[2022年03月04日] 最新のCS0-001試験の的確なCompTIA Cybersecurity Analyst (CySA+) Certification ExamのPDF問題 [Q193-Q218]

Share

[2022年03月04日] 最新のCS0-001試験の的確なCompTIA Cybersecurity Analyst (CySA+) Certification ExamのPDF問題

CS0-001試験問題を練習するならJPNTest顕著なCompTIA Cybersecurity Analyst (CySA+) Certification Exam試験練習問題集

質問 193
After completing a vulnerability scan, the following output was noted:

Which of the following vulnerabilities has been identified?

  • A. PKI transfer vulnerability.
  • B. VPN tunnel vulnerability.
  • C. Active Directory encryption vulnerability.
  • D. Web application cryptography vulnerability.

正解: A

 

質問 194
File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:
chmod 777 -Rv /usr
Which of the following may be occurring?

  • A. Administrative functions have been locked from users.
  • B. The ownership of/usr has been changed to the root user.
  • C. The ownership pf /usr has been changed to the current user.
  • D. Administrative commands have been made world readable/writable.

正解: D

解説:
Explanation/Reference:
Explanation:

 

質問 195
An organization is conducting penetration testing to identify possible network vulnerabilities. The
penetration tester has received the following output from the latest scan:

The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap
interrogate the ports on the target in more detail. Which of the following commands should the penetration
tester use NEXT?

  • A. nmap -sS 192.168.1.13 -p1417
  • B. nmap 192.168.1.13 -v
  • C. sudo nmap -sS 192.168.1.13
  • D. nmap -sV 192.168.1.13 -p1417

正解: D

 

質問 196
A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

  • A. Web proxy
  • B. Network firewall
  • C. Intrusion prevention system
  • D. Web application firewall

正解: B

 

質問 197
A software patch has been released to remove vulnerabilities from company's software. A security analyst
has been tasked with testing the software to ensure the vulnerabilities have been remediated and the
application is still functioning properly. Which of the following tests should be performed NEXT?

  • A. Regression testing
  • B. User acceptance testing
  • C. Penetration testing
  • D. Fuzzing

正解: A

解説:
Explanation/Reference:
Explanation:
Reference: https://en.wikipedia.org/wiki/Regression_testing

 

質問 198
A vulnerability analyst needs to identity all systems with unauthorized web servers on the 10 1 1 0/24 network.
The analyst uses the following default Nmap scan:
nmap -sV -p 1-65535 10.1.1.0/24
Which of the following would be the result of running the above command?

  • A. This scan identities unauthorized serves
  • B. This scan probes all ports and returns open ones
  • C. This scan checks all TCP ports and returns versions
  • D. This scan checks all TCP ports

正解: C

 

質問 199
A security analyst has noticed an alert from the SIEM. A workstation is repeatedly trying to connect to port
445 of a file server on the production network. All of the attempts are made with invalid credentials. Which
of the following describes what is occurring?

  • A. The file server is attempting to transfer malware to the workstation via SMB.
  • B. An attacker has gained control of the workstation and is attempting to pivot to the file server by creating
    an SMB session.
  • C. Malware has infected the workstation and is beaconing out to the specific IP address of the file server.
  • D. An attacker has gained control of the workstation and is port scanning the network.

正解: B

 

質問 200
A company's computer was recently infected with ransomware. After encrypting all documents, the malware logs a random AES-128 encryption key and associated unique identifier onto a compromised remote website. A ransomware code snippet is shown below:

Based on the information from the code snippet, which of the following is the BEST way for a cybersecurity professional to monitor for the same malware in the future?

  • A. Write an ACL to block the IP address of www.malwaresite.com at the gateway firewall.
  • B. Use an IDS custom signature to create an alert for connections to www.malwaresite.com.
  • C. Reconfigure the enterprise antivirus to push more frequent to the clients.
  • D. Configure the company proxy server to deny connections to www.malwaresite.com.

正解: D

 

質問 201
Which of the following represent the reasoning behind careful selection of the timelines and time-of-day
boundaries for an authorized penetration test? (Select TWO).

  • A. To mitigate unintended impacts to operations
  • B. To ensure tests have measurable impact to operations
  • C. To determine frequency of team communication and reporting
  • D. To schedule personnel resources required for test activities
  • E. To avoid conflicts with real intrusions that may occur

正解: A,D

 

質問 202
A security analyst is reviewing packet captures for a specific server that is suspected of containing malware and discovers the following packets:

Which of the following traffic patterns or data would be MOST concerning to the security analyst?

