最新的CompTIA CySA+認證 CS0-002考試題庫

問題1

A security analyst is investigating a data leak on a corporate website. The attacker was able to dump data by sending a crafted HTTP request with the following payload:

Which of the following systems would most likely have logs with details regarding the threat actor's requests?

A. Cloud WAF

B. Internal proxy

C. TAXII server

D. Hardware security module

正確答案: A

說明：（僅 VCESoft 成員可見）

問題2

A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

A. The company is accepting the inherent risk of the vulnerability.

B. The company is transferring the risk for the vulnerability to the software vendor.

C. The extended support mitigates any risk associated with the software.

D. The extended support contract changes this vulnerability finding to a false positive.

正確答案: B

說明：（僅 VCESoft 成員可見）

問題3

During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:
* 20% of the logs are 403
* 20% of the logs are 404
* 50% of the logs are 200
* 10% of the logs are other codes
The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?

A. cat access_log Igrep " 403 "

B. cat access_log Igrep " 204 "

C. cat access_log Igrep " 4 04 "

D. cat access_log Igrep " 100 "

E. cat access_log Igrep " 200 "

正確答案: E

說明：（僅 VCESoft 成員可見）

問題4

While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

A. Delete access key 1.

B. Delete BusinessUsr access key 1.

C. Delete access key 2.

D. Delete Cloud Dev access key 1

正確答案: D

說明：（僅 VCESoft 成員可見）

問題5

Which of the following BEST describes what an organizations incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

A. The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.

B. The disclosure section should include the names and contact information of key employees who are needed for incident resolution

C. The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening m the future.

D. The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.

正確答案: A

說明：（僅 VCESoft 成員可見）

問題6

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?

A. Add : XT @ "v=spfl mx include:_spf.comptia.org -all" to the email server.

B. Add TXT @ "v=spfl mx include:_spf.comptia.org +all" to the domain controller.

C. AddTXT @ "v=apfl mx lnclude:_spf .comptia.org +a 11" to the web server.

D. Add TXT @ "v=spfl mx include:_spf.comptia. org -all" to the DNS record.

正確答案: D

說明：（僅 VCESoft 成員可見）

問題7

An analyst is performing a BIA and needs to consider measures and metrics. Which of the following would help the analyst achieve this objective? (Select two).

A. Disaster recovery plan for non-critical services

B. Minimum data backup volume

C. Time required to inform stakeholders about outage

D. Maximum downtime before impact is unacceptable

E. Time to reimage the server

F. Total time accepted for business process outage

正確答案: D,F

說明：（僅 VCESoft 成員可見）

問題8

The management team has asked a senior security engineer to explore DLP security solutions for the company's growing use of cloud-based storage. Which of the following is an appropriate solution to control the sensitive data that is being stored in the cloud?

A. NAC

B. IPS

C. CASB

D. WAF

正確答案: C

說明：（僅 VCESoft 成員可見）

問題9

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

A. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)

B. TLS_RSA_WITH_DES_CBC_SHA 56

C. TLS_RSA_WITH_AES_256_CBC_SHA 256

D. TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

正確答案: A

說明：（僅 VCESoft 成員可見）

問題10

A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?

A. Data loss prevention

B. Asset tagging

C. Device encryption

D. SIEMIogs

正確答案: D

說明：（僅 VCESoft 成員可見）

問題11

A security analyst needs to recommend the best approach to test a new application that simulates abnormal user behavior to find software bugs. Which of the following would best accomplish this task?

A. Reverse engineering to circumvent software protections

B. A dynamic analysis using a dictionary to simulate user inputs

C. Fuzzing tools with polymorphic methods

D. A static analysis to find libraries with flaws handling user inputs

正確答案: C

說明：（僅 VCESoft 成員可見）

問題12

A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

Which of the following processes will the security analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

A. mstsc.exe

B. Word.exe

C. Explorer.exe

D. taskmgr.exe

E. Chrome.exe

正確答案: A

說明：（僅 VCESoft 成員可見）

問題13

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

Which of the following should the organization consider investing in first due to the potential impact of availability?

A. Hire a managed service provider to help with vulnerability management.

B. Invest in a failover and redundant system, as necessary.

C. Hire additional staff for the IT department to assist with vulnerability management and log review.

D. Build a warm site in case of system outages.

正確答案: B

說明：（僅 VCESoft 成員可見）

問題14

An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

A. Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

B. Determine an annual patch cadence to ensure all patching occurs at the same time.

C. Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

D. Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

正確答案: C

說明：（僅 VCESoft 成員可見）

最新的CompTIA Cybersecurity Analyst (CySA+) Certification - CS0-002免費考試真題

最新更新

站內鏈接

聯系我們