[2024年10月16日] 無料CompTIA SY0-701日本語試験問題と解答
検証済みSY0-701日本語問題集と解答は最新SY0-701日本語をダウンロード
質問 # 121
システム障害が発生した場合に組織が復元プロセスを適切に管理するために必要なのは次のどれですか?
- A. DRP
- B. RPO
- C. SDLC
- D. IRP
正解:A
解説:
A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. A DRP typically includes the following elements:
A risk assessment that identifies the potential threats and impacts to the organization's critical assets and processes.
A business impact analysis that prioritizes the recovery of the most essential functions and data.
A recovery strategy that defines the roles and responsibilities of the recovery team, the resources and tools needed, and the steps to follow to restore the system.
A testing and maintenance plan that ensures the DRP is updated and validated regularly. A DRP is required for an organization to properly manage its restore process in the event of system failure, as it provides a clear and structured framework for recovering from a disaster and minimizing the downtime and data loss. Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325.
質問 # 122
セキュリティ オペレーション センターは、疑わしい IP アドレスに関するイベントを調査しています。セキュリティ アナリストが次のイベント ログを確認すると、同じ IP アドレスから認証するときに、ユーザー アカウントの大部分でログイン試行の失敗が発生していることが分かりました。
発生した攻撃を最もよく表しているのは次のうちどれですか?
- A. ブルートフォース
- B. スプレー
- C. レインボーテーブル
- D. 辞書
正解:B
解説:
Password spraying is a type of attack where an attacker tries a small number of commonly used passwords across a large number of accounts. The event logs showing failed login attempts for many user accounts from the same IP address are indicative of a password spraying attack, where the attacker is attempting to gain access by guessing common passwords.
References = CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management and common attack vectors like password spraying.
質問 # 123
セキュリティアナリストが役割と責任を確認するインシデント対応プロセスのフェーズは次のどれですか?
- A. 回復
- B. 分析
- C. 準備
- D. 学んだ教訓
正解:C
解説:
Preparation is the phase in the incident response process when a security analyst reviews roles and responsibilities, as well as the policies and procedures for handling incidents. Preparation also involves gathering and maintaining the necessary tools, resources, and contacts for responding to incidents. Preparation can help a security analyst to be ready and proactive when an incident occurs, as well as to reduce the impact and duration of the incident.
Some of the activities that a security analyst performs during the preparation phase are:
Defining the roles and responsibilities of the incident response team members, such as the incident manager, the incident coordinator, the technical lead, the communications lead, and the legal advisor.
Establishing the incident response plan, which outlines the objectives, scope, authority, and procedures for responding to incidents, as well as the escalation and reporting mechanisms.
Developing the incident response policy, which defines the types and categories of incidents, the severity levels, the notification and reporting requirements, and the roles and responsibilities of the stakeholders.
Creating the incident response playbook, which provides the step-by-step guidance and checklists for handling specific types of incidents, such as denial-of-service, ransomware, phishing, or data breach.
Acquiring and testing the incident response tools, such as network and host-based scanners, malware analysis tools, forensic tools, backup and recovery tools, and communication and collaboration tools.
Identifying and securing the incident response resources, such as the incident response team, the incident response location, the evidence storage, and the external support.
Building and maintaining the incident response contacts, such as the internal and external stakeholders, the law enforcement agencies, the regulatory bodies, and the media.
Reference:
CompTIA Security+ SY0-701 Certification Study Guide, Chapter 6: Architecture and Design, Section 6.4: Secure Systems Design, p. 279-280 CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 3: Architecture and Design, Objective 3.5: Given a scenario, implement secure network architecture concepts, Sub-objective: Incident response, p. 16
質問 # 124
インシデント対応の一環として根本原因分析を実施する必要がある理由を説明しているのはどれですか?
- A. 影響を受けたシステムを見つける
- B. 同様の事件が今後起こらないようにするため
- C. 調査のための証拠を集める
- D. ネットワーク上のマルウェアの痕跡を根絶する
正解:B
解説:
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization.
Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response. References = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer's CompTIA SY0-701 Security+ Training Course, video 5.1 - Incident Response, 9:55 - 11:18.
質問 # 125
次の脆弱性スキャンレポートを確認した後:
サーバー:192.168.14.6
サービス: Telnet
ポート: 23 プロトコル: TCP
ステータス: オープン 重大度: 高
脆弱性: 安全でないネットワークプロトコルの使用
セキュリティアナリストは次のテストを実行します。
nmap -p 23 192.168.14.6 -スクリプト telnet暗号化
港湾サービス理由
23/tcp オープン telnet syn-ack
Telnet暗号化:
| _ Telnetサーバーは暗号化をサポート
セキュリティアナリストは、報告されたこの脆弱性について、次のどれを結論付けるでしょうか?
- A. 再スキャンが必要です。
- B. 補正コントロールが存在します。
- C. ノイズとみなされます。
- D. 誤検知です。
正解:D
解説:
A false positive is a result that indicates a vulnerability or a problem when there is none. In this case, the vulnerability scanning report shows that the telnet service on port 23 is open and uses an insecure network protocol. However, the security analyst performs a test using nmap and a script that checks for telnet encryption support. The result shows that the telnet server supports encryption, which means that the data transmitted between the client and the server can be protected from eavesdropping. Therefore, the reported vulnerability is a false positive and does not reflect the actual security posture of the server. The security analyst should verify the encryption settings of the telnet server and client and ensure that they are configured properly3. Reference: 3: Telnet Protocol - Can You Encrypt Telnet?
質問 # 126
リスク、責任者、しきい値を文書化するために最もよく使用されるのは次のどれですか?
- A. リスク分析
- B. リスク許容度
- C. リスクレジスタ
- D. リスク移転
正解:C
解説:
A risk register is a document that records and tracks the risks associated with a project, system, or organization. A risk register typically includes information such as the risk description, the risk owner, the risk probability, the risk impact, the risk level, the risk response strategy, and the risk status. A risk register can help identify, assess, prioritize, monitor, and control risks, as well as communicate them to relevant stakeholders. A risk register can also help document the risk tolerance and thresholds of an organization, which are the acceptable levels of risk exposure and the criteria for escalating or mitigating risks.
質問 # 127
システム管理者は、ファイル整合性監視ツールから次のアラートを受信します。
cmd.exe ファイルのハッシュが変更されました。
システム管理者は OS ログをチェックし、過去 2 か月間にパッチが適用されていないことに気付きました。次のどれが最も可能性が高いでしょうか。
- A. ファイル システムのスナップショットが取得されました。
- B. エンドユーザーがファイルの権限を変更しました。
- C. 暗号衝突が検出されました。
- D. ルートキットが展開されました。
正解:D
解説:
A rootkit is a type of malware that modifies or replaces system files or processes to hide its presence and activity. A rootkit can change the hash of the cmd.exe file, which is a command-line interpreter for Windows systems, to avoid detection by antivirus or file integrity monitoring tools. A rootkit can also grant the attacker remote access and control over the infected system, as well as perform malicious actions such as stealing data, installing backdoors, or launching attacks on other systems. A rootkit is one of the most difficult types of malware to remove, as it can persist even after rebooting or reinstalling the OS.
質問 # 128
セキュリティ チームは、大規模な停止後に重要なシステムをオンラインに戻す順序を詳細に説明したドキュメントを作成しました。チームが作成したドキュメントは次のどれですか。
- A. 災害復旧計画
- B. コミュニケーション計画
- C. インシデント対応計画
- D. データ保持ポリシー
正解:A
解説:
The document described in the question is a Disaster Recovery Plan (DRP). A DRP outlines the process and procedures for restoring critical systems and operations after a major disruption or outage. It includes the order in which systems should be brought back online to ensure minimal impact on business operations, prioritizing the most critical systems to recover first.
