最新の2022年02月14日試験エンジン練習問題CS0-001最新の有効問題集を提供中です [Q165-Q181]

Share

最新の2022年02月14日試験エンジン練習問題CS0-001最新の有効問題集を提供中です

試験解答はCS0-001最新版テストエンジンをタダで提供します


CompTIA CS0-001 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • シナリオを前提として、ソフトウェア開発ライフサイクル(SDLC)に参加しながら、アプリケーションセキュリティのベストプラクティスを使用する
トピック 2
  • さまざまなサイバーセキュリティツールとテクノロジーを使用する一般的な目的と理由を比較対照する
トピック 3
  • シナリオが与えられた場合、適切なツールとプロセスを使用して環境偵察手法を適用します
トピック 4
  • シナリオを前提として、情報セキュリティの脆弱性管理プロセスを実装する
トピック 5
  • シナリオを前提として、ネットワーク偵察の結果を分析します
トピック 6
  • シナリオが与えられたら、セキュリティアーキテクチャを確認し、補償制御を実装するための推奨事項を作成します
トピック 7
  • フレームワーク、共通のポリシー、コントロール、および手順の間の関係を説明する
トピック 8
  • シナリオを前提として、一般的な症状を分析して、インシデント対応をサポートするための最善の行動方針を選択します
トピック 9
  • インシデント対応プロセス中のコミュニケーションの重要性を説明する
トピック 10
  • シナリオが与えられたら、ツールキットを準備し、調査中に適切なフォレンジックツールを使用します
トピック 11
  • ネットワークベースの脅威を考慮して、適切な対応と対策を実装または推奨する
トピック 12
  • 組織内の次のターゲットに見られる一般的な脆弱性を比較対照する
トピック 13
  • インシデントの復旧とインシデント後の対応プロセスを要約する
トピック 14
  • シナリオを前提として、脆弱性スキャンの結果の出力を分析します
トピック 15
  • シナリオを前提として、データを使用してIDおよびアクセス管理に関連するセキュリティ問題の修正を推奨します

 

質問 165
During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the legitimacy of the team.
Which of the following information should be shown to the officer?

  • A. Scope of work
  • B. Letter of engagement
  • C. Team reporting
  • D. Timing information

正解: B

 

質問 166
External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?

  • A. Regression testing
  • B. Input validation
  • C. Stress testing
  • D. Fuzzing

正解: C

 

質問 167
Which of the following tools should an analyst use to scan for web server vulnerabilities?

  • A. Wireshark
  • B. SolarWinds
  • C. Qualys
  • D. ArcSight

正解: C

 

質問 168
Alerts have been received from the SIEM, indicating infections on multiple computers. Base on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

  • A. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.
  • B. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot.
    Permit the URLs classified as uncategorized to and from that host.
  • C. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
  • D. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

正解: D

 

質問 169
In order to the leverage the power of data correlation with Nessus, a cybersecurity analyst must first be able to create a table for the scan results.
Given the following snippet of code:

Which of the following output items would be correct?
A:

B:

C:

D:

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C

正解: D

 

質問 170
After completing a vulnerability scan, the following output was noted:

Which of the following vulnerabilities has been identified?

  • A. PKI transfer vulnerability.
  • B. VPN tunnel vulnerability.
  • C. Active Directory encryption vulnerability.
  • D. Web application cryptography vulnerability.

正解: A

解説:
Explanation/Reference:
Explanation:

 

質問 171
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

  • A. Wireshark
  • B. netstat
  • C. nmap
  • D. Qualys
  • E. ping

正解: C

解説:
Section: (none)
Explanation/Reference:
Explanation:

 

質問 172
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?

  • A. PII exfiltration
  • B. Packet of death
  • C. Known virus
  • D. Zero-day malware

正解: D

解説:
Section: (none)
Explanation/Reference:
Explanation:

 

質問 173
A recent vulnerability scan found four vulnerabilities on an organization's public Internet-facing IP
addresses. Prioritizing in order to reduce the risk of a breach to the organization, which of the following
should be remediated FIRST?

  • A. A buffer overflow that allows remote code execution.
  • B. An HTTP response that reveals an internal IP address.
  • C. A cipher that is known to be cryptographically weak.
  • D. A website using a self-signed SSL certificate.

正解: A

解説:
Explanation/Reference:
Explanation:

 

質問 174
Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".
The administrator observed the following about the three servers:
* The servers are not accessible by the Internet
* AV programs indicate the servers have had malware as recently as two weeks ago
* The SIEM shows unusual traffic in the last 20 days
* Integrity validation of system files indicates unauthorized modifications Which of the following assessments is valid and what is the most appropriate NEXT step?
(Select TWO).

  • A. Servers may be generating false positives via the SIEM
  • B. Schedule recurring vulnerability scans on the servers
  • C. Servers may have been tampered with
  • D. Activate the incident response plan
  • E. Immediately rebuild servers from known good configurations
  • F. Servers may have been built inconsistently

正解: D,E

 

質問 175
A cybersecurity analyst has received an alert that well-known "call home" messages are continuously
observed by network sensors at the network boundary. The proxy firewall successfully drops the
messages. After determining the alert was a true positive, which of the following represents the MOST
likely cause?

  • A. An outside command and control system is attempting to reach an infected system.
  • B. An insider is trying to exfiltrate information to a remote network.
  • C. Malware is running on a company system.
  • D. Attackers are running reconnaissance on company resources.

正解: A

解説:
Explanation/Reference:
Explanation:

 

質問 176
A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

  • A. There is an unknown bug in a Lotus server with no Bugtraq ID.
  • B. Connecting to the host using a null session allows enumeration of share names.
  • C. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.
  • D. Trend Micro has a known exploit that must be resolved or patched.

正解: B

 

質問 177
A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?

  • A. Syslog
  • B. OSSIM
  • C. Splunk
  • D. Kali

正解: C

 

質問 178
Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?

  • A. The organization's VPN
  • B. The organization's virtual infrastructure
  • C. The organization's physical routers
  • D. The organization's mobile devices

正解: B

 

質問 179
Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

  • A. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot. Permit the URLs classified as uncategorized to and from that host.
  • B. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.
  • C. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
  • D. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

正解: D

 

質問 180
While reviewing web server logs, a security analyst notices the following code:

Which of the following would prevent this code from performing malicious actions?

  • A. Disabling the use of HTTP and requiring the use of HTTPS
  • B. Requiring the application to use input validation
  • C. Installing a network firewall in front of the application
  • D. Performing web application penetration testing

正解: A

 

質問 181
......

CS0-001試験問題集で無料サンプルは365日更新されます:https://www.jpntest.com/shiken/CS0-001-mondaishu

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