into account the preferences and needs of the intelligence consumers, as well as the context andurgency of the information. By focusing on how the intelligence is presented, the analyst ensures that the content is not only consumed but also actionable, facilitating informed decision-making.
質問 # 29
Identify Sarbanes-Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts.
- A. Title IX: White-Collar-Crime Penalty Enhancement
- B. Title VIII: Corporate and Criminal Fraud Accountability
- C. Title VII: Studies and Reports
- D. Title V: Analyst Conflicts of Interest
正解:D
解説:
The Sarbanes-Oxley Act (SOX) Title V, titled "Analyst Conflicts of Interest," contains measures specifically designed to restore investor confidence in the reporting of securities analysts. It addresses the issue of potential conflicts of interest for securities analysts who recommend stocks and other securities by requiring disclosure of certain relationships and financial interests between analysts and the companies they cover. This part of the SOX Act aims to ensure that investors receive unbiased and accurate information from analysts, thereby helping to restore trust in financial markets. Title V consists of only one section, making it unique compared to other titles within the Act that may encompass multiple sections or provisions.References:The Incident Handler (CREST CPTIA) certification materials might not directly cover the specifics of the Sarbanes-Oxley Act but would underscore the importance of understanding regulatory requirements and compliance, especially in roles involving incident response and information security governance.
質問 # 30
Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?
- A. Obfuscation
- B. Spoofing
- C. Steganography
- D. Encryption
正解:A
解説:
Obfuscation is a technique used to make data or code difficult to understand. It is often employed by attackers to conceal the true intent of their code or communications, making it harder for security professionals, automated tools, and others to analyze or detect malicious activity. Obfuscation can involve the use of ambiguous or misleading language, as well as more technical methods such as encoding, encryption, or the use of nonsensical variable names in source code to hide its true functionality.
References:The CREST CPTIA program discusses various techniques attackers use to evade detection, including obfuscation, highlighting how it complicates the analysis and understanding of malicious payloads.
質問 # 31
Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target. Which of the following types of threat attributions Alexis performed?
- A. True attribution
- B. Intrusion-set attribution
- C. Nation-state attribution
- D. Campaign attributio
正解:A
解説:
True attribution in the context of cyber incidents involves the identification of the actual individuals, groups, or entities behind an attack. This can include pinpointing specific persons, organizations, societies, or even countries that sponsor or carry out cyber intrusions or attacks. Alexis's efforts to identify and attribute the actors behind a recent attack by distinguishing the specific origins of the threat align with the concept of true attribution, which goes beyond mere speculation to provide concrete evidence about the perpetrators.
References:Threat attribution, especially true attribution, is a complex and nuanced area within cyber incident response, dealing with the identification of attackers. Thisconcept is covered in cybersecurity courses and certifications, such as the CREST CPTIA by EC-Council, focusing on the methodologies and challenges associated with attributing cyber attacks to their true sources.
質問 # 32
A colleague wants to minimize their security responsibility because they are in a small organization. They are evaluating a new application that is offered in different forms. Which form would result in the least amount of responsibility for the colleague?
- A. PaaS
- B. laaS
- C. On-prom installation
- D. saaS
正解:D
解説:
Software as a Service (SaaS) offers the least amount of security responsibility for the end-user or organization, as the service provider manages the underlying infrastructure, software maintenance, security patching, and updates. Choosing a SaaS application means the colleague's organization would not be responsible for the physical servers, operating systems, or the application's security configurations, making it the best option for minimizing their security responsibilities.
References:In the Certified Incident Handler (CREST CPTIA) course materials, the various cloud service models (IaaS, PaaS, SaaS) are discussed with a focus on their implications for security responsibilities and management.
質問 # 33
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?
- A. True attribution
- B. Campaign attribution
- C. Intrusion-set attribution
- D. Nation-state attribution
正解:A
解説:
True attribution in the context of cyber threats involves identifying the actual individual, group, or nation- state behind an attack or intrusion. This type of attribution goes beyond associating an attack with certain tactics, techniques, and procedures (TTPs) or a known group and aims to pinpoint the real-world entity responsible. True attribution ischallenging due to the anonymity of the internet and the use of obfuscation techniques by attackers, but it is crucial for understanding the motive behind an attack and for forming appropriate responses at diplomatic, law enforcement, or cybersecurity levels.References:
* "Attribution of Cyber Attacks: A Framework for an Evidence-Based Analysis" by Jason Healey
* "The Challenges of Attribution in Cyberspace" in the Journal of Cyber Policy
質問 # 34
John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.
- A. War driving
- B. Pharming
- C. Pretexting
- D. Skimming
正解:B
解説:
Pharming is a cyber attack intended to redirect a website's traffic to another, bogus website. By poisoning a DNS server's cache, attackers can redirect users from the site they intended to visit to one that is malicious, without the user's knowledge or any action on their part, such as clicking a deceptive link. This technique is particularly insidious because it can affect well-intentioned users who type the correct URL into their browsers but are still redirected. War driving involves searching for wireless networks from a moving vehicle, skimming refers to stealing credit card information using a device placed on ATMs or point-of-sale terminals, and pretexting is a form of social engineering where the attacker lies to obtain privileged data.References:The Incident Handler (CREST CPTIA) certification program covers a variety of cyber attacks and techniques, including DNS poisoning and pharming, explaining how attackers exploit vulnerabilities to redirect users to fraudulent sites.
質問 # 35
SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization's security.
Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?
