CS0-002事前に試験練習テストで使おう（最新371問題) [Q144-Q165]

CS0-002事前に試験練習テストで使おう（最新371問題)

有効なCS0-002試験解答PDF一年無料更新

質問 # 144
Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?

A. Endpoint detection and response
B. Multifactor authentication
C. Manual access reviews
D. Role-based access control

正解：D

解説：
RBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.

質問 # 145
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

A. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
B. Run kill -9 1325 to bring the load average down so the server is usable again.
C. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
D. Examine the server logs for further indicators of compromise of a web application.

正解：D

質問 # 146
Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

A. A brute-force attack
B. Password sniffing
C. ARP spoofing
D. An SQL injection

正解：A

解説：
The Nmap command given in the question performs a TCP SYN scan (-sS), a service version detection scan (-sV), an OS detection scan (-O), and a port scan for ports 1-1024 (-p 1-1024) on the host 192.168.1.1. This command will reveal information about the host's operating system, open ports, and running services, which can be used by an attacker to launch a brute-force attack against the host. A brute-force attack is a method of guessing passwords or encryption keys by trying many possible combinations until finding the correct one. An attacker can use the information from the Nmap scan to target specific services or protocols that may have weak or default credentials, such as FTP, SSH, Telnet, or HTTP.

質問 # 147
A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior.
Which of the following malware analysis approaches is this?

A. Static code analysis
B. Fuzzing
C. Sandboxing
D. White box testing

正解：C

質問 # 148
A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a Group Policy Object is responsible for the network connectivity Issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?

A. Appropriate network segmentation
B. Cl/CD pipeline
C. Impact analysis and reporting
D. Change management process

正解：D

解説：
A change management process is a set of procedures that ensures that any changes to a system or service are planned, tested, approved, implemented and documented in a controlled and consistent manner. A change management process can prevent an interruption of service caused by a Group Policy Object (GPO) by ensuring that the GPO is properly configured, tested and authorized before applying it to the servers. A change management process can also provide a way to roll back or undo the changes if they cause any problems.
A CI/CD pipeline is a method of delivering software applications that involves continuous integration (CI) and continuous delivery (CD). CI is the process of merging code changes from multiple developers into a shared repository and testing them automatically. CD is the process of deploying the code changes to different environments (such as testing, staging and production) and releasing them to customers. A CI/CD pipeline does not prevent an interruption of service caused by a GPO, but rather helps to deliver software applications faster and more reliably.
An impact analysis and reporting is a process of assessing the potential effects of a change on a system or service, such as performance, availability, security and compatibility. An impact analysis and reporting can help to identify and mitigate any risks or issues associated with a change. However, an impact analysis and reporting does not prevent an interruption of service caused by a GPO, but rather helps to evaluate and communicate the consequences of a change.
Appropriate network segmentation is a practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, location or security level. Appropriate network segmentation can improve the performance, security and manageability of a network by reducing congestion, isolating threats and controlling access. However, appropriate network segmentation does not prevent an interruption of service caused by a GPO, but rather helps to protect and optimize a network.

質問 # 149
An organization has the following risk mitigation policies
* Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000
* Other nsk mitigation will be pnontized based on risk value.
The following risks have been identified:

Which of the following is the ordei of priority for risk mitigation from highest to lowest?

A. A, C, D, B
B. C, D, A, B
C. C, B, A, D
D. D, C, B, A
E. B, C, D, A

正解：B

質問 # 150
A security analyst scanned an internal company subnet and discovered a host with the following Nmap output.

Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?

A. Port 135
B. Port 3389
C. Port 445
D. Port 22

正解：A

質問 # 151
A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:

Which of the following is MOST likely a false positive?

A. Windows SMB service enumeration via \srvsvc
B. Anonymous FTP enabled
C. ICMP timestamp request remote date disclosure
D. Unsupported web server detection

正解：A

質問 # 152
Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.
INSTRUCTIONS
Review the information provided and determine the following:
1. How many employees clicked on the link in the phishing email?
2. On how many workstations was the malware installed?
3. What is the executable file name or the malware?

正解：

解説：

Explanation
6 infected
7 clicked
isass.exe

質問 # 153
Joe, a user, is unable to launch an application on his laptop, which he typically uses on a daily basis. Joe informs a security analyst of the issue. After an online database comparison, the security analyst checks the SIEM and notices alerts indicating certain .txt and .dll files are blocked. Which of the following tools would generate these logs?

