[2025年02月]に更新されたCompTIA Security+ SY0-601試験練習テスト問題集豪華セット！ [Q455-Q480]

[2025年02月]に更新されたCompTIA Security+ SY0-601試験練習テスト問題集豪華セット！

2025年最新のに更新されたSY0-601のPDFはSY0-601本日更新のテスト無料最新！

Comptia SY0-601認定試験は、サイバーセキュリティの専門家のベンチマークとしてグローバルに認識されています。 ANSIによって認定されており、ISO 17024認定を受けています。つまり、認定プログラムの最高水準を満たしています。この認定は、米国国防総省などの政府機関によって認められており、多くの民間部門の組織にも受け入れられています。

CompTIA Security+認定試験は、サイバーセキュリティの専門家にとって必須の認定試験です。それは、さまざまなサイバーセキュリティのドメインでの個人のスキルと知識を検証し、世界中の雇用主に認められています。この認定試験は、サイバーセキュリティの分野でキャリアを進めたい個人に最適であり、他の高度なサイバーセキュリティの認定試験の前提条件です。

SY0-601認定試験は、サイバーセキュリティでキャリアを追求しているIT専門家や、既存のスキルと知識を向上させようとしている人にとって重要な認定です。この認定は、候補者が組織のネットワークインフラストラクチャにおけるセキュリティの脅威と脆弱性を特定し、緩和するために必要なスキルと知識を持っていることを示しています。この認定は、セキュリティアナリスト、セキュリティエンジニア、ネットワーク管理者など、セキュリティ業務に関与している人にとっても価値があります。

質問 # 455
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：

Explanation:
A screenshot of a computer Description automatically generated with medium confidence

質問 # 456
A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

A. ARP poisoning
B. MAC flooding
C. DNS hijacking
D. URL redirection

正解：A

解説：
Explanation
The output of the "netstat -ano" command shows that there are two connections to the same IP address and port number. This indicates that there are two active sessions between the client and server.
The issue of users having to provide their credentials twice to log in is known as a double login prompt issue.
This issue can occur due to various reasons such as incorrect configuration of authentication settings, incorrect configuration of web server settings, or issues with the client's browser.
Based on the output of the "netstat -ano" command, it is difficult to determine the exact cause of the issue.
However, it is possible that an attacker is intercepting traffic between the client and server and stealing user credentials. This type of attack is known as C. ARP poisoning.
ARP poisoning is a type of attack where an attacker sends fake ARP messages to associate their MAC address with the IP address of another device on the network. This allows them to intercept traffic between the two devices and steal sensitive information such as user credentials.

質問 # 457
A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread.
Which of the following actions MOST likely supports an investigation for fraudulent submission?

A. Reference the data retention policy.
B. Review the email event logs
C. Inspect the file metadata.
D. Establish chain of custody.

正解：B

質問 # 458
A security analyst received the following requirements for the deployment of a security camera solution:
* The cameras must be viewable by the on-site security guards.
* The cameras must be able to communicate with the video storage server.
* The cameras must have the time synchronized automatically.
* The cameras must not be reachable directly via the internet.
* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.
Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

A. Deploying a jump server that is accessible via the internal network that can communicate with the servers
B. Implementing a WAF to allow traffic from the local NTP server to the camera server
C. Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on
D. Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering

正解：A

解説：
Explanation
A jump server is a system that is used to manage and access systems in a separate security zone. It acts as a bridge between two different security zones and provides a controlled and secure way of accessing systems between them12. A jump server can also be used for auditing traffic and user activity for real-time surveillance
3. By deploying a jump server that is accessible via the internal network, the security analyst can securely meet the remote connectivity requirements for the servers and cameras without exposing them directly to the internet or allowing outgoing traffic from their subnet. The other options are not suitable because:
A: Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on would not allow remote maintenance via the company VPN.
C: Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering would not prevent direct internet access to the cameras or servers.
D: Implementing a WAF to allow traffic from the local NTP server to the camera server would not address the remote connectivity requirements or protect the servers from internet access.
References:
1: https://www.thesecuritybuddy.com/network-security/what-is-a-jump-server/ 3:
https://www.ssh.com/academy/iam/jump-server 2: https://en.wikipedia.org/wiki/Jump_server

質問 # 459
Which of the following controls would provide the BEST protection against tailgating?