- A. Open
- B. Search
- C. Workflow
- D. Scoring
正解:D
解説:
Incorporating a scoring feature in a Threat Intelligence (TI) platform allows SecurityTech Inc. to evaluate and prioritize intelligence sources, threat actors, specific types of attacks, and the organization's digital assets based on their relevance and threat level to the organization. This prioritization helps in allocating resources more effectively, focusing on protecting critical assets and countering the most significant threats. A scoring system can be based on various criteria such as the severity of threats, the value of assets, the reliability of intelligence sources, and the potential impact of threat actors or attack vectors. By quantifying these elements, SecurityTech Inc. can make informed decisions on where to invest its limited funds to enhance its security posture most effectively.References:
* "Designing and Building a Cyber Threat Intelligence Capability" by the SANS Institute
* "Threat Intelligence: What It Is, and How to Use It Effectively" by Gartner
質問 # 36
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?
- A. Tactical threat intelligence
- B. Strategic threat intelligence
- C. Technical threat intelligence
- D. Operational threat intelligence
正解:A
解説:
The information shared by Alice, which was highly technical and included details such as threat actor tactics, techniques, and procedures (TTPs), malware campaigns, and tools used by threat actors, aligns with the definition of tactical threat intelligence. This type of intelligence focuses on the immediate, technical indicators of threats and is used bysecurity operation managers and network operations center (NOC) staff to protect organizational resources. Tactical threat intelligence is crucial for configuring security solutions and adjusting defense mechanisms to counteract known threats effectively.References:
* "Tactical Cyber Intelligence," Cyber Threat Intelligence Network, Inc.
* "Cyber Threat Intelligence for Front Line Defenders: A Practical Guide," by James Dietle
質問 # 37
What is the correct sequence of steps involved in scheduling a threat intelligence program?
1. Review the project charter
2. Identify all deliverables
3. Identify the sequence of activities
4. Identify task dependencies
5. Develop the final schedule
6. Estimate duration of each activity
7. Identify and estimate resources for all activities
8. Define all activities
9. Build a work breakdown structure (WBS)
- A. 1-->2-->3-->4-->5-->6-->7-->8-->9
- B. 1-->9-->2-->8-->3-->7-->4-->6-->5
- C. 1-->2-->3-->4-->5-->6-->9-->8-->7
- D. 3-->4-->5-->2-->1-->9-->8-->7-->6
正解:B
解説:
The correct sequence for scheduling a threat intelligence program involves starting with the foundational steps of defining the project scope and objectives, followed by detailed planning and scheduling of tasks. The sequence starts with reviewing the project charter (1) to understand the project's scope, objectives, and constraints. Next, building a Work Breakdown Structure (WBS) (9) helps in organizing the team's work into manageable sections. Identifying all deliverables (2) clarifies the project's outcomes. Defining all activities (8) involves listing the tasks required to produce the deliverables. Identifying the sequence of activities (3) and estimating resources (7) and task dependencies (4) sets the groundwork for scheduling. Estimating the duration of each activity (6) is critical before developing the final schedule (5), which combines all these elements into a comprehensive plan. This approach ensures a structured and methodical progression from project initiation to execution.References:
* "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," Project Management Institute
* "Cyber Intelligence-Driven Risk," by Intel471
質問 # 38
An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.
What stage of the threat modeling is Mr. Andrews currently in?
- A. Threat profiling and attribution
- B. Threat determination and identification
- C. System modeling
- D. Threat ranking
正解:A
解説:
During the threat modeling process, Mr. Andrews is in the stage of threat profiling and attribution, where he is collecting important information about the threat actor and characterizing the analytic behavior of the adversary. This stage involves understanding the technological details, goals, motives, and potential capabilities of the adversaries, which is essential for building effective countermeasures. Threat profiling and attribution help in creating a detailed picture of the adversary, contributing to a more focused and effective defense strategy.References:
* "The Art of Threat Profiling," by John Pirc, SANS Institute Reading Room
* "Threat Modeling: Designing for Security," by Adam Shostack
質問 # 39
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?
- A. Inconsistency
- B. Diagnostics
- C. Refinement
- D. Evidence
正解:C
解説:
In the Analysis of Competing Hypotheses (ACH) process, the stage where Mr. Bob is applying analysis to reject hypotheses and select the most likely one based on listed evidence, followed by preparing a matrix with screened hypotheses and evidence, is known as the 'Refinement' stage. This stage involves refining the list of hypotheses by systematically evaluating the evidence against each hypothesis, leading to the rejection of inconsistent hypotheses and the strengthening of the most plausible ones. The preparation of a matrix helps visualize the relationship between each hypothesis and the available evidence, facilitating a more objective and structured analysis.References:
* "Psychology of Intelligence Analysis" by Richards J. Heuer, Jr., for the CIA's Center for the Study of Intelligence
* "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis" by the CIA
質問 # 40
Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open?
- A. Full connect scan
- B. Null scan
- C. Stealth scan
- D. Xmas scan
正解:C
解説:
The port scanning technique that involves resetting the TCP connection between the client and server abruptly before the completion of the three-way handshake, thereby leaving the connection half-open, is known as a Stealth scan (also referred to as a SYN scan). This technique allows the scanner to inquire about the status of a port without establishing a full TCP connection, making the scan less detectible to intrusion detection systems and less likely to be logged by the target. It's a method used to discreetly discover open ports on a target machine without establishing a full connection that would be visible in logs.References:CREST materials often cover different types of network scanning techniques, including Stealth scans, explaining their methodologies, purposes, and how they can be detected or mitigated.
質問 # 41
......
CPTIA問題集はあなたの合格を必ず保証します:https://jp.fast2test.com/CPTIA-premium-file.html