CompTIA CS0-001 問題集

質問 1：
Review the following results:

Which of the following has occurred?
A. This is normal network traffic.
B. 123.120.110.212 is infected with a Trojan.
C. 172.29.0.109 is infected with a Trojan.
D. 172.29.0.109 is infected with a worm.
正解：A

質問 2：
A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.
Which of the following is MOST likely causing the issue?
A. Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.
B. Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.
C. A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.
D. A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.
正解：B

質問 3：
When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:
wmic /node: HRDepartment1 computersystem get username
Which of the following combinations describes what occurred, and what action should be taken in this situation?
A. A rogue user has queried for users logged in remotely. Disable local access to network shares.
B. A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.
C. A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
D. A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
正解：B

質問 4：
A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromised passwords. Which of the following should the analyst implement?
A. Password complexity
B. Self-service password reset
C. Context-based authentication
D. Single sign-on
正解：C

質問 5：
An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?
A. TAP
B. ACL
C. NAC
D. MAC
正解：C

質問 6：
A security analyst receives a mobile device with symptoms of a virus infection. The virus is morphing whenever it is from sandbox to sandbox to analyze. Which of the following will help to identify the number of variations through the analysis life cycle?
A. Log viewers
B. Journaling
C. OS and process analysis
D. Hashing utilities
正解：C

質問 7：
Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?
A. SIEM
B. Virtual hosts
C. Endpoints
D. VPN concentrators
E. Layer 2 switches
正解：D