CompTIA CAS-003 問題練習

Question No : 1
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing .
Which of the following is the appropriate command to disable the client’s IPv6 stack?
A)



B)



C)



D)

• A.Option A
• B.Option B
• C.Option C
• D.Option D

答えを確認する

正解:

Question No : 2
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead’s position?

• A.The organization has accepted the risks associated with web-based threats.
• B.The attack type does not meet the organization’s threat model.
• C.Web-based applications are on isolated network segments.
• D.Corporate policy states that NIPS signatures must be updated every hour.

答えを確認する

正解:

Question No : 3
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?

• A.Refer to and follow procedures from the company’s incident response plan.
• B.Call a press conference to explain that the company has been hacked.
• C.Establish chain of custody for all systems to which the systems administrator has access.
• D.Conduct a detailed forensic analysis of the compromised system.
• E.Inform the communications and marketing department of the attack details.

答えを確認する

正解:

Question No : 4
The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

• A.Ensure the cloud provider supports a secure virtual desktop infrastructure
• B.Ensure the colocation facility implements a robust DRP to help with business continuity planning.
• C.Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.
• D.Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

答えを確認する

正解:

Question No : 5
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs .
Which of the following technical options would provide the MOST preventive value?

• A.Update and deploy GPOs
• B.Configure and use measured boot
• C.Strengthen the password complexity requirements
• D.Update the antivirus software and definitions

答えを確認する

正解:

Question No : 6
An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation .
Which of the following MOST likely caused the data leak?

• A.The employee manually changed the email client retention settings to prevent deletion of emails
• B.The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
• C.The email was encrypted and an exception was put in place via the data classification application
• D.The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old

答えを確認する

正解:

Question No : 7
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system.
As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?

• A.Call the CIO and ask for an interview, posing as a job seeker interested in an open position
• B.Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
• C.Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
• D.Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents

答えを確認する

正解:

Question No : 8
An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources .
Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

• A.Isolate the systems on their own network
• B.Install a firewall and IDS between systems and the LAN
• C.Employ own stratum-0 and stratum-1 NTP servers
• D.Upgrade the software on critical systems
• E.Configure the systems to use government-hosted NTP servers

答えを確認する

正解:

Question No : 9
A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.
To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

• A.Restrict access to the network share by adding a group only for developers to the share’s ACL
• B.Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
• C.Obfuscate the username within the script file with encoding to prevent easy identification and the account used
• D.Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
• E.Redesign the web applications to accept single-use, local account credentials for authentication

答えを確認する

正解:

Question No : 10
An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance Users have been unable to uninstall these applications, which persist after wiping the devices.
Which of the following MOST likely occurred and provides mitigation until the patches are released?

• A.Unauthentic firmware was installed, disable OTA updates and carrier roaming via MD
• B.Users opened a spear-phishing email: disable third-party application stores and validate all signed code prior to execution.
• C.An attacker downloaded monitoring applications; perform a full factory reset of the affected devices.
• D.Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages

答えを確認する

正解:

Question No : 11
A security engineer is assisting a developer with input validation, and they are studying the following code block:



The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.
Which of the following would be the BEST advice for the security engineer to give to the developer?

• A.Replace code with Java-based type checks
• B.Parse input into an array
• C.Use regular expressions
• D.Canonicalize input into string objects before validation

答えを確認する

正解:

Question No : 12
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:



Which of the following should be included in the auditor’s report based on the above findings?

• A.The hard disk contains bad sectors
• B.The disk has been degaussed.
• C.The data represents part of the disk BIO
• D.Sensitive data might still be present on the hard drives.

答えを確認する

正解:

Question No : 13
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.
The following observations have been identified:
✑ The ICS supplier has specified that any software installed will result in lack of support.
✑ There is no documented trust boundary defined between the SCADA and corporate networks.
✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.
✑ There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?

• A.VNC, router, and HIPS
• B.SIEM, VPN, and firewall
• C.Proxy, VPN, and WAF
• D.IDS, NAC, and log monitoring

答えを確認する

正解:

Question No : 14
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.
After all restrictions have been lifted, which of the following should the information manager review?

• A.Data retention policy
• B.Legal hold
• C.Chain of custody
• D.Scope statement

答えを確認する

正解:

Question No : 15
A security administrator was informed that a server unexpectedly rebooted.
The administrator received an export of syslog entries for analysis:



Which of the following does the log sample indicate? (Choose two.)

• A.A root user performed an injection attack via kernel module
• B.Encrypted payroll data was successfully decrypted by the attacker
• C.Jsmith successfully used a privilege escalation attack
• D.Payroll data was exfiltrated to an attacker-controlled host
• E.Buffer overflow in memory paging caused a kernel panic
• F.Syslog entries were lost due to the host being rebooted

答えを確認する

正解: