[Q101-Q126] 最新CompTIA CS0-002一発合格!試験リアル問題集最新の[2022年02月]

Share

最新CompTIA CS0-002一発合格!試験リアル問題集最新の[2022年02月]

良質なCS0-002問題集はここPassTest問題はあなたの合格させて見せます。明るい未来はクリックから始まる!

質問 101
After scanning the main company's website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:

The analyst reviews a snippet of the offending code:

Which of the following is the BEST course of action based on the above warning and code snippet?

  • A. The system administrator should disable SSL and implement TLS.
  • B. The developer should review the code and implement a code fix.
  • C. The organization should update the browser GPO to resolve the issue.
  • D. The analyst should implement a scanner exception for the false positive.

正解: C

 

質問 102
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

  • A. hping3 is returning a false positive.
  • B. ICMP is being blocked by a firewall.
  • C. The routing tables for ping and hping3 were different.
  • D. The original ping command needed root permission to execute.

正解: B

 

質問 103
An analyst is examining a system that is suspected of being involved in an intrusion.
The analyst uses the command `cat/etc/passwd' and receives the following partial output:

Based on the above output, which of the following should the analyst investigate further?

  • A. User `daemon' should not have a home directory of /usr/sbin
  • B. User `root' should not have a home directory of /root
  • C. User `news' should not have a default shell of /bin/bash
  • D. User `mail' should not have a default shell of /usr/sbin/nologin

正解: C

 

質問 104
A company has received the results of an external vulnerability scan from its approved scanning vendor. The company is required to remediate these vulnerabilities for clients within 72 hours of acknowledgement of the scan results.
Which of the following contract breaches would result if this remediation is not provided for clients within the time frame?

  • A. Regulatory compliance
  • B. Service level agreement
  • C. Memorandum of understanding
  • D. Organizational governance

正解: B

 

質問 105
An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

  • A. External and internal penetration testing by a third party
  • B. Tabtetop activities involving business continuity team members
  • C. Completion of lessons-learned documentation by the computer security incident response team
  • D. Completion of annual information security awareness training by ail employees
  • E. A simulated breach scenario evolving the incident response team

正解: E

 

質問 106
It is important to parameterize queries to prevent:

  • A. the queries from using an outdated library with security vulnerabilities.
  • B. the execution of unauthorized actions against a database.
  • C. a memory overflow that executes code with elevated privileges.
  • D. the establishment of a web shell that would allow unauthorized access.

正解: B

解説:
Reference:
https://stackoverflow.com/QUESTION NO:s/4712037/what-is-parameterized-query

 

質問 107
An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has received the following output from the latest scan:

The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap interrogate the ports on the target in more detail. Which of the following commands should the penetration tester use NEXT?

  • A. nmap -sS 192.168.1.13 -p1417
  • B. nmap 192.168.1.13 -v
  • C. sudo nmap -sS 192.168.1.13
  • D. nmap -sV 192.168.1.13 -p1417

正解: D

 

質問 108
A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report the applications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day.
Which of the following should a security architect recommend to improve the end-user experience without lowering the security posture?

  • A. Configure directory services with a federation provider to manage accounts.
  • B. Configure a web browser to cache the user credentials.
  • C. Configure user accounts for self-service account management.
  • D. Create a group policy to extend the default system lockout period.

正解: D

 

質問 109
A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?

  • A. To reduce the number of IP addresses that are used on the network
  • B. To complicate the network and frustrate a potential malicious attacker
  • C. To create a design that simplifies the supporting network
  • D. To reduce the attack surface of those systems by segmenting the network based on risk

正解: D

 

質問 110
A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident Which of the followinq threat research methodoloqies would be MOST appropriate for the analyst to use?

  • A. Reputation data
  • B. Risk assessment
  • C. Behavioral analysis
  • D. CVSS score

正解: C

 

質問 111
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?

