CS0-002無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

質問 1

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

（A）Header analysis

（B）File carving

（C）Metadata analysis

（D）Data recovery

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:
* The partners' PCs must not connect directly to the laboratory network.
* The tools the partners need to access while on the laboratory network must be available to all partners
* The partners must be able to run analyses on the laboratory network, which may take hours to complete Which of the following capabilities will MOST likely meet the security objectives of the request?

（A）Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools tor analysis

（B）Deployment of a jump box to allow access to the Laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis

（C）Deployment of a firewall to allow access to the laboratory network and use of VDI In persistent mode to provide the necessary tools for analysis

（D）Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

（A）Enable secure boot in the hardware and reload the operating system.

（B）Set I-JEFI to legacy mode and enable security features.

（C）Reconfigure the system's MBR and enable NTFS.

（D）Convert the legacy partition table to UEFI and repair the operating system.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

（A）Ask the sender to stop sending messages.

（B）Review the message in a secure environment.

（C）Block the sender In the email gateway.

（D）Delete the email from the company's email servers.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

（A）Logging and monitoring are done by the service provider

（B）Logging and monitoring are done by the data owners

（C）Logging and monitoring duties are specified in the SLA and contract

（D）Logging and monitoring are not needed in a public cloud environment

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

Which of the following actions should the security analyst take?

（A）Delete the email and block the sender.

（B）Purchase the gift cards and submit an expense report.

（C）Immediately contact a purchasing agent to expedite.

（D）Release the email for delivery due to its importance.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

（A）Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

（B）Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

（C）After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

（D）Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

（A）CAN bus

（B）IoT

（C）Modbus

（D）SCADA

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A security analyst needs to provide a copy of a hard drive for forensic analysis.
Which of the following would allow the analyst to perform the task?

（A）

（B）

（C）

（D）

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A new variant of malware is spreading on the company network using TCP 443 to contact its command-and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

（A）Configure the DNS forwarders to use recursion

（B）Block TCP/443 at the edge router

（C）Disable TCP/53 at the parameter firewall

（D）Implement a sinkhole with a high entropy level

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

An organization wants to move non-essential services into a cloud computing environment. The management team has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work best to attain the desired outcome?

（A）Set up a warm disaster recovery site with the same cloud provider in a different region.

（B）Establish a hot site with active replication to another region within the same cloud provider.

（C）Duplicate all services in another instance and load balance between the instances.

（D）Configure the systems with a cold site at another cloud provider that can be used for failover.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?

（A）Device encryption

（B）Data loss prevention

（C）SIEMIogs

（D）Asset tagging

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to achieve this goal?

（A）Focus on incidents that may require law enforcement support.

（B）Focus on common attack vectors first.

（C）Focus on incidents that affect critical systems.

（D）Focus on incidents that have a high chance of reputation harm.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CS0-002 無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

弊社を連絡する

関連リンク

トップ試験