CS0-002無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

質問 1

A security analyst is logged on to a jump server to audit the system configuration and status. The organization's policies for access to and configuration of the jump server include the following:
* No network access is allowed to the internet.
* SSH is only for management of the server.
* Users must utilize their own accounts, with no direct login as an administrator.
* Unnecessary services must be disabled.
The analyst runs netstar with elevated permissions and receives the following output:

Which of the following policies does the server violate?

（A）Users must utilize their own accounts, with no direct login as an administrator.

（B）No network access is allowed to the internet.

（C）SSH is only for management of the server.

（D）Unnecessary services must be disabled.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A security analyst is evaluating the following support ticket:
Issue: Marketing campaigns are being filtered by the customer's email servers.
Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:
* The SPF result is PermError.
* The SPF result is SoftFail or Fail.
* The 550 SPF check failed.
Which of the following should the analyst do next?

（A）Ask the customers to disable SPF validation.

（B）Ask the marketing partner's ISP to disable the DKIM setting.

（C）Request a configuration change on the company's public DNS.

（D）Request approval to disable DMARC on the company's ISP.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

（A）Rebooting the phone and installing the latest security updates

（B）Unlocking the device by blowing the eFuse

（C）Documenting the respective chain of custody

（D）Resetting the phone to factory settings

（E）Performing a memory dump of the mobile device for analysis

（F）Uninstalling any potentially unwanted programs

正解：C、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

（A）Smart cards

（B）Biometrics

（C）Multifactor authentication

（D）Increased password-rotation frequency

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A risk assessment concludes that the perimeter network has the highest potential for compromise by an attacker, and it is labeled as a critical risk environment. Which of the following is a valid compensating control to reduce the volume of valuable information in the perimeter network that an attacker could gain using active reconnaissance techniques?

（A）A control that demonstrates that access to a system is only allowed by using SSH

（B）A control that demonstrates that the network security policy is reviewed and updated yearly

（C）A control that demonstrates that all systems authenticate using the approved authentication method

（D）A control that demonstrates that firewall rules are peer reviewed for accuracy and approved before deployment

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

An organization has a policy that requires dedicated user accounts to run programs that need elevated privileges. Users must be part of a group that allows elevated permissions. While reviewing security logs, an analyst sees the following:

Which of the following hosts violates the organizational policies?

（A）ford

（B）lincoln

（C）gremlin

（D）pacer

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacks used privilege escalation to gain access to SCADA administration and access management solutions would help to mitigate this risk?

（A）Endpoint detection and response

（B）Multifactor authentication

（C）Role-based access control

（D）Manual access reviews

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following can detect vulnerable third-parly libraries before code deployment?

（A）Dynamic analysis

（B）Static analysis

（C）Protocol analysis

（D）Impact analysis

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

（A）Prepared statements

（B）Client-side input encoding

（C）Disabled JavaScript filtering

（D）Server-side input validation

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step the company should take to ensure any future issues are remediated?

（A）Require support teams to develop a preventive control that ensures new systems are built with the required security configurations.

（B）Require support teams to develop a corrective control that ensures security failures are addressed once they are identified.

（C）Require support teams to develop a detective control that ensures they continuously assess systems for configuration errors.

（D）Require support teams to develop a managerial control that ensures systems have a documented configuration baseline.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

A systems administrator believes a user's workstation has been compromised. The workstation's performance has been lagging significantly for the past several hours. The administrator runs the task list
/ v command and receives the following output:

Which of the following should a security analyst recognize as an indicator of compromise?

（A）The high usage of vscode. exe * 32

（B）dwm.exe being executed under the user context

（C）The abnormal behavior of paint.exe

（D）svchost.exe being executed as SYSTEM

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

（A）Data carving

（B）Volatile memory analysts

（C）System timeline reconstruction

（D）System registry extraction

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

A company creates digitally signed packages for its devices. Which of the following best describes the method by which the security packages are delivered to the company's customers?

（A）Antitamper mechanism

（B）SELinux

（C）eFuse

（D）Trusted firmware updates

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CS0-002 無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

弊社を連絡する

関連リンク

トップ試験