最新のCompTIA SY0-601試験問題解答がズラリ [Q162-Q181]

Share

最新のCompTIA SY0-601試験問題解答がズラリ

SY0-601試験練習テスト問題(更新された1061問あります)


CompTIA Security+認定は、サイバーセキュリティ分野の個人のスキルと知識を検証する、グローバルに認められた資格です。CompTIA Security+認定試験は、ネットワークセキュリティ、コンプライアンス、オペレーショナルセキュリティ、脅威と脆弱性、アプリケーション、データ、ホストセキュリティなど、さまざまなドメインの専門家の知識をテストするように設計されています。この認定はベンダーニュートラルであり、異なる組織や産業でのサイバーセキュリティスキルや知識を検証するために使用できます。

 

質問 # 162
A user's account is constantly being locked out. Upon further review, @ security analyst found the following in the SIEM:

Which of the following describes what is occurring?

  • A. An attacker is utilizing a rainbow table attack against the account
  • B. An attacker is utilizing a password-spraying attack against the account
  • C. An attacker is utilizing a brute-force attack against the account
  • D. An attacker is utilizing a dictionary attack against the account

正解:D


質問 # 163
Which of the following best describes the risk that is present once mitigations are applied?

  • A. Inherent risk
  • B. Residual risk
  • C. Control risk
  • D. Risk awareness

正解:B


質問 # 164
A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

  • A. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
  • B. Request the caller send an email for identity verification and provide the requested information via email to the caller.
  • C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.
  • D. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

正解:C

解説:
Explanation
This is the best course of action for the help desk technician because it can help prevent a potential social engineering attack. Social engineering is a technique that involves manipulating or deceiving people into revealing sensitive information or performing actions that compromise security. The caller may be impersonating a member of the organization's cybersecurity incident response team to obtain the network's internal firewall IP address, which could be used for further attacks. The help desk technician should not provide any information over the phone without verifying the caller's identity and authorization. The help desk technician should also report the incident to the organization's cybersecurity officer for investigation and response. References: https://www.comptia.org/blog/social-engineering-explained
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd


質問 # 165
A penetration tester gains access to the network by exploiting a vulnerability on a public-facing web server. Which of the following techniques will the tester most likely perform NEXT?

  • A. Create a user account to maintain persistence
  • B. Gather more information about the target through passive reconnaissance
  • C. Move laterally throughout the network to search for sensitive information
  • D. Establish rules of engagement before proceeding

正解:A


質問 # 166
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company's data?

  • A. Remote wipe
  • B. Containerization
  • C. Full-disk encryption
  • D. Geofencing

正解:B

解説:
Explanation
https://www.hexnode.com/blogs/what-is-containerization-and-why-is-it-important-for-your-business/


質問 # 167
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis?

  • A. Provide a domain parameter to tool.
  • B. Check public DNS entries using dnsenum.
  • C. Perform a vulnerability scan targeting a public company's IR
  • D. Execute nmap using the options: scan all ports and sneaky mode.

正解:B


質問 # 168
A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network.
Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

  • A. DNS poisoning
  • B. Buffer overflow
  • C. DDoS
  • D. Privilege escalation

正解:C

解説:
A distributed denial-of-service (DDoS) attack is an attempt to make a computer or network resource unavailable to its intended users. This is accomplished by overwhelming the target with a flood of traffic from multiple sources.
In the scenario described, the security analyst identified a source IP address and blocked it from communicating with the network. However, the attack was still ongoing and coming from a large number of different source IP addresses. This indicates that the attack was a DDoS attack.
Privilege escalation is an attack that allows an attacker to gain unauthorized access to a system or network.
DNS poisoning is an attack that modifies the DNS records for a domain name, causing users to be redirected to a malicious website. A buffer overflow is an attack that occurs when a program attempts to store more data in a buffer than it is designed to hold.
Therefore, the most likely type of attack in the scenario described is a DDoS attack.


質問 # 169
A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the company implement?

  • A. WPA3
  • B. PEAP
  • C. WPS
  • D. PSK

正解:B

解説:
PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that can provide secure authentication for wireless networks. PEAP can use certificates to authenticate the server and the client, or only the server. PEAP can also use other methods, such as passwords or tokens, to authenticate the client. PEAP can ensure only employees with a valid certificate can authenticate to the network.


質問 # 170
A large enterprise has moved all Hs data to the cloud behind strong authentication and encryption A sales director recently had a laptop stolen and later, enterprise data was round to have been compromised database. Which of the following was the MOST likely cause?

  • A. Shadow IT
  • B. Credential stuffing
  • C. SQL injection
  • D. Man-in-the-browser

正解:A

解説:
E .Bluejacking


質問 # 171
Which of the following scenarios BEST describes a risk reduction technique?

  • A. A security control objective cannot be met through a technical change, so the company changes as method of operation
  • B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
  • C. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.
  • D. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

正解:B

解説:
Risk reduction techniques are designed to lower the probability or impact of identified risks.
Option B describes a risk reduction technique through the implementation of a policy to train users on a more secure method of operation, thereby reducing the probability of security incidents caused by user error.


質問 # 172
Which of the following test helps to demonstrate integrity during a forensics investigation?

  • A. Encryption
  • B. Event logs
  • C. Snapshots
  • D. Hashing

正解:D

解説:
Hashing is a process that applies a mathematical algorithm to a data set, such as a file or a message, and produces a fixed-length string of characters called a hash or a digest. Hashing helps to demonstrate integrity during a forensics investigation because it can verify that the data has not been altered, corrupted, or tampered with. By comparing the hash values of the original and the copied data, investigators can ensure that they are identical and authentic. If the hash values are different, it means that the data has been modified in some way


質問 # 173
Which of the following is an example of risk avoidance?