  • A. Anonymous access granted by 103.34.243.12
  • B. Ports used for SMTP traffic from 73.252.34.101
  • C. Ports used HTTP traffic from 202.53.245.78
  • D. Unencrypted password sent from 103.34.243.12

正解: A

 

質問 203
An organization has been conducting penetration testing to identify possible network vulnerabilities. One of the security policies states that web servers and database servers must not be co-located on the same server unless one of them runs on a non-standard. The penetration tester has received the following outputs from the latest set of scans:

Which of the following servers is out of compliance?

  • A. adminServer
  • B. orgServer
  • C. finServer
  • D. opsServer

正解: B

 

質問 204
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

  • A. Honeypot
  • B. Virtualization
  • C. Sandboxing
  • D. Jump box

正解: A

解説:
Explanation/Reference:

 

質問 205
A cybersecurity analyst is completing an organization's vulnerability report and wants it to reflect assets
accurately. Which of the following items should be in the report?

  • A. Log disposition
  • B. Asset isolation
  • C. Virtual hosts
  • D. Processor utilization
  • E. Organizational governance

正解: C

解説:
Explanation/Reference:
Explanation:

 

質問 206
An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kali's latest distribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects.
Which of the following techniques did the analyst use to perform these unauthorized activities?

  • A. Impersonation
  • B. Directory traversal
  • C. Input injection
  • D. Privilege escalation

正解: B

解説:
Section: (none)

 

質問 207
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port. Which of the following should the analyst use?

  • A. Wireshark
  • B. nmap
  • C. Qualys
  • D. netstat
  • E. ping

正解: D

解説:
Explanation/Reference:
Explanation:

 

質問 208
CORRECT TEXT
The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to
PCI DSS. If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean. If the vulnerability is valid, the analyst must remediate the finding. After reviewing the given information, select the STEP 2 tab in order to complete the simulation by selecting the correct "Validation Result" AND "Remediation Action" for each server listed using the drop down options.
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.





正解:

解説:
Pending
Please send your Suggestions for this question.

 

質問 209
A system's authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

  • A. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.
  • B. Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.
  • C. Accept this risk for now because this is a "high" severity, but testing will require more than the four days available, and the system ATO needs to be competed.
  • D. Ensure HTTP validation is enabled by rebooting the server.

正解: A

 

質問 210
A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted a tools and skill sets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?

  • A. Establish continuous monitoring
  • B. Perform information classification
  • C. Update vulnerability feed
  • D. Establish corporate policy

正解: D

 

質問 211
A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:

Based on the above information, which of the following should the system administrator do? (Select TWO).

  • A. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.
  • B. Verify the vulnerability using penetration testing tools or proof-of-concept exploits.
  • C. Implement the proposed solution by installing Microsoft patch Q316333.
  • D. Mark the result as a false positive so it will show in subsequent scans.
  • E. Review the references to determine if the vulnerability can be remotely exploited.

正解: A,C

 

質問 212
A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

  • A. Implement continuous monitoring.
  • B. Begin the incident response process.
  • C. Start the change control process.
  • D. Rescan to ensure the vulnerability still exists.

正解: C

解説:
Explanation/Reference:
Explanation:

 

質問 213
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the following BEST describes the type of threat in this situation?

  • A. PII exfiltration
  • B. Packet of death
  • C. Known virus
  • D. Zero-day malware

正解: D

 

質問 214
When reviewing network traffic, a security analyst detects suspicious activity:

Based on the log above, which of the following vulnerability attacks is occurring?

  • A. ShellShock
  • B. DROWN
  • C. Heartbleed
  • D. Zeus
  • E. POODLE

正解: E

解説:
Section: (none)

 

質問 215
A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?

  • A. DNS routing tables
  • B. Host IPs
  • C. Reserved MACs
  • D. Gateway settings

正解: C

 

質問 216
The following IDS log was discovered by a company's cybersecurity analyst:

Which of the following was launched against the company based on the IDS log?

  • A. Cross-site scripting attack
  • B. SQL injection attack
  • C. Buffer overflow attack
  • D. Online password crack attack

正解: C

 

質問 217
Given a packet capture of the following scan:

Which of the following should MOST likely be inferred on the scan's output?

  • A. 192.168.1.55 is hosting a web server.
  • B. 192.168.1.55 is a Linux server.
  • C. 192.168.1.55 is a file server.
  • D. 192.168.1.115 is hosting a web server.

正解: C

 

質問 218
......

試験問題と解答はCS0-001学習ガイド問題解答:https://www.jpntest.com/shiken/CS0-001-mondaishu

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