CompTIA CS0-003リアル試験問題解答は無料 [Q56-Q72]

Share

CompTIA CS0-003リアル試験問題解答は無料

試験問題集でCS0-003練習無料最新のCompTIA練習テスト


CompTIA CS0-003 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Reporting and Communication: This topic focuses on explaining the importance of vulnerability management and incident response reporting and communication.
トピック 2
  • Security Operations: It focuses on analyzing indicators of potentially malicious activity, using tools and techniques to determine malicious activity, comparing threat intelligence and threat hunting concepts, and explaining the importance of efficiency and process improvement in security operations.
トピック 3
  • Vulnerability Management: This topic discusses involving implementing vulnerability scanning methods, analyzing vulnerability assessment tool output, analyzing data to prioritize vulnerabilities, and recommending controls to mitigate issues. The topic also focuses on vulnerability response, handling, and management.
トピック 4
  • Incident Response and Management: It is centered around attack methodology frameworks, performing incident response activities, and explaining preparation and post-incident phases of the life cycle.

 

質問 # 56
An employee is no longer able to log in to an account after updating a browser. The employee usually has several tabs open in the browser. Which of the following attacks was most likely performed?

  • A. XSS
  • B. RFI
  • C. CSRF
  • D. LFI

正解:C


質問 # 57
A company is aiming to test a new incident response plan. The management team has made it clear that the initial test should have no impact on the environment. The company has limited resources to support testing. Which of the following exercises would be the best approach?

  • A. Capture the flag
  • B. Tabletop scenarios
  • C. Unknown-environment penetration test
  • D. Red team vs. blue team

正解:B

解説:
A tabletop scenario is an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios. A tabletop scenario is the best approach for a company that wants to test a new incident response plan without impacting the environment or using many resources. A tabletop scenario can help the company identify strengths and weaknesses in their plan, clarify roles and responsibilities, and improve communication and coordination among team members. The other options are more intensive and disruptive exercises that involve simulating a real incident or attack. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 16; https://www.linkedin.com/pulse/tabletop-exercises-explained-matt-lemon-phd


質問 # 58
A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).

  • A. Registry file
  • B. Temporary filesystems
  • C. Packet decoding
  • D. Swap volume
  • E. SSD storage
  • F. Memory cache

正解:D、F

解説:
Memory cache and swap volume are types of media that are most volatile and should be preserved during a digital forensics investigation. Volatile media are those that store data temporarily and lose their contents when the power is turned off or interrupted. Memory cache is a small and fast memory that stores frequently used data or instructions for faster access by the processor. Swap volume is a part of the hard disk that is used as an extension of the memory when the memory is full or low .


質問 # 59
Which of the following risk management principles is accomplished by purchasing cyber insurance?

  • A. Mitigate
  • B. Transfer
  • C. Accept
  • D. Avoid

正解:B

解説:
Transfer is the risk management principle that is accomplished by purchasing cyber insurance.
Transfer is a strategy that involves shifting the risk or its consequences to another party, such as an insurance company, a vendor, or a partner. Transfer does not eliminate the risk, but it reduces the potential impact or liability of the risk for the original party. Cyber insurance is a type of insurance that covers the losses and damages resulting from cyberattacks, such as data breaches, ransomware, denial-of-service attacks, or network disruptions. Cyber insurance can help transfer the risk of cyber incidents by providing financial compensation, legal assistance, or recovery services to the insured party.


質問 # 60
A security administrator has been notified by the IT operations department that some vulnerability reports contain an incomplete list of findings. Which of the following methods should be used to resolve this issue?

  • A. External scan
  • B. Credentialed scar
  • C. Network scan
  • D. Differential scan

