CS0-001ブレーン問題集PDF、CompTIA CS0-001試験問題豪華お試しセット
2024年最新されたCS0-001サンプル問題は信頼され続けるCS0-001テストエンジン
Comptia CS0-001(Comptia Cybersecurity Analyst(CYSA+)認定)試験は、脅威管理、脆弱性管理、セキュリティアーキテクチャ、インシデント対応の分野におけるサイバーセキュリティの専門家のスキルを検証するために設計された世界的に認められた認定試験です。この試験は、サイバーセキュリティ分野で少なくとも3〜4年の経験があり、サイバーセキュリティ分析の専門知識を実証することでキャリアを向上させようとしている個人向けに設計されています。
質問 # 178
A security analyst is reviewing packet captures to determine the extent of success during an attacker's
reconnaissance phase following a recent incident.
The following is a hex and ASCII dump of one such packet:
Which of the following BEST describes this packet?
- A. DNS BIND version request
- B. DNS over TCP server status query
- C. DNS over UDP standard query
- D. DNS zone transfer request
正解:A
質問 # 179
A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal
database server through a compromised corporate web server. Ongoing exfiltration is accomplished by
embedding a small amount of data extracted from the database into the metadata of images served by the
web server. File timestamps suggest that the server was initially compromised six months ago using a
common server misconfiguration. Which of the following BEST describes the type of threat being used?
- A. APT
- B. Man-in-the-middle attack
- C. Zero-day attack
- D. XSS
正解:A
質問 # 180
A computer al a company was used to commit a crime. The system was seized and removed for the further analysis. Which of the following as the purpose of labeling cables and connections when seeing the computer system?
- A. To block any communication with the computer system from attack
- B. To maintain the chain of custody
- C. To document the model, manufacturer, and type of cables connected
- D. To capture the system configuration as it was at the time it w3s removed
正解:B
質問 # 181
A system administrator has reviewed the following output:
Which of the following can a system administrator infer from the above output?
- A. The company email server has been compromised.
- B. The company is running a vulnerable SSH server.
- C. The company web server has been compromised.
- D. The company email server is running a non-standard port.
正解:D
質問 # 182
In order to the leverage the power of data correlation with Nessus, a cybersecurity analyst must first be able to create a table for the scan results.
Given the following snippet of code:
Which of the following output items would be correct?
- A.

- B.

- C.

- D.