References:
* CompTIA Security+ SY0-701 Course Content: Domain 5: Security Program Management and Oversight, which discusses the development and implementation of disaster recovery plans.
質問 # 129
従業員は、給与部門から送信されたと思われる、資格情報の確認を求めるテキスト メッセージを受信します。次のソーシャル エンジニアリング手法のうちどれが試みられていますか? (2 つ選択してください。)
- A. スミッシング
- B. 誤情報
- C. ヴィッシング
- D. フィッシング
- E. なりすまし
- F. タイプミススクワッティング
正解:A、D
解説:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in- person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.
A: Typosquatting is a type of cyberattack that involves registering domain names that are similar to popular or well-known websites, but with intentional spelling errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web addresses, and redirect them to malicious or fraudulent sites that may steal their information, install malware, or display ads56. Typosquatting is not related to text messages or credential verification.
B: Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. Phishing emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or service providers, and use deceptive or urgent language to persuade the recipients to take action78. Phishing is not related to text messages or credential verification.
D: Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing sensitive information, such as passwords, credit card numbers, or bank account details. Vishing calls often appear to come from legitimate sources, such as law enforcement, government agencies, or technical support, and use scare tactics or false promises to persuade the recipients to comply9 . Vishing is not related to text messages or credential verification.
E: Misinformation is a type of social engineering technique that involves spreading false or misleading information to influence the beliefs, opinions, or actions of the target. Misinformation can be used to manipulate public perception, create confusion, damage reputation, or promote an agenda . Misinformation is not related to text messages or credential verification.
References = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing - Wikipedia 3:
Impersonation Attacks: What Are They and How Do You Protect Against Them? 4: Impersonation - Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting - Wikipedia 7: What is Phishing? | Definition and Examples | Kaspersky 8: Phishing - Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky : Vishing - Wikipedia : What is Misinformation? | Definition and Examples | Britannica : Misinformation - Wikipedia
質問 # 130
侵入テスト担当者は、エンゲージメント ルールに従ってクライアント環境に対してポートおよびサービスのスキャンを実行することでエンゲージメントを開始します。テスト担当者が実行する偵察の種類は次のどれですか。
- A. 防御的
- B. アクティブ
- C. 攻撃的
- D. パッシブ
正解:B
解説:
Active reconnaissance is a type of reconnaissance that involves sending packets or requests to a target and analyzing the responses. Active reconnaissance can reveal information such as open ports, services, operating systems, and vulnerabilities. However, active reconnaissance is also more likely to be detected by the target or its security devices, such as firewalls or intrusion detection systems. Port and service scans are examples of active reconnaissance techniques, as they involve probing the target for specific information. Reference = CompTIA Security+ Certification Exam Objectives, Domain 1.1: Given a scenario, conduct reconnaissance using appropriate techniques and tools. CompTIA Security+ Study Guide (SY0-701), Chapter 2: Reconnaissance and Intelligence Gathering, page 47. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 1.
質問 # 131
ある企業は、SIEM システムを導入し、アナリストを任命して毎週ログを確認することを計画しています。企業が導入しようとしている制御の種類は次のどれですか。
- A. 修正
- B. 探偵
- C. 抑止力
- D. 予防的
正解:B
解説:
A detective control is a type of control that monitors and analyzes the events and activities in a system or a network, and alerts or reports when an incident or a violation occurs. A SIEM (Security Information and Event Management) system is a tool that collects, correlates, and analyzes the logs from various sources, such as firewalls, routers, servers, or applications, and provides a centralized view of the security status and incidents. An analyst who reviews the logs on a weekly basis can identify and investigate any anomalies, trends, or patterns that indicate a potential threat or a breach. A detective control can help the company to respond quickly and effectively to the incidents, and to improve its security posture and resilience. Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 23. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3, page 14.
質問 # 132
一方向データ変換アルゴリズムを使用する前に、複雑さをさらに追加するために使用されるのは次のどれですか。
- A. ステガノグラフィー
- B. ソルティング
- C. データマスキング
- D. キーストレッチ
正解:B
解説:
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks. References =
* Passwords technical overview
* Encryption, hashing, salting - what's the difference?
