SY0-601無料問題集「CompTIA Security+」

質問 1

The SOC detected an increase in failed authentication attempts over the weekend. An engineer reviewed the following log output:

Which of the following is the most likely attack based on the log information?

（A）Rootkit

（B）Key logger

（C）SQL injection

（D）Null authentication

（E）Brute-force

正解：E 解答を投票する

質問 2

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

（A）NGFW

（B）Proxy server

（C）Jump server

（D）WAF

正解：C 解答を投票する

質問 3

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

（A）VLAN

（B）Incremental backups

（C）RAID

（D）Load balancing

（E）Dual power supply

（F）UPS

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

（A）Deterrent

（B）Compensating

（C）Preventive

（D）Detective

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A company's marketing department collects, modifies, and stores sensitive customer dat a. The infrastructure team is responsible for Securing the data while in transit and at rest. Which of the following data roles describes the customer?

（A）Processor

（B）Custodian

（C）Owner

（D）Subject

正解：B 解答を投票する

質問 6

Which of the following provides guidelines for the management and reduction of information security risk?

（A）NISTCSF

（B）CIS

（C）PCIDSS

（D）ISO

正解：A 解答を投票する

質問 7

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

（A）A business partnership agreement

（B）A SOC 2 Type 2 report

（C）A service-level agreement

（D）A memorandum of understanding

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

（A）Continuous monitoring

（B）Continuous validation

（C）Continuous integration

（D）Continuous deployment

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

When a newly developed application was tested a specific internal resource was unable to be accessed Which of the following should be done to ensure the application works correctly?

（A）Utilize standard network protocols

（B）Modify the allow/deny list for those specific resources

（C）Configure the application in a sandbox environment

（D）Follow the secure coding practices for the internal resource

正解：B 解答を投票する

質問 10

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

（A）Lack of support

（B）Lack of security updates

（C）Lack of new features

（D）Lack of source code access

正解：B 解答を投票する

質問 11

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

（A）Tokenization

（B）Obfuscation

（C）Hashing

（D）Segmentation

正解：A 解答を投票する

質問 12

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following best describes this form of security control?

（A）Technical

（B）Managerial

（C）Physical

（D）Operational

正解：C 解答を投票する

質問 13

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

（A）Password vaults

（B）OAuth

（C）TACACS+

（D）SAML

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

（A）CSRF. implement an IPS

（B）XSS. mplement a SIEM

（C）Directory traversal implement a WAF

（D）SQL infection, mplement an IDS

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which of the following is the final step of the incident response process?

（A）Lessons learned

（B）Eradication

（C）Containment

（D）Recovery

正解：A 解答を投票する

質問 16

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

（A）The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

（B）The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

（C）The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

（D）The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

In order to save on expenses Company A and Company B agree to host each other's compute and storage disaster recovery sites at their primary data centers The two data centers are about a mile apart, and they each have their own power source When necessary, one company will escort the other company to its data center. Which of the following is the greatest risk with this arrangement?

（A）The data center sites are not geographically dispersed

（B）A redundant power source for disaster recovery is lacking

（C）The physical security resources are shared

（D）In an emergency, escorted access may not be timely enough.

正解：A 解答を投票する

SY0-601 無料問題集「CompTIA Security+」

弊社を連絡する

関連リンク

トップ試験