SY0-601無料問題集「CompTIA Security+」

質問 1

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.)

（A）Outdated anti-malware software

（B）Included third-party libraries

（C）Vendors/supply chain

（D）Weak passwords

（E）Unsecure protocols

（F）Use of penetration-testing utilities

正解：B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following describes where an attacker can purchase DDoS or ransomware services?

（A）Open-source intelligence

（B）Dark web

（C）Vulnerability database

（D）Threat intelligence

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An incident has occurred in the production environment.
Analyze the command outputs and identify the type of compromise.

正解：

質問 4

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

（A）Edge computing

（B）Cloud hot site

（C）DNS sinkhole

（D）Transit gateway

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

（A）Securing access to each SaaS by using a single wildcard certificate

（B）Integrating each SaaS solution with the identity provider

（C）Creating a unified password complexity standard

（D）Configuring geofencing on each SaaS solution

正解：D 解答を投票する

質問 6

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

（A）URL redirection

（B）Invalid trust chain

（C）DNS poisoning

（D）Domain hijacking

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

（A）Deterrent

（B）Preventive

（C）Corrective

（D）Detective

正解：D 解答を投票する

質問 8

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

（A）A hot site

（B）A screened subnet

（C）A VUAN

（D）An air gap

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

（A）Software-defined networking

（B）Software as a service

（C）Internet of Things

（D）Infrastructure as code

正解：D 解答を投票する

質問 10

Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

（A）PCI DSS

（B）GDPR

（C）SSAE SOC 2

（D）NIST CSF

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camer a. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

（A）PPTP

（B）S/MIME

（C）SSH

（D）SRTP

正解：D 解答を投票する

質問 12

A company implemented an MDM policy to mitigate risks after repeated instances of employees losing company-provided mobile phones. In several cases, the lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

（A）Application management

（B）Geolocation

（C）Push notifications

（D）Remote wipe

（E）Screen locks

（F）Full device encryption

正解：D、F 解答を投票する

質問 13

The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?

（A）Resource exhaustion

（B）Privilege escalation

（C）Cross-site scripting

（D）Buffer overflow

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

Which of the following is classified as high availability in a cloud environment?

（A）Cloud HSM

（B）Load balancer

（C）WAF

（D）Access broker

正解：B 解答を投票する

質問 15

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

（A）Identification

（B）Containment

（C）Preparation

（D）Recovery

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

（A）Version control

（B）Continunus

（C）Stored procedures

（D）Code reuse

正解：A 解答を投票する

SY0-601 無料問題集「CompTIA Security+」

弊社を連絡する

関連リンク

トップ試験