CompTIA CySA+ CS0-002試験と認定テストエンジン [Q109-Q128]

Share

(PDF)CompTIA CySA+ CS0-002試験と認定テストエンジン

無料提供中のCS0-002試験問題集で(2022年最新のPDF問題集)信頼度の高いCS0-002テストエンジン

質問 109
Which of the following types of policies is used to regulate data storage on the network?

  • A. Account management
  • B. Password
  • C. Acceptable use
  • D. Retention

正解: D

 

質問 110
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

  • A. Determine if DNS logging is enabled.
  • B. Shut down the computer
  • C. Review the network logs.
  • D. Capture live data using Wireshark
  • E. Take a snapshot

正解: D

 

質問 111
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

  • A. Tool A is unauthenticated.
  • B. Tool B is unauthenticated.
  • C. Tool A is agent based.
  • D. Tool B utilized machine learning technology.
  • E. Tool B is agent based.
  • F. Tool A used fuzzing logic to test vulnerabilities.

正解: A,E

 

質問 112
An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions.
Which of the following technologies meet the compatibility requirement? (Select three.)

  • A. 3DES
  • B. PGP
  • C. TEMPEST
  • D. SSL/TLS
  • E. IDEA
  • F. PKCS
  • G. AES

正解: D,F,G

 

質問 113
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution?

  • A. Virtualize the system and decommission the physical machine.
  • B. Remove it from the network and require air gapping.
  • C. Only allow access to the system via a jumpbox
  • D. Implement MFA on the specific system.

正解: A

 

質問 114
A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and required all administrators of this system to attend mandatory training.
Which of the following BEST describes the control being implemented?

  • A. Audit remediation
  • B. Access control
  • C. Multifactor authentication
  • D. Defense in depth

正解: D

 

質問 115
Alerts have been received from the SIEM, indicating infections on multiple computers. Base on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

  • A. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.
  • B. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot.
    Permit the URLs classified as uncategorized to and from that host.
  • C. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
  • D. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

正解: D

 

質問 116
Which of the following BEST describes the offensive participants in a tabletop exercise?

  • A. Red team
  • B. Operations team
  • C. System administrators
  • D. Blue team
  • E. Security analysts

正解: A

 

質問 117
A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks.
To BEST mitigate this risk, the analyst should use.

  • A. an 802.11ac wireless bridge to create an air gap.
  • B. a managed switch to segment the lab into a separate VLAN.
  • C. a firewall to isolate the lab network from all other networks.
  • D. an unmanaged switch to segment the environments from one another.

正解: C

 

質問 118
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking
http://<malwaresource>/a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.

  • A. firewall to block connection attempts to dynamic DNS hosts.
  • B. proxy to block all connections to <malwaresource>.
  • C. IDS to match the malware sample.
  • D. email server that automatically deletes attached executables.

正解: B

 

質問 119
A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named Webserverlist. Xml. The host list is provided in a file named werbserverlist,text. Which of the fallowing Nmap commands would BEST accomplish this goal?
A)

B)

C)

D)

  • A. Option D
  • B. Option B
  • C. Option C
  • D. Option A

正解: D

 

質問 120
Given the following access log:

Which of the following accurately describes what this log displays?

  • A. A vulnerability in Javascript
  • B. Application integration with an externally hosted database
  • C. A vulnerability in jQuery
  • D. A vulnerability scan performed from the Internet

正解: D

 

質問 121
A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used?

  • A. Data encoding
  • B. Data loss prevention
  • C. Data classification
  • D. Data masking

正解: B

 

質問 122
Clients are unable to access a company's API to obtain pricing data. An analyst discovers sources other than clients are scraping the API for data, which is causing the servers to exceed available resources. Which of the following would be BEST to protect the availability of the APIs?

  • A. Certificate-based authentication
  • B. Virtual private network
  • C. IP whitelisting
  • D. Web application firewall

正解: D

 

質問 123
A company's incident response team is handling a threat that was identified on the network. Security analysts have determined a web server is making multiple connections from TCP port 445 outbound to servers inside its subnet as well as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?

  • A. Enable web server containerization
  • B. Quarantine the web server
  • C. Capture a forensic image of the memory and disk
  • D. Deploy virtual firewalls

正解: B

解説:
Explanation/Reference:

 

質問 124
A security analyst needs to reduce the overall attack surface.
Which of the following infrastructure changes should the analyst recommend?

  • A. Air gap sensitive systems.
  • B. Implement a cloud-based architecture.
  • C. Implement a honeypot.
  • D. Increase the network segmentation.

正解: D

 

質問 125
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

  • A. This is a false negative and the new computers need to be updated by the desktop team
  • B. This is a false positive and the scanning plugin needs to be updated by the vendor
  • C. This is a true positive and the new computers were imaged with an old version of the software
  • D. This is a true negative and the new computers have the correct version of the software

正解: C

 

質問 126
A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC:
../../../../bin/bash
Which of the following commands can be used to determine if the string is present in the log?

  • A. cat access.log > grep "../../../ ../bin/bash"
  • B. grep "../../../../bin/bash" 1 cat access.log
  • C. grep "../../../. ./bin/bash" < access.log
  • D. echo access.log | grep "../../../../bin/bash"

正解: C

 

質問 127
Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

  • A. Use a UEFl boot password.
  • B. Implement a self-encrypted disk.
  • C. Configure filesystem encryption
  • D. Enable Secure Boot using TPM

正解: C

 

質問 128
......

CS0-002完全版問題集には無料PDF問題で合格させる:https://www.passtest.jp/CompTIA/CS0-002-shiken.html

CS0-002PDFで最近更新された問題です集試験点数を伸ばそう:https://drive.google.com/open?id=1y6ma-UTFHc9HO-VDTYAvoaUpAuc2rFGv