A. Antivirus
B. HIPS
C. Firewall
D. Proxy

正解：C

質問 # 154
An organization's internal department frequently uses a cloud provider to store large amounts of sensitive dat a. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

A. Sandbox the virtual machine.
B. Implement dedicated hardware for each customer.
C. Update lo the secure hypervisor version.
D. Implement an MFA solution.

正解：C

解説：
MFA can be used to reduce the likelihood that the attacker gains access to the VM, however, the scenario specifically states that the attacker was able to escalate rights and the question asks what can be done to remediate the vulnerability. the vulnerability in this case would be the ability to escalate rights.

質問 # 155
A security analyst was asked to join an outage call for a critical web application. The web middleware support team determined the web server is running and having no trouble processing requests; however, some investigation has revealed firewall denies to the web server that began around 1.00 a.m. that morning. An emergency change was made to enable the access, but management has asked for a root cause determination. Which of the following would be the BEST next step?

A. Install a packet analyzer near the web server to capture sample traffic to find anomalies.
B. Use a port scanner to determine all listening ports on the web server.
C. Search the logging servers for any rule changes.
D. Block all traffic to the web server with an ACL.

正解：C

質問 # 156
A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

A. Account management policy
B. Password policy
C. Access control policy
D. Data ownership policy

正解：B

質問 # 157
A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

A. Detective
B. Deterrent
C. Preventive
D. Compensating

正解：D

解説：
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
"Compensating controls are additional security measures that you take to address a vulnerability without remediating the underlying issue." A compensating control is a control that reduces the risk of an existing or potential control weakness2 In this case, the lack of segregation of duties in the accounting department is a control weakness that increases the risk of fraud or error. The quarterly reviews by a different officer are a compensating control that reduces this risk by providing an independent verification of the transactions recorded by the controller.

質問 # 158
A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users.
The remediation recommended by the audit was to switch the port to 636 wherever technically possible.
Which of the following is the BEST response?

A. Change all devices and servers that support it to 636, as encrypted services run by default on
636.
B. Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
C. Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
D. Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

正解：A

質問 # 159
An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analyst became suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software.
Which of the following BEST describes the type of threat in this situation?

A. Packet of death
B. PII exfiltration
C. Zero-day malware
D. Known virus

正解：C

質問 # 160
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.
Which of the following should be done to prevent this issue from reoccurring?

A. Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.
B. Ensure power configuration is covered in the datacenter change management policy and have the SAN
administrator review this policy.
C. Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.
D. Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.

正解：C

質問 # 161
A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

Which of the following BEST describes what the analyst Just found?

A. An unauthorized user is using login credentials in a script.
B. A bot is running a brute-force attack in an attempt to log in to the domain.
C. Users 4 and 5 are using their credentials to transfer files to multiple servers.
D. Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

正解：A

解説：
A script is a program that can automate tasks or perform actions on a computer system. A script can be used to attempt multiple login attempts with different credentials, either randomly or from a list of known or guessed usernames and passwords. This can be done to gain unauthorized access to a system or to test its security12.
Users 4 and 5 are not using their credentials to transfer files or run tasks, because the report shows that they have failed login attempts on multiple servers. If they were authorized users, they would not have failed login attempts. Also, transferring files or running tasks does not require multiple login attempts on different servers.
A bot is a software application that runs automated tasks over the Internet. A bot can also be used to perform brute-force attacks, which are repeated attempts to guess a password or other authentication information. However, a bot would not use login credentials in a script, but rather generate random or common passwords to try3.

質問 # 162
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts
.conf file The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

A. The file was altered to harvest credit card numbers
B. The file was altered to accept payments without charging the cards
C. The file was altered to avoid logging credit card information
D. The file was altered to verify the card numbers are valid.

正解：B

質問 # 163
While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company's manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?

A. Require connections to the SCADA network to go through a forwarding proxy.
B. Install security software and a host-based firewall on the SCADA equipment.
C. Implement a group policy on company systems to block access to SCADA networks.
D. Update the firewall rules to block SCADA network access from those laptop IP addresses.

正解：C

質問 # 164
A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.