CompTIA Cybersecurity Analyst (CySA+) Certification - CS0-003 模擬練習

Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?

正解: B
解説: (PassTest メンバーにのみ表示されます)
During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee ' s personal email. Which of the following should the analyst recommend be done first?

正解: A
解説: (PassTest メンバーにのみ表示されます)
The SOC received a threat intelligence notification indicating that an employee ' s credentials were found on the dark web. The user ' s web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?

正解: A
解説: (PassTest メンバーにのみ表示されます)
An organization conducted a web application vulnerability assessment against the corporate website, and the following output was observed:

Which of the following tuning recommendations should the security analyst share?

正解: C
解説: (PassTest メンバーにのみ表示されます)
Which of the following responsibilities does the legal team have during an incident management event?
(Select two).

正解: B,C
解説: (PassTest メンバーにのみ表示されます)
An analyst is reviewing a vulnerability report and must make recommendations to the executive team. The analyst finds that most systems can be upgraded with a reboot resulting in a single downtime window.
However, two of the critical systems cannot be upgraded due to a vendor appliance that the company does not have access to. Which of the following inhibitors to remediation do these systems and associated vulnerabilities best represent?

正解: B
解説: (PassTest メンバーにのみ表示されます)
While configuring a SIEM for an organization, a security analyst is having difficulty correlating incidents across different systems. Which of the following should be checked first?

正解: D
解説: (PassTest メンバーにのみ表示されます)
The security team is reviewing a list of vulnerabilities present on the environment, and they want to prioritize the remediation based on the CVSS v4.0 metrics:

Which of the following vulnerabilities should the security manager request to fix first?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A laptop that is company owned and managed is suspected to have malware. The company implemented centralized security logging. Which of the following log sources will confirm the malware infection?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A disgruntled open-source developer has decided to sabotage a code repository with a logic bomb that will act as a wiper. Which of the following parts of the Cyber Kill Chain does this act exhibit?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A development team is preparing to roll out a beta version of a web application and wants to quickly test for vulnerabilities, including SQL injection, path traversal, and cross-site scripting. Which of the following tools would the security team most likely recommend to perform this test?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A web vulnerability scanner has identified many instances of poorly written code that allow for path traversal.
Which of the following is the best option for rewriting the code?

正解: A
解説: (PassTest メンバーにのみ表示されます)