最新の2022年02月14日試験エンジン練習問題CS0-001最新の有効問題集を提供中です
試験解答はCS0-001最新版テストエンジンをタダで提供します
CompTIA CS0-001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
| トピック 12 |
|
| トピック 13 |
|
| トピック 14 |
|
| トピック 15 |
|
質問 165
During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the legitimacy of the team.
Which of the following information should be shown to the officer?
- A. Scope of work
- B. Letter of engagement
- C. Team reporting
- D. Timing information
正解: B
質問 166
External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?
- A. Regression testing
- B. Input validation
- C. Stress testing
- D. Fuzzing
正解: C
質問 167
Which of the following tools should an analyst use to scan for web server vulnerabilities?
- A. Wireshark
- B. SolarWinds
- C. Qualys
- D. ArcSight
正解: C
質問 168
Alerts have been received from the SIEM, indicating infections on multiple computers. Base on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?
- A. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.
- B. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot.
Permit the URLs classified as uncategorized to and from that host. - C. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
- D. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.
正解: D
質問 169
In order to the leverage the power of data correlation with Nessus, a cybersecurity analyst must first be able to create a table for the scan results.
Given the following snippet of code:
Which of the following output items would be correct?
A:
B:
C:
D:
- A. Option D
- B. Option B
- C. Option A
- D. Option C
正解: D
質問 170
After completing a vulnerability scan, the following output was noted:
Which of the following vulnerabilities has been identified?
- A. PKI transfer vulnerability.
- B. VPN tunnel vulnerability.
- C. Active Directory encryption vulnerability.
- D. Web application cryptography vulnerability.
正解: A
解説:
Explanation/Reference:
Explanation:
質問 171
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?
- A. Wireshark
- B. netstat
- C. nmap
- D. Qualys
- E. ping
正解: C
解説:
Section: (none)
Explanation/Reference:
Explanation:
質問 172
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?
- A. PII exfiltration
- B. Packet of death
- C. Known virus
- D. Zero-day malware
正解: D
解説:
Section: (none)
Explanation/Reference:
Explanation:
質問 173
A recent vulnerability scan found four vulnerabilities on an organization's public Internet-facing IP
addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following
should be remediated FIRST?
- A. A buffer overflow that allows remote code execution.
- B. An HTTP response that reveals an internal IP address.
- C. A cipher that is known to be cryptographically weak.
- D. A website using a self-signed SSL certificate.
正解: A
解説:
Explanation/Reference:
Explanation:
質問 174
Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".
The administrator observed the following about the three servers:
* The servers are not accessible by the Internet
* AV programs indicate the servers have had malware as recently as two weeks ago
* The SIEM shows unusual traffic in the last 20 days
* Integrity validation of system files indicates unauthorized modifications Which of the following assessments is valid and what is the most appropriate NEXT step?
(Select TWO).
- A. Servers may be generating false positives via the SIEM
- B. Schedule recurring vulnerability scans on the servers
- C. Servers may have been tampered with
- D. Activate the incident response plan
- E. Immediately rebuild servers from known good configurations
- F. Servers may have been built inconsistently
正解: D,E
質問 175
A cybersecurity analyst has received an alert that well-known "call home" messages are continuously
observed by network sensors at the network boundary. The proxy firewall successfully drops the
messages. After determining the alert was a true positive, which of the following represents the MOST
likely cause?
- A. An outside command and control system is attempting to reach an infected system.
- B. An insider is trying to exfiltrate information to a remote network.
- C. Malware is running on a company system.
- D. Attackers are running reconnaissance on company resources.
正解: A
解説:
Explanation/Reference:
Explanation:
質問 176
A vulnerability scan has returned the following information:
Which of the following describes the meaning of these results?
- A. There is an unknown bug in a Lotus server with no Bugtraq ID.
- B. Connecting to the host using a null session allows enumeration of share names.
- C. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.
- D. Trend Micro has a known exploit that must be resolved or patched.
正解: B
質問 177
A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?
- A. Syslog
- B. OSSIM
- C. Splunk
- D. Kali
正解: C
質問 178
Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?
- A. The organization's VPN
- B. The organization's virtual infrastructure
- C. The organization's physical routers
- D. The organization's mobile devices
正解: B
質問 179
Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?
- A. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot. Permit the URLs classified as uncategorized to and from that host.
- B. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.
- C. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
- D. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.
正解: D
質問 180
While reviewing web server logs, a security analyst notices the following code:
Which of the following would prevent this code from performing malicious actions?
- A. Disabling the use of HTTP and requiring the use of HTTPS
- B. Requiring the application to use input validation
- C. Installing a network firewall in front of the application
- D. Performing web application penetration testing
正解: A
質問 181
......
CS0-001試験問題集で無料サンプルは365日更新されます:https://www.jpntest.com/shiken/CS0-001-mondaishu