* Salt (cryptography)
質問 # 133
セキュリティ アナリストは、従業員の会社のラップトップから送信される悪意のあるネットワーク トラフィックの可能性に関する SIEM のアラートを確認しています。セキュリティ アナリストは、調査を継続するには、マシンで実行されている実行可能ファイルに関する追加データが必要であると判断しました。
アナリストは、次のログのうちどれをデータ ソースとして使用する必要がありますか?
- A. IPS/IDS
- B. アプリケーション
- C. ネットワーク
- D. エンドポイント
正解:D
解説:
Endpoint logs are the most suitable data source for gathering additional information about the executable running on the employee's corporate laptop. These logs contain detailed information about processes, executables, and activities occurring on the endpoint, enabling the security analyst to understand the behavior of the executable and its potential impact on the system and network.
質問 # 134
従業員は、給与部門から送信されたと思われる、資格情報の確認を求めるテキスト メッセージを受信します。次のソーシャル エンジニアリング手法のうちどれが試みられていますか? (2 つ選択してください。)
- A. スミッシング
- B. 誤情報
- C. ヴィッシング
- D. 誤情報は、虚偽または誤解を招く情報を広めて、対象の信念、意見、または行動に影響を与えるソーシャル エンジニアリング手法の一種です。誤情報は、世論を操作したり、混乱を引き起こしたり、評判を傷つけたり、議題を推進したりするために使用される可能性があります。誤情報は、テキスト メッセージや資格情報の検証とは関係ありません。
- E. フィッシング
- F. なりすまし
- G. タイプミススクワッティング
正解:A、E
解説:
Reference = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing - Wikipedia 3: Impersonation Attacks: What Are They and How Do You Protect Against Them? 4: Impersonation - Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting - Wikipedia 7: What is Phishing? | Definition and Examples | Kaspersky 8: Phishing - Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky : Vishing - Wikipedia : What is Misinformation? | Definition and Examples | Britannica : Misinformation - Wikipedia Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.
A) Typosquatting is a type of cyberattack that involves registering domain names that are similar to popular or well-known websites, but with intentional spelling errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web addresses, and redirect them to malicious or fraudulent sites that may steal their information, install malware, or display ads56. Typosquatting is not related to text messages or credential verification.
B) Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. Phishing emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or service providers, and use deceptive or urgent language to persuade the recipients to take action78. Phishing is not related to text messages or credential verification.
D) Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing sensitive information, such as passwords, credit card numbers, or bank account details. Vishing calls often appear to come from legitimate sources, such as law enforcement, government agencies, or technical support, and use scare tactics or false promises to persuade the recipients to comply9 . Vishing is not related to text messages or credential verification.
質問 # 135
システム管理者は多層防御戦略に取り組んでおり、勤務時間外の従業員の活動を制限する必要があります。システム管理者は次のどれを実装する必要がありますか?
- A. 属性ベースの制限
- B. ロールベースの制限
- C. 必須の制限
- D. 時間帯制限
正解:D
解説:
To restrict activity from employees after hours, the systems administrator should implement time-of-day restrictions. This method allows access to network resources to be limited to specific times, ensuring that employees can only access systems during approved working hours. This is an effective part of a defense-in-depth strategy to mitigate risks associated with unauthorized access during off-hours, which could be a time when security monitoring might be less stringent.
Time-of-day restrictions: These control access based on the time of day, preventing users from logging in or accessing certain systems outside of designated hours.
Role-based restrictions: Control access based on a user's role within the organization.
Attribute-based restrictions: Use various attributes (such as location, department, or project) to determine access rights.
Mandatory restrictions: Typically refer to non-discretionary access controls, such as those based on government or organizational policy.
質問 # 136
......
リアル問題集を使おう 100%無料SY0-701日本語試験問題集:https://www.goshiken.com/CompTIA/SY0-701-JPN-mondaishu.html