  • A. Retention standards
  • B. Sanitization policy
  • C. Encryption policy
  • D. Data sovereignty

正解: A

 

質問 112
A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

  • A. Adding a banner to incoming messages that identifies the messages as external
  • B. Limiting email from the finance department to recipients on a pre-approved whitelist
  • C. Configuring email client settings to display all messages in plaintext when read
  • D. Implementing a sandboxing solution for viewing emails and attachments

正解: A

 

質問 113
A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

  • A. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.
  • B. Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
  • C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
  • D. Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.

正解: A

 

質問 114
A network attack that is exploiting a vulnerability in the SNMP is detected.
Which of the following should the cybersecurity analyst do FIRST?

  • A. Disable all privileged user accounts on the network.
  • B. Temporarily block the attacking IP address.
  • C. Apply the required patches to remediate the vulnerability.
  • D. Escalate the incident to senior management for guidance.

正解: C

解説:
Reference:
https://beyondsecurity.com/scan-pentest-network-vulnerabilities-snmp-protocol-version- detection.html

 

質問 115
During an investigation, an incident responder intends to recover multiple pieces of digital media. Before removing the media, the responder should initiate:

  • A. malware scans.
  • B. secure communications.
  • C. chain of custody forms.
  • D. decryption tools.

正解: C

 

質問 116
Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

  • A. Change PubkeyAuthentication yes to #PubkeyAuthentication yes
  • B. Change PassworAuthentication yes to PasswordAuthentication no
  • C. Change #AuthorizedKeysFile sh/.ssh/authorized_keys to AuthorizedKeysFile sh/ .ssh/authorized_keys
  • D. Change ChallengeResponseAuthentication yes to ChallangeResponseAuthentication no
  • E. Change PermitRootLogin no to #PermitRootLogin yes

正解: B

 

質問 117
After completing a vulnerability scan, the following output was noted:

Which of the following vulnerabilities has been identified?

  • A. Web application cryptography vulnerability.
  • B. VPN tunnel vulnerability.
  • C. PKI transfer vulnerability.
  • D. Active Directory encryption vulnerability.

正解: A

 

質問 118
A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analyst discovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?

  • A. Notify the Chief Privacy Officer (CPO)
  • B. Put an ACL on the gateway router
  • C. Activate the incident response plan
  • D. Contact the Office of Civil Rights (OCR) to report the breach

正解: B

 

質問 119
During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving?

  • A. The system memory
  • B. The Windows Registry
  • C. Network packets
  • D. The hard drive

正解: A

解説:
Explanation/Reference: https://resources.infosecinstitute.com/memory-forensics/#gref
https://www.computerhope.com/jargon/d/data-carving.htm

 

質問 120
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

  • A. Network assets used in previous attacks attributed to the threat actor
  • B. IP addresses used by the threat actor for command and control
  • C. Custom malware attributed to the threat actor from prior attacks
  • D. Email addresses and phone numbers tied to the threat actor
  • E. Social media accounts attributed to the threat actor

正解: A

 

質問 121
A cybersecurity analyst is responding to an incident. The company's leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  • A. Kill chain
  • B. Intelligence cycle
  • C. MITRE ATT&CK
  • D. Diamond Model of Intrusion Analysis

正解: A

 

質問 122
After running a packet analyzer on the network, a security analyst has noticed the following output:

Which of the following is occurring?

  • A. A service discovery
  • B. A port scan
  • C. A ping sweep
  • D. A network map

正解: B

 

質問 123
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A. A connection from the database to the web front end is communicating on the port
  • B. Someone has configured an unauthorized SMTP application over SSL
  • C. The server is receiving a secure connection using the new TLS 1.3 standard
  • D. The traffic is common static data that Windows servers send to Microsoft

正解: B

 

質問 124
A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

  • A. Password policy
  • B. Account management policy
  • C. Data ownership policy
  • D. Access control policy

正解: A

 

質問 125
A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

  • A. $300.000
  • B. $1.425 million
  • C. $75.000
  • D. $1.5 million

正解: C

 

質問 126
......

CompTIA練習テストエンジンCS0-002問題:https://drive.google.com/open?id=1j1gUnuVKsshSIwrTjMn1ZN40EHHuurfY

試験合格保証有効なCompTIA CS0-002問題集:https://www.passtest.jp/CompTIA/CS0-002-shiken.html