A. Faraday cage
B. Closed-circuit television
C. Access control vestibule
D. Proximity card reader

正解：C

解説：
Explanation
Access control vestibules, also known as mantraps or airlocks, are physical security features that require individuals to pass through two or more doors to enter a secure area. They are effective at preventing tailgating, as only one person can pass through each door at a time.
References:
https://www.comptia.org/content/guides/what-is-a-mantrapCompTIA Security+ Study Guide, Sixth Edition (SY0-601), page 222

質問 # 460
An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools.
Which of the following should the security team do to prevent this from Happening in the future?

A. Disable the built-in OS utilities as long as they are not needed for functionality.
B. Configure the AV to quarantine the native OS tools whenever they are executed
C. Trigger a SIEM alert whenever the native OS tools are executed by the user
D. Implement HIPS to block Inbound and outbound SMB ports 139 and 445.

正解：A

質問 # 461
A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?

A. PaaS
B. HSMaas
C. Trusted Platform Module
D. laaS

正解：B

解説：
HSMaas stands for Hardware Security Module as a Service, which is a cloud-based service that provides secure and scalable key management and cryptographic operations for data encryption and decryption. HSMaas allows the organization to use its own keys or generate new ones, and to control and manage them centrally regardless of where the data is stored or processed. HSMaas also reduces the latency and complexity of managing multiple encryption keys across different cloud providers, as well as the cost and maintenance of deploying physical HSM devices.
A . Trusted Platform Module. This is not the correct answer, because a Trusted Platform Module (TPM) is a hardware chip that provides secure storage and generation of cryptographic keys on a device, such as a laptop or a server. A TPM does not offer a cloud-based solution for key management and encryption across multiple cloud providers.
B . laaS. This is not the correct answer, because laaS stands for Infrastructure as a Service, which is a cloud computing model that provides virtualized computing resources, such as servers, storage, and networks, over the internet. laaS does not provide a specific solution for key management and encryption across multiple cloud providers.
C . HSMaas. This is the correct answer, because HSMaas stands for Hardware Security Module as a Service, which is a cloud-based service that provides secure and scalable key management and cryptographic operations for data encryption and decryption across multiple cloud providers.
D . PaaS. This is not the correct answer, because PaaS stands for Platform as a Service, which is a cloud computing model that provides a platform for developing and deploying applications over the internet. PaaS does not provide a specific solution for key management and encryption across multiple cloud providers.

質問 # 462
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

A. A bot
B. A fileless virus
C. A RAT
D. A logic bomb

正解：C

解説：
Explanation
Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.

質問 # 463
Which of the following types of attacks is specific to the individual it targets?

A. Pharming
B. Credential harvesting
C. Smishing
D. Whaling

正解：D

解説：
What Is a Whaling Attack?
A whaling attack is a type of phishing attack where a particularly important person in the organization is targeted. It hinges on the cyber criminal pretending to be a senior member of the organization to gain the trust of the intended target. Once trust is gained, the attacker can prod the target for information that helps them access sensitive areas of the network, passwords, or other user account information.
https://www.fortinet.com/resources/cyberglossary/whaling-attack

質問 # 464
A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

A. AWAF
B. A content filter
C. A next-generation firewall
D. An IDS

正解：C

解説：
A next-generation firewall (NGFW) is a solution that can defend against malicious actors misusing protocols and being allowed through network defenses. A NGFW is a type of firewall that can perform deep packet inspection, application-level filtering, intrusion prevention, malware detection, and identity-based access control. A NGFW can also use threat intelligence and behavioral analysis to identify and block malicious traffic based on protocols, signatures, or anomalies. References:
https://www.comptia.org/blog/what-is-a-next-generation-firewall
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd

質問 # 465
During an investigation, a security manager receives notification from local authorities mat company proprietary data was found on a former employees home computer, The former employee's corporate workstation has since been repurposed, and the data on the hard drive has been overwritten Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

A. Properly configured hosts with security logging
B. Properly configured USB blocker with encryption
C. Properly configured SIEM with retention policies
D. Properly configured endpoint security tool with darting

正解：A

質問 # 466
A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

A. user certificate
B. self-signed certificate
C. root certificate
D. computer certificate

正解：D

質問 # 467
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

A. Elliptic-curve cryptography
B. Perfect forward secrecy
C. Key stretching
D. Homomorphic encryption

正解：B

解説：
Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.

