CS0-002認定お試し[2022年01月05日] 最新CS0-002のPDF問題集 [Q184-Q206]

Share

CS0-002認定お試し[2022年01月05日] 最新CS0-002のPDF問題集

ベストCompTIA CS0-002学習ガイドと問題集でof2022年更新


CompTIA CS0-002 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 自動化の概念とテクノロジーを比較対照する
  • ハードウェアとソフトウェアの保証のベストプラクティスを説明する
トピック 2
  • インシデント対応プロセスの重要性を説明する
  • クラウドでの運用に関連する脅威と脆弱性を説明する
トピック 3
  • シナリオを前提として、組織のリスク軽減をサポートするセキュリティの概念を適用します
  • 脅威データとインテリジェンスの重要性を説明します
トピック 4
  • プロアクティブな脅威ハンティングの重要性を説明する
  • データのプライバシーと保護の重要性を理解する
トピック 5
  • フレームワーク、ポリシー、手順、および制御の重要性を説明する
  • シナリオを前提として、攻撃とソフトウェアの脆弱性を軽減するための制御を実装する

 

質問 184
A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:
$ sudo nc -1 -v -e maildaemon.py 25 > caplog.txt
Which of the following solutions did the analyst implement?

  • A. Crontab mail script
  • B. Sinkhole
  • C. Log collector
  • D. Honeypot

正解: C

 

質問 185
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

  • A. 10.200.2.0/24 is infected with ransomware.
  • B. 10.200.2.5 is exfiltrating data.
  • C. 10.200.2.5 is a rogue endpoint.
  • D. 10.200.2.0/24 is not routable address space.

正解: B

 

質問 186
A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future attacks?

  • A. Ask the developers to implement parameterized SQL queries.
  • B. Create a WAF rule In block mode for SQL injection
  • C. Modify the IDS rules to have a signature for SQL injection.
  • D. Take the server offline to prevent continued SQL injection attacks.

正解: C

 

質問 187
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day. Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)

  • A. Configure a policy for workstation account timeout at three minutes.
  • B. Configure mandatory access controls to allow only accounting department users to access the workstations.
  • C. Set up a camera to monitor the workstations for unauthorized use.
  • D. Install a web monitor application to track Internet usage after hours.
  • E. Configure NAC to set time-based restrictions on the accounting group to normal business hours.

正解: A,E

 

質問 188
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

  • A. Line 2
  • B. Line 3
  • C. Line 6
  • D. Line 1
  • E. Line 4
  • F. Line 5

正解: A

 

質問 189
A server contains baseline images that are deployed to sensitive workstations on a regular basis.
The images are evaluated once per month for patching and other fixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?

  • A. Require the use of two-factor authentication for any administrator or user who needs to connect to the server.
  • B. Install a honeypot to identify any attacks before the baseline images can be compromised.
  • C. Schedule vulnerability scans of the server at least once per month before the images are updated.
  • D. Install and configure a file integrity monitoring tool on the server and allow updates to the images each month.

正解: D

 

質問 190
A security professional is analyzing the results of a network utilization report. The report includes the following information:

Which of the following servers needs further investigation?

  • A. hr.dbprod.01
  • B. R&D.file.srvr.01
  • C. mrktg.file.srvr.02
  • D. web.srvr.03

正解: A

 

質問 191
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

  • A. The From address is invalid.
  • B. The email originated from the www.spamfilter.org URL.
  • C. The IP address and the remote server name are the same.
  • D. The IP address was blacklisted.
  • E. The To address is invalid.

正解: D

 

質問 192
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

  • A. The From address is invalid.
  • B. The email originated from the www.spamfilter.org URL.
  • C. The IP address and the remote server name are the same.
  • D. The IP address was blacklisted.
  • E. The To address is invalid.

正解: D

 

質問 193
A security analyst is reviewing the following log entries to identify anomalous activity:

Which of the following attack types is occurring?

