CAS-005無料問題集「CompTIA SecurityX Certification」

質問 1

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

（A）STRIDE

（B）OWASP

（C）CAPEC

（D）ATT&CK

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

（A）Internal infrastructure with high-seventy and Known exploited vulnerabilities

（B）External-facing Infrastructure with known exploited vulnerabilities

（C）External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

（D）External facing Infrastructure with a low risk score and no known exploited vulnerabilities

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:

After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?

（A）LN002 was not supported by the EDR solution and propagates the RAT

（B）The EDR has an unknown vulnerability that was exploited by the attacker.

（C）OW1N23 uses a legacy version of Windows that is not supported by the EDR

（D）0W1N29 spreads the malware through other hosts in the network

（E）OWIN29 spreads the malware through other hosts in the network: While this could happen, the status indicates OWIN29 is in a bypass mode, which might limit its interactions but does not directly explain the infection on OWIN23.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?

（A）Tokenization

（B）Forward secrecy

（C）Simultaneous authentication of equals

（D）Key stretching

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?

（A）Continuous monitoring

（B）Centralized logging

（C）Data labeling

（D）Sensor placement

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

（A）Using a large language model to generate synthetic data

（B）Utilizing tokenization for sensitive fields

（C）Encrypting the data before moving into the QA environment

（D）Truncating the data to make it not personally identifiable

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

An organization is required to
* Respond to internal and external inquiries in a timely manner
* Provide transparency.
* Comply with regulatory requirements
The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

（A）Integrating automated response mechanisms into the data subject access request process

（B）Developing communication templates that have been vetted by internal and external counsel

（C）Conducting lessons-learned activities and integrating observations into the crisis management plan

（D）Outsourcing the handling of necessary regulatory filing to an external consultant

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A global company's Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller's voice sounds similar to the CEO's. Which of the following best describes this type of attack?

（A）Automated exploit generation

（B）Spear phishing

（C）Smishing

（D）Deepfake

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Which of the following is most likely the log input that the code will parse?

（A）

（B）

（C）

（D）

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''

（A）Provisioning FID02 devices

（B）Configuring prompt-driven MFA

（C）Enabling OTP via email

（D）Deploying a text message based on MFA

正解：B 解答を投票する

CAS-005 無料問題集「CompTIA SecurityX Certification」

弊社を連絡する

関連リンク

トップ試験