正解:B

解説:
A credentialed scan is a type of vulnerability scan that uses valid credentials to log in to the scanned systems and perform a more thorough and accurate assessment of their vulnerabilities.
A credentialed scan can access more information than a non-credentialed scan, such as registry keys, patch levels, configuration settings, and installed applications. A credentialed scan can also reduce the number of false positives and false negatives, as it can verify the actual state of the system rather than relying on inference or assumptions. The other types of scans are not related to the issue of incomplete findings, as they refer to different aspects of vulnerability scanning, such as the scope, location, or frequency of the scan. An external scan is a scan that is performed from outside the network perimeter, usually from the internet. An external scan can reveal how an attacker would see the network and what vulnerabilities are exposed to the public.
An external scan cannot access internal systems or resources that are behind firewalls or other security controls. A differential scan is a scan that compares the results of two scans and highlights the differences between them. A differential scan can help identify changes in the network environment, such as new vulnerabilities, patched vulnerabilities, or new devices. A differential scan does not provide a complete list of findings by itself, but rather a summary of changes. A network scan is a scan that focuses on the network layer of the OSI model and detects vulnerabilities related to network devices, protocols, services, and configurations. A network scan can discover open ports, misconfigured firewalls, unencrypted traffic, and other network-related issues. A network scan does not provide information about the application layer or the host layer of the OSI model, such as web applications or operating systems.


質問 # 61
Which of the following is the best reason why organizations need operational security controls?

  • A. To limit physical access to areas that contain sensitive data
  • B. To assess compliance automatically against a secure baseline
  • C. To supplement areas that other controls cannot address
  • D. To prevent disclosure by potential insider threats

正解:C

解説:
Operational security controls are security measures that are implemented and executed by people rather than by systems. Operational security controls are needed to supplement areas that other controls, such as technical or physical controls, cannot address. For example, operational security controls can include policies, procedures, training, awareness, audits, reviews, testing, etc. These controls can help ensure that employees follow best practices, comply with regulations, detect and report incidents, and respond to emergencies. The other options are not specific to operational security controls or are too narrow in scope. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 14; https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/operational-security-controls


質問 # 62
The Chief Executive Officer (CEO) has notified that a confidential trade secret has been compromised. Which of the following communication plans should the CEO initiate?

  • A. Disclose to all affected parties in the Chief Operating Officer for discussion and resolution.
  • B. Verify legal notification requirements of PII and SPII in the legal and human resource departments.
  • C. Schedule a press release to inform other service provider customers of the compromise.
  • D. Alert department managers to speak privately with affected staff.

正解:D

解説:
The CEO should initiate an alert to department managers to speak privately with affected staff. This is because the trade secret is confidential and should not be disclosed to the public. Additionally, the CEO should verify legal notification requirements of PII and SPII in the legal and human resource departments to ensure compliance with data protection laws.


質問 # 63
An analyst is conducting monitoring against an authorized team that win perform adversarial techniques. The analyst interacts with the team twice per day to set the stage for the techniques to be used. Which of the following teams is the analyst a member of?

  • A. Orange team
  • B. Red team
  • C. Purple team
  • D. Blue team

正解:A

解説:
An orange team is a team that is involved in facilitation and training of other teams in cybersecurity. An orange team assists the yellow team, which is the management or leadership team that oversees the cybersecurity strategy and governance of an organization. An orange team helps the yellow team to understand the cybersecurity risks and challenges, as well as the roles and responsibilities of other teams, such as the red, blue, and purple teams. In this scenario, the analyst is conducting monitoring against an authorized team that will perform adversarial techniques. This means that the analyst is observing and evaluating the performance of another team that is simulating real-world attacks against the organization's systems or networks. This could be either a red team or a purple team, depending on whether they are working independently or collaboratively with the defensive team. The analyst interacts with the team twice per day to set the stage for the techniques to be used. This means that the analyst is providing guidance and feedback to the team on how to conduct their testing and what techniques to use. This could also involve setting up scenarios, objectives, rules of engagement, and success criteria for the testing. This implies that the analyst is facilitating and training the team to improve their skills and capabilities in cybersecurity. Therefore, based on these descriptions, the analyst is a member of an orange team, which is involved in facilitation and training of other teams in cybersecurity.


質問 # 64
Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and evaluate the effectiveness of the plans in place. Which of the following incident management life cycle processes does this describe?

  • A. Forensic analysis
  • B. Incident response plan
  • C. Business continuity plan
  • D. Lessons learned

正解:D

解説:
The lessons learned process is the final stage of the incident management life cycle, where the incident team reviews the incident and evaluates the effectiveness of the response and the plans in place. The lessons learned report should include the who-what-when information and any recommendations for improvement123 Reference: 1: What is incident management? Steps, tips, and best practices 2: 5 Steps of the Incident Management Lifecycle | RSI Security 3: Navigating the Incident Response Life Cycle: A Comprehensive Guide


質問 # 65
A vulnerability scanner generates the following output:

The company has an SLA for patching that requires time frames to be met for high-risk vulnerabilities. Which of the following should the analyst prioritize first for remediation?

  • A. SSL Self-signed Certificate
  • B. Redis Server
  • C. Oracle JDK
  • D. Cisco Webex

正解:B


質問 # 66
The security operations team is required to consolidate several threat intelligence feeds due to redundant tools and portals. Which of the following will best achieve the goal and maximize results?

  • A. Single pane of glass
  • B. Data enrichment
  • C. Deduplication
  • D. Single sign-on

正解:C

解説:
Explanation
Deduplication is a process that involves removing any duplicate or redundant data or information from a data set or source. Deduplication can help consolidate several threat intelligence feeds by eliminating any overlapping or repeated indicators of compromise (IoCs), alerts, reports, or recommendations. Deduplication can also help reduce the volume and complexity of threat intelligence data, as well as improve its quality, accuracy, or relevance.


質問 # 67
A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire company. The link resulted in a malware download, which was subsequently installed and run.
INSTRUCTIONS
Part 1
Review the artifacts associated with the security incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.
Part 2
Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used.

Firewall log:


File integrity Monitoring Report:


Malware domain list:

Vulnerability Scan Report:


Phishing Email:

正解:

解説:

Explanation:
A screenshot of a computer Description automatically generated


質問 # 68
A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

正解:

解説:


質問 # 69
A security analyst needs to provide a copy of a hard drive for forensic analysis.
Which of the following would allow the analyst to perform the task?

  • A. tar -zcf /mnt/usb/evidence.tar.gz / -except /mnt; sha256sum /mnt/usb/evidence.tar.gz >
    /mnt/usb/evidence.tar.gz.hash
  • B. dcfldd if=/dev/one of=/mnt/usb/evidence.bin hash=md5, sha1
    hashlog=/mnt/usb/evidence.bin.hashlog
  • C. find / -type f -exec cp {} /mnt/usb/evidence/ \; sha1sum /mnt/usb/evidence/* >
    /mnt/usb/evidence/evidence.hash
  • D. dd if=/dev/sda of=/mnt/usb/evidence.bin bs=4096; sha5l2sum /mnt/usb/evidence.bin >
    /mnt/usb/evidence.bin.hash

正解:D


質問 # 70
Each time a vulnerability assessment team shares the regular report with other teams, inconsistencies regarding versions and patches in the existing infrastructure are discovered.
Which of the following is the best solution to decrease the inconsistencies?

  • A. Changing from a passive to an active scanning approach
  • B. Implementing credentialed scanning
  • C. Performing agentless scanning
  • D. Implementing a central place to manage IT assets

正解:D

解説:
Implementing a central place to manage IT assets is the best solution to decrease the inconsistencies regarding versions and patches in the existing infrastructure. A central place to manage IT assets, such as a configuration management database (CMDB), can help the vulnerability assessment team to have an accurate and up-to-date inventory of all the hardware and software components in the network, as well as their relationships and dependencies. A CMDB can also track the changes and updates made to the IT assets, and provide a single source of truth for the vulnerability assessment team and other teams to compare and verify the versions and patches of the infrastructure. Implementing credentialed scanning, changing from a passive to an active scanning approach, and performing agentless scanning are all methods to improve the vulnerability scanning process, but they do not address the root cause of the inconsistencies, which is the lack of a central place to manage IT assets.


質問 # 71
Which of the following documents sets requirements and metrics for a third-party response during an event?

  • A. DRP
  • B. SLA
  • C. MOU
  • D. BIA

正解:B

解説:
A Service Level Agreement (SLA) defines the expectations, requirements, and metrics for third- party services, including response times and responsibilities during an event.
SLAs set clear expectations for third-party services, including response times, performance metrics, and specific requirements during incidents. SLAs ensure accountability for external providers during critical events.


質問 # 72
......

確認済みCS0-003試験問題集と解答で時間限定無料提供!CS0-003には正解付き:https://www.passtest.jp/CompTIA/CS0-003-shiken.html

CS0-003試験問題、リアルCS0-003練習問題集:https://drive.google.com/open?id=1d88SSveJ9mTZ4oOwJsBUZ3doJ3gR2o4E