SY0-701試験無料問題集（527題）「CompTIA Security+ Certification 認定」

出題：1

After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 -script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?

A. It is considered noise.

B. It is a false positive.

C. Compensating controls exist.

D. A rescan is required.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.
Which of the following would detect this behavior?

A. Using default settings

B. Monitoring outbound traffic

C. Closing all open ports

D. Implementing encryption

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A. Unauthorized attacker

B. Insider threat

C. Social engineering

D. Watering-hole

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A vendor salesperson is a personal friend of a company's Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO. Which of the following best describes this situation?

A. Conflict of interest

B. Rules of engagement

C. Due diligence

D. Reputational damage

E. Contractual impact

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

A. Disaster recovery

B. Business continuity

C. Physical security

D. Change management

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

A software developer would like to ensure. The source code cannot be reverse engineered or debugged.
Which of the following should the developer consider?

A. Code reuse

B. Version control

C. Continuous integration

D. Obfuscation toolkit

E. Stored procedures

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

A. Invoice scam

B. Ransomware

C. Impersonation

D. Pretexting

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A company is discarding a classified storage array and hires an outside vendor to complete the disposal.
Which of the following should the company request from the vendor?

A. Proof of ownership

B. Certification

C. Classification

D. Inventory list

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

A. Sandbox

B. Intrusion prevention system

C. Antivirus

D. Endpoint detection and response

正解：D 解答を投票する

出題：10

A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A. Submit a report.

B. Initiate a penetration test.

C. Conduct an audit.

D. Rescan the network.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A. Proxy server

B. NGFW

C. VPN

D. Security zone

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following control types is AUP an example of?

A. Physical

B. Technical

C. Managerial

D. Operational

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

A. Notify the applicable parties of the breach.

B. Report the breach to the local authorities.

C. Identity the attacker sentry methods.

D. Implement vulnerability scanning of the company's systems.

正解：A 解答を投票する

出題：14

Which of the following provides the details about the terms of a test with a third-party penetration tester?

A. Rules of engagement

B. Due diligence

C. Supply chain analysis

D. Right to audit clause

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing.
Which of the following would best prevent this from reoccurring?

A. Conduct a physical penetration test.

B. Set up LDAP authentication on the printer.

C. Place the copier in the legal department.

D. Configure DLP on the attorney's workstation.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

A database administrator is updating the company's SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

A. Hashing

B. Tokenization

C. Masking

D. Obfuscation

正解：B 解答を投票する

SY0-701試験無料問題集「CompTIA Security+ Certification 認定」