SY0-701無料問題集「CompTIA Security+ Certification」

質問 1

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

（A）Partially known environment

（B）Known environment

（C）Unknown environment

（D）Integrated

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

（A）URL scanning

（B）Agent-based

（C）Centralized proxy

（D）Content categorization

正解：B 解答を投票する

質問 3

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidlyanalyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

（A）SIEM

（B）IPS

（C）EDR

（D）NAC

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management's perspective that the application is no longer applicable?

（A）Right to be forgotten

（B）Due care and due diligence

（C）Acknowledgement and attestation

（D）Data inventory and retention

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

（A）Appetite

（B）Threshold

（C）Tolerance

（D）Register

正解：C 解答を投票する

質問 6

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

（A）Security procedure evaluation

（B）Threat scope reduction

（C）Policy review

（D）Gap analysis

正解：D 解答を投票する

質問 7

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?

（A）Check SPF records.

（B）Tap and monitor the email feed.

（C）Apply IP address reputation data.

（D）Scan email traffic inline.

正解：D 解答を投票する

質問 8

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

（A）Default credentials

（B）Non-segmented network

（C）Vulnerable software

（D）Supply chain vendor

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

（A）Standard operating procedure

（B）Service-level expectations

（C）Test result report

（D）Information security policy

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

（A）Change management ticketing system

（B）Collaboration platform

（C）Version control tool

（D）Behavioral analyzer

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

（A）Netflow log

（B）System log

（C）Metadata

（D）Application log

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?

（A）Client

（B）Third-party vendor

（C）Cloud provider

（D）DBA

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

（A）Deploy an authentication factor that requires ln-person action before printing.

（B）Update the management software to utilize encryption.

（C）Educate users about the importance of paper shredder devices.

（D）Install a software client m every computer authorized to use the MFPs.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A program manager wants to ensure contract employees can only use the company's computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

（A）Creating a discretionary access policy and setting rule-based access for contract employees

（B）Implementing an OAuth server and then setting least privilege for contract employees

（C）Implementing SAML with federation to the contract employees' authentication server

（D）Creating a GPO for all contract employees and setting time-of-day log-in restrictions

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SY0-701 無料問題集「CompTIA Security+ Certification」

弊社を連絡する

関連リンク

トップ試験