質問 # 468
A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols *would be most secure to implement?

A. SNMP
B. SFTP
C. SSL
D. TLS

正解：D

解説：
Explanation
TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over the internet. It can protect the data transmitted between the website and the visitors from eavesdropping, tampering, etc. It is the most secure protocol to implement for a website that sells products online using a credit card.

質問 # 469
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of the following attacks is being executed?

A. Brute-force
B. Credential harvesting
C. Keylogger
D. Spraying

正解：D

質問 # 470
You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

正解：

解説：

Explanation

Based on the logs, it seems that the host that originated the infection is 192.168.10.22. This host has a suspicious process named svchost.exe running on port 443, which is unusual for a Windows service. It also has a large number of outbound connections to different IP addresses on port 443, indicating that it is part of a botnet.
The firewall log shows that this host has been communicating with 10.10.9.18, which is another infected host on the engineering network. This host also has a suspicious process named svchost.exe running on port 443, and a large number of outbound connections to different IP addresses on port 443.
The other hosts on the R&D network (192.168.10.37 and 192.168.10.41) are clean, as they do not have any suspicious processes or connections.

質問 # 471
Joe, a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

A. The organization has too little information available in public registration.
B. Joe used Wireshark to produce this output.
C. Joe used cURL to produce this output.
D. Joe used Whois to produce this output.
E. The organization has adequate information available in public registration.
E: The organization has too much information available in public registration.

正解：D、E

質問 # 472
Which Of the following best ensures minimal downtime for organizations with crit-ical computing equipment located in earthquake-prone areas?

A. Generators and UPS
B. Additional warm site
C. Local
D. Off-site replication

正解：D

解説：
Off-site replication is a process of copying and storing data in a remote location that is geographically separate from the primary site. It can ensure minimal downtime for organizations with critical computing equipment located in earthquake-prone areas by providing a backup copy of data that can be accessed and restored in case of a disaster or disruption at the primary site.

質問 # 473
A172
given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

A. Heat maps
B. Network diagrams
C. Wireshark
D. Nmapn

正解：B

質問 # 474
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of the following attacks is being executed?

A. Brute-force
B. Credential harvesting
C. Keylogger
D. Spraying

正解：D

質問 # 475
A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.
The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

A. A weekly, full backup with daily differential backups
B. A weekly, incremental backup with daily differential backups
C. A weekly, full backup with daily incremental backups
D. A weekly, full backup with daily snapshot backups

正解：C

解説：
A weekly, full backup with daily incremental backups would use the least amount of storage space for backups, as it would only store the changes made since the last backup, whether it is a full or incremental backup. Incremental backups are faster and use less storage space than full or differential backups, but they require more time and media to restore data. A full backup is a complete copy of all data, which requires more time and storage space to perform, but allows a faster and easier recovery. A differential backup is a copy of the data that changed since the last full backup, which requires less time and storage space than a full backup, but more than an incremental backup. A differential backup allows a faster recovery than an incremental backup, but slower than a full backup. Reference:
https://www.techtarget.com/searchdatabackup/feature/Full-incremental-or-differential-How-to-choose-the-correct-backup-type
https://www.nakivo.com/blog/backup-types-explained/

質問 # 476
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：

質問 # 477
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support.
Which of the following should the administrator employ to meet these criteria?

A. Implement NAC.
B. Implement a URL filter.
C. Implement an MDM.
D. Implement an SWG.

正解：D

解説：
A secure web gateway (SWG) protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies.

質問 # 478
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users PCs. Which of the following is the MOST likely cause of this issue?

A. Network services are no longer running on the NAS
B. SSH was turned off instead of modifying the configuration file
C. TFTP was disabled on the local hosts
D. Remote login was disabled in the networkd.config instead of using the sshd.conf

正解：B

解説：
The most likely cause of the issue is that SSH was turned off instead of modifying the configuration file. SSH (Secure Shell) is a commonly used protocol for securely accessing and managing remote systems, including network-attached storage (NAS) devices. Disabling remote logins to the NAS would most likely involve modifying the configuration file for the SSH service (sshd.conf), not disabling SSH itself. If SSH was turned off, it would prevent users from accessing the NAS over the network, including using SCP (Secure Copy Protocol) to transfer files. This would result in the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs.

質問 # 479
A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization:

Which of the following attacks has taken place?