正解:B
質問 # 183
After scanning the main company's website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:
The analyst reviews a snippet of the offending code:
Which of the following is the BEST course of action based on the above warning and code snippet?
- A. The developer should review the code and implement a code fix.
- B. The system administrator should disable SSL and implement TLS.
- C. The organization should update the browser GPO to resolve the issue.
- D. The analyst should implement a scanner exception for the false positive.
正解:C
解説:
Explanation/Reference:
質問 # 184
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
- A. Virtualization
- B. Sandboxing
- C. Jump box
- D. Honeypot
正解:D
解説:
Explanation/Reference:
Explanation:
質問 # 185
A threat intelligence analyst who works for a technology firm received this report from a vendor.
"There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector." Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?
- A. Insider threat and indicator analysis
- B. Ransomware and encryption
- C. APT and behavioral analysis
- D. Polymorphic malware and secure code analysis
正解:C
解説:
Explanation/Reference:
Explanation:
質問 # 186
A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?
- A. Memorandum of agreement
- B. Reverse-engineering incident report
- C. Lessons learned report
- D. Vulnerability report
正解:C
質問 # 187
A company's asset management software has been discovering a weekly increase in non-standard software installed on end users' machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?
- A. IPS
- B. NIDS
- C. Netstat
- D. HIDS
正解:A
質問 # 188
An alert has been distributed throughout the information security community regarding a critical Apache
vulnerability. Which of the following courses of action would ONLY identify the known vulnerability?
- A. Perform an authenticated scan on all web servers in the environment.
- B. Perform a scan for the specific vulnerability on all web servers.
- C. Perform a web vulnerability scan on all servers in the environment.
- D. Perform an unauthenticated vulnerability scan on all servers in the environment.
正解:B
解説:
Explanation/Reference:
Explanation:
質問 # 189
An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.
The output from a recent Apache web server scan is shown below:
The team performs some investigation and finds this statement from Apache on 07/02/2008:
"Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"
Which of the following conditions would require the team to perform remediation on this finding?
- A. The organization is running version 1.3.39 and is using a public-server-status page
- B. The organization is running version 2.2.6 and has ExtendedStatus enabled
- C. The organization is running version 2.0.59 is not using a public-server-status page
- D. The organization is running version 2.0.5 and has ExtendedStatus enabled
正解:D
質問 # 190
A security analyst is creating ACLs on a perimeter firewall that will deny inbound packets that are from internal addresses, reserved external addresses, and multicast addresses. Which of the following is the analyst attempting to prevent/
- A. UDoS attacks
- B. Broadcast storms
- C. Man in-the-middle attacks
- D. Spoofing attacks
正解:D
質問 # 191
A security analyst received an email with the following key:
Xj3XJ3LLc
A second security analyst received an email with following key:
3XJ3xjcLLC
The security manager has informed the two analysts that the email they received is a key that allows access to the company's financial segment for maintenance. This is an example of:
- A. dual control
- B. two-factor authentication
- C. public key encryption
- D. separation of duties
- E. private key encryption
正解:A
質問 # 192
A company has implemented WPA2, a 20-character minimum for the WiFi passphrase. and a new WiFi passphrase every 30 days, and has disabled SSID broadcast on all wireless access points. Which of the following is the company trying to mitigate?
- A. Forced deauthentication
- B. Downgrade attacks
- C. Rainbow tables
- D. SSL pinning
正解:C
質問 # 193
A threat intelligence analyst who works for a financial services firm received this report:
"There has been an effective waterhole campaign residing at
www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called "LockMaster" by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector."
The analyst ran a query and has assessed that this traffic has been seen on the network.
Which of the following actions should the analyst do NEXT? (Select TWO).
- A. Advise the firewall engineer to implement a block on the domain
- B. Visit the domain and begin a threat assessment
- C. Advise the security architects to enable full-disk encryption to protect the MBR
- D. Format the MBR as a precaution
- E. Produce a threat intelligence message to be disseminated to the company
- F. Advise the security analysts to add an alert in the SIEM on the string "LockMaster"
正解:B、C
質問 # 194
A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:
Based on the output, which of the following services should be further tested for vulnerabilities?
- A. SMB
- B. SSH
- C. HTTPS
- D. HTTP
正解:A
質問 # 195
A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.
The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client.
Which of the following should the company implement?
- A. WPA2
- B. Network Intrusion Prevention
- C. Port security
- D. Mandatory Access Control
正解:C
解説:
Section: (none)
質問 # 196
A security analyst performed a review of an organization's software development life cycle. The analyst
reports that the life cycle does not contain in a phase in which team members evaluate and provide critical
feedback on another developer's code. Which of the following assessment techniques is BEST for
describing the analyst's report?
- A. Whitebox testing
- B. Waterfall
- C. Peer review
- D. Architectural evaluation
正解:C
質問 # 197
An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has already identified active hosts in the network and is now scanning individual hosts to determine if any are running a web server. The output from the latest scan is shown below:
Which of the following commands would have generated the output above?
- A. -nmap -sV 192.168.1.1 -p 80
- B. -nmap -sP 192.168.1.0/24 -p ALL
- C. -nmap -sV 192.168.1.13 -p 80
- D. -nmap -sP 192.168.1.13 -p ALL
正解:C
質問 # 198
Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:
Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?
- A. Change ChallengeResponseAuthentication yes to ChallangeResponseAuthentication no
- B. Change PassworAuthentication yes to PasswordAuthentication no
- C. Change PubkeyAuthentication yes to #PubkeyAuthentication yes
- D. Change PermitRootLogin no to #PermitRootLogin yes
- E. Change #AuthorizedKeysFile sh/.ssh/authorized_keys to AuthorizedKeysFile sh/.ssh/ authorized_keys
正解:B
質問 # 199
A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Select two.)
- A. Planning phase
- B. Requirements phase
- C. Prototyping phase
- D. Static code analysis
- E. Behavior modeling
- F. Fuzzing
正解:C、F
質問 # 200
An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.
Which of the following is MOST likely to be a false positive?
- A. SSL Certificate Expiry
- B. GDI+ Remote Code Execution Vulnerability (MS08-052)
- C. Apache HTTP Server Byte Range DoS
- D. OpenSSH/OpenSSL Package Random Number Generator Weakness
- E. HTTP TRACE / TRACK Methods Allowed (002-1208)
正解:B
質問 # 201
After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?
- A. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
- B. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer
- C. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
- D. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
正解:C
質問 # 202
A security professional is analyzing the results of a network utilization report. The report includes the
following information:
Which of the following servers needs further investigation?
- A. web.srvr.03
- B. mrktg.file.srvr.02
- C. hr.dbprod.01
- D. R&D.file.srvr.01
正解:C
解説:
Explanation/Reference:
Explanation:
質問 # 203
......
CYSA+認定を達成することは、潜在的な雇用主に、個人が組織のデータとシステムを保護するために必要な知識とスキルを持っていることを示しています。この認定は、特定のサイバーセキュリティポジションの要件として、米国国防総省を含む多くの組織によって認識されています。 Comptiaによると、CYSA+認定を保持している個人は、年間平均給与98,000ドルを獲得しています。
無料お試しCompTIA CS0-001問題集PDFは必ずベストの問題集オプションを使おう:https://jp.fast2test.com/CS0-001-premium-file.html