CS0-002テスト問題練習試そう!2024年に更新された371問あります [Q148-Q173]

Share

CS0-002テスト問題練習試そう!2024年に更新された371問あります

更新された2024年12月プレミアムCS0-002試験エンジンPDFで今すぐダウンロード!無料更新された371問あります


Comptia Cyber​​securityアナリスト(CYSA+)認定は、サイバーセキュリティの知識とスキルを向上させたいITプロフェッショナル向けに設計されたベンダーに中立な資格情報です。 CS0-002としても知られる認定試験は、サイバーセキュリティの脅威と脆弱性を特定し、データ分析と解釈を実行し、適切な緩和手法を適用する候補者の能力を検証するように設計されています。


CompTIA CS0-002試験は、85の多肢選択問題と性能ベースの問題から構成され、受験者は165分以内に回答する必要があります。試験は英語と日本語で利用可能で、受験者は認定を取得するために900点中750点以上の合格点を取得する必要があります。試験は、世界中のどのピアソンVUEテストセンターでも受験でき、受験者はCompTIAのウェブサイトで試験に登録できます。

 

質問 # 148
A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable.
This month, the security team found the same vulnerability on the server.
Which of the following should be done to correct the cause of the vulnerability?

  • A. Install a HIPS on the server.
  • B. Deploy a WAF in front of the application.
  • C. Implement a software repository management tool.
  • D. Instruct the developers to use input validation in the code.

正解:C


質問 # 149
A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied.
When conducting the scan, the analyst received the following code snippet of results:

Which of the following describes the output of this scan?

  • A. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.
  • B. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.
  • C. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.
  • D. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.

正解:D


質問 # 150
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

  • A. Line 2
  • B. Line 6
  • C. Line 4
  • D. Line 5
  • E. Line 3
  • F. Line 1

正解:C


質問 # 151
Which of the following is a vulnerability when using Windows as a host OS for virtual machines?

  • A. Windows requires frequent patching.
  • B. Windows virtualized environments are typically unstable.
  • C. Windows is vulnerable to the "ping of death".
  • D. Windows requires hundreds of open firewall ports to operate.

正解:C


質問 # 152
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/
"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org http://www.w3.org/2001/XMLSchema-instance
"></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap
<<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>[email protected]
192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body><
192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/ http://tempuri.org/">
<request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="
http://www.w3.org/2001/XMLSchema-instance
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0<
<a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authe
192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

  • A. An XSS scripting attack was carried out on the server.
  • B. A SQL injection attack was carried out on the server.
  • C. The clients' usernames and passwords were transmitted in cleartext.
  • D. The clients' authentication tokens were impersonated and replayed.

正解:C


質問 # 153
Understanding attack vectors and integrating intelligence sources are important components of:

  • A. proactive threat hunting
  • B. risk management compliance.
  • C. a vulnerability management plan.
  • D. an incident response plan.

正解:C

解説:
Explanation
threat hunting activities.
1. Establishing a hypothesis,
2. Profile threat actors/activities,
3. Threat hunting tactics,
4. Reducing attack surface,
5. Bundle critical systems/assets into groups/protected zones,
6. Attack vectors understood, assessed and addressed
7. Integrated intelligence
8. Improving detection capabilities.


質問 # 154
A centralized tool for organizing security events and managing their response and resolution is known as:

  • A. SIEM
  • B. Wireshark
  • C. Syslog
  • D. HIPS

正解:A


質問 # 155
The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems.
Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

  • A. Execute the ver command
  • B. Use Wireshark to export a list
  • C. Execute the nmap -pcommand
  • D. Use credentialed configuration

正解:A


質問 # 156
A security analyst is making recommendations for securing access to the new forensic workstation and workspace. Which of the following security measures should the analyst recommend to protect access to forensic data?

  • A. Secure ID token
    Security reviews of the system at least yearly
    Polarized lens protection
  • B. Multifactor authentication
    Polarized lens protection
    Physical workspace isolation
  • C. Bright lightning in all access areas
    Security reviews of the system at least yearly
    Multifactor authentication
  • D. Two-factor authentication into the building
    Separation of duties
    Warning signs placed in clear view

正解:B


質問 # 157
As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?

