CompTIA Cybersecurity Analyst (CySA+) Certification - CS0-003 模擬練習
Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?
正解: B
解説: (PassTest メンバーにのみ表示されます)
During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee ' s personal email. Which of the following should the analyst recommend be done first?
正解: A
解説: (PassTest メンバーにのみ表示されます)
The SOC received a threat intelligence notification indicating that an employee ' s credentials were found on the dark web. The user ' s web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?
正解: A
解説: (PassTest メンバーにのみ表示されます)
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

Which of the following tuning recommendations should the security analyst share?
正解: C
解説: (PassTest メンバーにのみ表示されます)
Which of the following responsibilities does the legal team have during an incident management event?
(Select two).
(Select two).
正解: B,C
解説: (PassTest メンバーにのみ表示されます)
An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window.
However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?
However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?
正解: B
解説: (PassTest メンバーにのみ表示されます)
While configuring a SIEM for an organization, a security analyst is having difficulty correlating incidents across different systems. Which of the following should be checked first?
正解: D
解説: (PassTest メンバーにのみ表示されます)
The security team is reviewing a list of vulnerabilities present on the environment, and they want to prioritize the remediation based on the CVSS v4.0 metrics:

Which of the following vulnerabilities should the security manager request to fix first?

Which of the following vulnerabilities should the security manager request to fix first?
正解: C
解説: (PassTest メンバーにのみ表示されます)
A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?
正解: C
解説: (PassTest メンバーにのみ表示されます)
A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does this act exhibit?
正解: C
解説: (PassTest メンバーにのみ表示されます)
A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-site scripting. Which of the following tools would the security team most likely recommend to perform this test?
正解: D
解説: (PassTest メンバーにのみ表示されます)
A web vulnerability scanner has identified many instances of poorly written code that allow for path traversal.
Which of the following is the best option for rewriting the code?
Which of the following is the best option for rewriting the code?
正解: A
解説: (PassTest メンバーにのみ表示されます)