SY0-701無料問題集「CompTIA Security+ Certification」

質問 1

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization's documentation?

（A）Multifactor authentication

（B）Peer review requirements

（C）Branch protection tests

（D）Secrets management configurations

正解：B 解答を投票する

質問 2

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

（A）Implement a new IPSec tunnel from internal resources.

（B）Configure firewall rules to block external access to Internal resources.

（C）Deploy an Internal Jump server to access resources.

（D）Set up a WAP to allow internal access from public networks.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

（A）RPO

（B）ARO

（C）BIA

（D）MTTR

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following exercises should an organization use to improve its incident response process?

（A）Tabletop

（B）Failover

（C）Recovery

（D）Replication

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

（A）Tokenization

（B）MFA

（C）S/MIME

（D）DLP

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

（A）Access control lists

（B）Network intrusion detection system

（C）Behavioral analytics

（D）Identity and access management

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

（A）passwd

（B）chmod

（C）grep

（D）dd

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

（A）Data classification

（B）Permission restrictions

（C）Encryption at rest

（D）Masking

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

（A）SLA

（B）BPA

（C）MSA

（D）SOW

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

（A）TPM

（B）PKI

（C）CRL

（D）CSR

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?

（A）Phishing

（B）Social engineering

（C）Situational awareness

（D）Acceptable use policy

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open- source libraries?

（A）Cross-site scripting

（B）SQL injection

（C）Buffer overflow

（D）Zero day

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

（A）SaaS

（B）Private cloud

（C）IaaS

（D）Hybrid cloud

（E）Pass

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 -script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?

（A）It is a false positive.

（B）A rescan is required.

（C）Compensating controls exist.

（D）It is considered noise.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

（A）Periodically test the generators.

（B）Conduct a tabletop exercise.

（C）Develop requirements for database encryption.

（D）Lead a simulated failover.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SY0-701 無料問題集「CompTIA Security+ Certification」

弊社を連絡する

関連リンク

トップ試験