  • A. Installing security updates directly in production to expedite vulnerability fixes
  • B. Not installing new software to prevent compatibility errors
  • C. Buying insurance to prepare for financial loss associated with exploits
  • D. Not taking preventive measures to stop the theft of equipment

正解:B

解説:
Risk avoidance is the strategy of eliminating or minimizing exposure to risk by not engaging in an activity or process that may result in a negative outcome. Not installing new software to prevent compatibility errors is an example of risk avoidance, as it avoids the possibility of introducing new vulnerabilities or disrupting existing functionality.


質問 # 174
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

  • A. Add extra data to the passwords so their length is increased, making them harder to brute force
  • B. Enforce the use of one-time passwords that are changed for every login session.
  • C. Store all passwords in the system in a rainbow table that has a centralized location
  • D. Perform a mathematical operation on the passwords that will convert them into umgue stnngs

正解:B


質問 # 175
A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to address this issue?

  • A. Implement code signing to make code immutable.
  • B. Increase the frequency of dynamic code scans 1o detect issues faster.
  • C. Tune the accuracy of fuzz testing.
  • D. Invest in secure coding training and application security guidelines.

正解:D

解説:
Explanation
Invest in secure coding training and application security guidelines is the most effective approach for the manager to use to address the issue of common vulnerabilities in the applications developed by the team.
Secure coding training can help the developers learn how to write code that follows security best practices and avoids common mistakes or flaws that can introduce vulnerabilities. Application security guidelines can provide a set of standards and rules for developing secure applications that meet the company's security requirements and policies. By investing in secure coding training and application security guidelines, the manager can improve the security awareness and skills of the development team and reduce the number of vulnerabilities in their applications. References: CompTIA Security+ Certification Exam Objectives, page 9, Domain 2.0: Architecture and Design, Objective 2.3: Summarize secure application development, deployment, and automation concepts 2 CompTIA Security+ Certification Exam Objectives, page 10, Domain 2.0:
Architecture and Design, Objective 2.4: Explain the importance of embedded and specialized systems security
3 https://www.comptia.org/blog/what-is-secure-coding


質問 # 176
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation?

  • A. Utilize only access points that have internal antennas
  • B. Place the network cabling inside a secure conduit.
  • C. Employ a general contractor to replace the drop-ceiling tiles.
  • D. Secure the access point and cabling inside the drop ceiling.

正解:D


質問 # 177
A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

  • A. WAF bypass
  • B. IP address allow list
  • C. Referrer manipulation
  • D. user-agent spoofing

正解:D

解説:
User-agent spoofing is a technique that allows an attacker to modify the user-agent header of an HTTP request to impersonate another browser or device12. User-agent spoofing can be used to bypass security controls that rely on user-agent filtering or validation12. In this case, the attacker spoofed the user-agent header to match the company's mobile application, which was allowed to access the back-end server's API2.


質問 # 178
Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

  • A. Thedata privacy officer.
  • B. The data steward
  • C. The data owner
  • D. The data processor

正解:B


質問 # 179
An analyst is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap.

Which of the following should the analyst recommend to disable?

  • A. 21/tcp
  • B. 22/tcp
  • C. 443/tcp
  • D. 23/tcp

正解:A


質問 # 180
Which of the following must be in place before implementing a BCP?

  • A. NDA
  • B. SLA
  • C. AUP
  • D. BIA

正解:D

解説:
Explanation
To create an effective business continuity plan, a firm should take these five steps:
Step 1: Risk Assessment
This phase includes:
* Evaluation of the company's risks and exposures
* Assessment of the potential impact of various business disruption scenarios
* Determination of the most likely threat scenarios
* Assessment of telecommunication recovery options and communication plans
* Prioritization of findings and development of a roadmap
Step 2: Business Impact Analysis (BIA)
During this phase we collect information on:
* Recovery assumptions, including Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
* Critical business processes and workflows as well as the supporting production applications
* Interdependencies, both internal and external
* Critical staff including backups, skill sets, primary and secondary contacts
* Future endeavors that may impact recovery
* Special circumstances
Pro tip: Compiling your BIA into a master list can be helpful from a wholistic standpoint, as well as helpful in identifying pain points throughout the organization.
Step 3: Business Continuity Plan Development
This phase includes:
* Obtaining executive sign-off of Business Impact Analysis
* Synthesizing the Risk Assessment and BIA findings to create an actionable and thorough plan
* Developing department, division and site level plans
* Reviewing plan with key stakeholders to finalize and distribute
Step 4: Strategy and Plan Development
Validate that the recovery times that you have stated in your plan are obtainable and meet the objectives that are stated in the BIA. They should easily be available and readily accessible to staff, especially if and when a disaster were to happen. In the development phase, it's important to incorporate many perspectives from various staff and all departments to help map the overall company feel and organizational focus. Once the plan is developed, we recommend that you have an executive or management team review and sign off on the overall plan.
Step 5: Plan Testing & Maintenance
The final critical element of a business continuity plan is to ensure that it is tested and maintained on a regular basis. This includes:
* Conducting periodic table top and simulation exercises to ensure key stakeholders are comfortable with
* the plan steps
* Executing bi-annual plan reviews
* Performing annual Business Impact Assessments


質問 # 181
......

あなたを合格させるCompTIA試験にはSY0-601試験問題集:https://www.goshiken.com/CompTIA/SY0-601-mondaishu.html

合格させるSY0-601試験情報と無料練習テスト:https://drive.google.com/open?id=1bMWerRROD-drFNX4JwuQDd8kD34ETNz4