  • A. Directory traversal
  • B. Buffer overflow
  • C. SQL injection
  • D. Cross-site scripting

正解: A

 

質問 194
It is important to parameterize queries to prevent:

  • A. the queries from using an outdated library with security vulnerabilities.
  • B. the execution of unauthorized actions against a database.
  • C. a memory overflow that executes code with elevated privileges.
  • D. the establishment of a web shell that would allow unauthorized access.

正解: B

解説:
Reference:
https://stackoverflow.com/QUESTION NO:s/4712037/what-is-parameterized-query

 

質問 195
A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?

  • A. Public relations must receive information promptly in order to notify the community.
  • B. Improper communications can create unnecessary complexity and delay response actions.
  • C. Senior leadership should act as the only voice for the incident response team when working with forensics teams.
  • D. Organizational personnel must only interact with trusted members of the law enforcement community.

正解: B

 

質問 196
Which of the following has the GREATEST impact to the data retention policies of an organization?

  • A. The technical constraints of the technology used to store the data
  • B. The regulatory requirements concerning the data set
  • C. The level of sensitivity of the data established by the data owner
  • D. The CIA classification matrix assigned to each piece of data

正解: A

 

質問 197
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfilltrated?

  • A. Thursday's logs
  • B. Wednesday's logs
  • C. Tuesday's logs
  • D. Monday's logs

正解: A

 

質問 198
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

  • A. Dynamic code analysis
  • B. SDLC
  • C. Waterfall
  • D. Agile

正解: B

 

質問 199
An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:
* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target
* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.
* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

  • A. Profiling threat actors and activities
  • B. Improving detection capabilities
  • C. Bundling critical assets
  • D. Reducing the attack surface area

正解: D

 

質問 200
An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant. An analyst observes the following:
Antivirus signatures were updated recently

The desktop background was changed

Web proxy logs show browsing to various information security sites and ad network traffic

There is a high volume of hard disk activity on the file server

SMTP server shown the employee recently received several emails from blocked senders

The company recently switched web hosting providers

There are several IPS alerts for external port scans

Which of the following describes how the employee got this type of ransomware?

  • A. The employee updated antivirus signatures
  • B. The employee fell victim to a CSRF attack
  • C. The employee was using another user's credentials
  • D. The employee opened an email attachment

正解: B

 

質問 201
An organization recently had its strategy posted to a social media website. The document posted to the website is an exact copy of a document stored on only one server in the organization. A security analyst sees the following output from a command-line entry on the server suspected of the problem:

Which of the following would be the BEST course of action?

  • A. Figure out which of the Firefox processes is the malware
  • B. Monitor all the established TCP connections for data exfiltration
  • C. Investigate the malware associated with PID 123
  • D. Remove the malware associated with PID 773
  • E. Block all TCP connections at the firewall

正解: D

 

質問 202
A security analyst is investigating a malware infection that occurred on a Windows system.
The system was not connected to a network and had no wireless capability Company policy prohibits using portable media or mobile storage.
The security analyst is trying to determine which user caused the malware to get onto the system.
Which of the following registry keys would MOST likely have this information?

  • A.
  • B.
  • C.
  • D.

正解: B

 

質問 203
Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability.
Which of the following UEFI settings is the MOST likely cause of the infections?

  • A. Native mode
  • B. Compatibility mode
  • C. Secure boot mode
  • D. Fast boot mode

正解: B

 

質問 204
Which of the following types of policies is used to regulate data storage on the network?

  • A. Account management
  • B. Password
  • C. Acceptable use
  • D. Retention

正解: D

 

質問 205
Given the following access log:

Which of the following accurately describes what this log displays?

  • A. A vulnerability in Javascript
  • B. Application integration with an externally hosted database
  • C. A vulnerability in jQuery
  • D. A vulnerability scan performed from the Internet

正解: D

 

質問 206
......

有効なCS0-002試験 最新問題で2022年最新の学習ガイド:https://jp.fast2test.com/CS0-002-premium-file.html

トップクラスCompTIA CS0-002試験最先端学習ガイド!練習問題バージョン:https://drive.google.com/open?id=1WMG8M4-F6WzGSbu9CdlBqrsyuMS0UGMD


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어