  • A. Service-level agreements
  • B. Legal requirements
  • C. Organizational policies
  • D. Vendor requirements and contracts

正解:B


質問 # 158
Review the following results:

Which of the following has occurred?

  • A. 172.29.0.109 is infected with a worm.
  • B. 123.120.110.212 is infected with a Trojan.
  • C. This is normal network traffic.
  • D. 172.29.0.109 is infected with a Trojan.

正解:C


質問 # 159
During a review of security controls, an analyst was able to connect to an external, unsecured FTP server from a workstation. The analyst was troubleshooting and reviewed the ACLs of the segment firewall the workstation is connected to:

Based on the ACLs above, which of the following explains why the analyst was able to connect to the FTP server?

  • A. FTP was allowed as being outbound from Seq 9 of the ACL.
  • B. FTP was allowed as being included in Seq 3 and Seq 4 of the ACL.
  • C. FTP was explicitly allowed in Seq 8 of the ACL.
  • D. FTP was allowed in Seq 10 of the ACL.

正解:C


質問 # 160
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

  • A. ICMP is being blocked by a firewall.
  • B. hping3 is returning a false positive.
  • C. The original ping command needed root permission to execute.
  • D. The routing tables for ping and hping3 were different.

正解:A


質問 # 161
A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

  • A. TLS
  • B. MFA
  • C. SIEM
  • D. IDS

正解:B


質問 # 162
A cybersecurity analyst was asked to review several results of web vulnerability scan logs.
Given the following snippet of code:

Which of the following BEST describes the situation and recommendations to be made?

  • A. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network.
    The code should include the domain name. Recommend the entry be updated with the domain name.
  • B. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network.
    Recommend making the iframe visible. Fixing the code will correct the issue.
  • C. The security analyst has discovered an embedded iframe that is hidden from users accessing the web page. This code is correct. This is a design preference, and no vulnerabilities are present.
  • D. The security analyst has discovered an embedded iframe pointing to source IP 65.240.22.1 network.
    The link is hidden and suspicious. Recommend the entry be removed from the web page.

正解:C


質問 # 163
A company wants to reduce the cost of deploying servers to support increased network growth. The company is currently unable to keep up with the demand, so it wants to outsource the infrastructure to a cloud-based solution.
Which of the following is the GREATEST threat for the company to consider when outsourcing its infrastructure?

  • A. The cloud service provider conducts a system backup each weekend and once a week during peak business times.
  • B. The cloud service provider has an SLA for system uptime that is lower than 99 9%.
  • C. The cloud service provider is unable to provide sufficient logging and monitoring.
  • D. The cloud service provider is unable to issue sufficient documentation for configurations.

正解:D


質問 # 164
A company has a popular shopping cart website hosted geographically diverse locations. The company has started hosting static content on a content delivery network (CDN) to improve performance. The CDN provider has reported the company is occasionally sending attack traffic to other CDN-hosted targets.
Which of the following has MOST likely occurred?

  • A. The company has been breached, and customer PII is being exfiltrated to the CDN.
  • B. A vulnerability scan has tuned to exclude web assets hosted by the CDN.
  • C. The CDN provider has mistakenly performed a GeoIP mapping to the company.
  • D. The CDN provider has misclassified the network traffic as hostile.

正解:A


質問 # 165
An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

  • A. Perform an Nmap scan on all devices before they are released to production
  • B. Perform password-cracking attempts on all devices going into production
  • C. Perform antivirus scans on all devices before they are approved for production
  • D. Perform automated security controls testing of expected configurations pnor to production

正解:D


質問 # 166
A customer notifies a security analyst that a web application is vulnerable to information disclosure The analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to calculate When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat configuration file must be modified Which of the following values should the security analyst choose when evaluating the CVSS score?

  • A. Adjacent
  • B. Local
  • C. Network
  • D. Physical

正解:C


質問 # 167
A cybersecurity analyst is investigating an incident report concerning a specific user workstation.
The workstation is exhibiting high CPU and memory usage, even when first started, and network bandwidth usage is extremely high. The user reports that applications crash frequently, despite the fact that no significant changes in work habits have occurred. An antivirus scan reports no known threats. Which of the following is the MOST likely reason for this?

