SY0-701試験無料問題集「CompTIA Security+ Certification 認定」

ページ: 1 / 21
トータル 402 問
完全版を入手する
A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

解説: (GoShiken メンバーにのみ表示されます)
A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

解説: (GoShiken メンバーにのみ表示されます)
Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

解説: (GoShiken メンバーにのみ表示されます)
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

解説: (GoShiken メンバーにのみ表示されます)
A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

解説: (GoShiken メンバーにのみ表示されます)
A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

解説: (GoShiken メンバーにのみ表示されます)
A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

解説: (GoShiken メンバーにのみ表示されます)
A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

解説: (GoShiken メンバーにのみ表示されます)
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

解説: (GoShiken メンバーにのみ表示されます)
A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

解説: (GoShiken メンバーにのみ表示されます)
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

解説: (GoShiken メンバーにのみ表示されます)
While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

A software developer would like to ensure. The source code cannot be reverse engineered or debugged.
Which of the following should the developer consider?

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

解説: (GoShiken メンバーにのみ表示されます)
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

解説: (GoShiken メンバーにのみ表示されます)
ページ: 1 / 21
トータル 402 問