  • A. Advanced persistent threat
  • B. Zero day
  • C. Logic bomb
  • D. Trojan

正解:B


質問 # 168
An application contains the following log entries in a file named "authlog.log":

A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?

  • A. cat "authlog.log" | grep "User" | cut -F' ' | echo "username exists: $1"
  • B. grep -e "successfully" authlog.log | awk '{print $2}' | sed s/\'//g
  • C. echo authlog.log > sed 's/User//' | print "username exists: $User"
  • D. cat authlog.log | grep "2016-01-01" | echo "valid username found: $2"

正解:A


質問 # 169
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability.
Which of the following would be the MOST appropriate to remediate the controller?

  • A. Install an IDS on the network between the switch and the legacy equipment.
  • B. Segment the network to constrain access to administrative interfaces.
  • C. Remove the legacy hardware from the network.
  • D. Replace the equipment that has third-party support.

正解:A


質問 # 170
A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to achieve this goal?

  • A. Focus on common attack vectors first.
  • B. Focus on incidents that have a high chance of reputation harm.
  • C. Focus on incidents that may require law enforcement support.
  • D. Focus on incidents that affect critical systems.

正解:D

解説:
An incident response plan should cover the most important and likely scenarios that could compromise the security and operations of an organization. According to various sources of best practices123, an incident response plan should start by conducting a risk assessment to identify potential threats and vulnerabilities, and prioritize the critical systems that need to be protected and restored in case of an incident. Focusing on incidents that affect critical systems ensures that the incident response plan covers the most severe and impactful situations that could harm the organization's mission, reputation, or legal obligations.


質問 # 171
During an investigation, an analyst discovers the following rule in an executive's email client:

The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

  • A. Recommend that the management team implement SPF and DKIM.
  • B. Use the SIEM to correlate logging events from the email server and the domain server.
  • C. Check the server logs to evaluate which emails were sent to <someaddress@domain,com>.
  • D. Remove the rule from the email client and change the password.

正解:C

解説:
Checking the server logs to evaluate which emails were sent to <someaddress@domain,com> is the first action the analyst should do to evaluate the potential impact of this security incident. Server logs are records of events or activities that occur on a server, such as email transactions, web requests, or authentication attempts. Checking the server logs can help to determine how many emails were sent to <someaddress@domain,com>, when they were sent, who sent them, and what they contained. This can help to assess the scope and severity of the incident and plan further actions .


質問 # 172
A list of vulnerabilities has been reported in a company's most recent scan of a server. The security analyst must review the vulnerabilities and decide which ones should be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the following vulnerabilities should the analyst remediate FIRST?

  • A. The analyst should remediate imaps (993/tcp) first. The SSLv2 suite offers five strong ciphers and two weak "export class" ciphers.
  • B. The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain a shell on this host or disable this server.
  • C. The analyst should remediate https (443/tcp) first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linux w/ mod_fastcgi.
  • D. The analyst should remediate ftp (21/tcp) first. An outdated version of FTP is running on this port.
    If it is not in use, it should be disabled.

正解:B


質問 # 173
......


CompTIAサイバーセキュリティアナリスト(CYSA+)認定試験は、サイバーセキュリティ分野でのスキルと知識を検証したい専門家にとって貴重な認定です。 CS0-002試験は、幅広いサイバーセキュリティのトピックをカバーしており、実際のシナリオに対応する候補者の能力をテストするように設計されています。候補者は、サイバーセキュリティで少なくとも3〜4年の実践的な経験を持ち、CYSA+試験を受ける前にCompTIAセキュリティ+認定を完了することをお勧めします。

 

正真正銘のCS0-002問題集には100%合格率練習テスト問題集:https://www.passtest.jp/CompTIA/CS0-002-shiken.html

CompTIA CS0-002リアル試験問題保証付き更新された問題集にはPassTest:https://drive.google.com/open?id=1y6ma-UTFHc9HO-VDTYAvoaUpAuc2rFGv