1352 お客様のコメント
クリック」
質問 1:
A user reports application access issues to the help desk. The help desk reviews the logs for the user:
Which of the following is most likely the reason for the issue?
A. A threat actor has compromised the user ' s account and attempted to log in.
B. The user did not attempt to connect from an approved subnet.
C. The user inadvertently tripped the geoblock rule in NGFW.
D. The user is not allowed to access the human resources system outside of business hours.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A cloud engineer needs to identify appropriate solutions to:
* Provide secure access to internal and external cloud resources.
* Eliminate split-tunnel traffic flows.
*Enable identity and access management capabilities.
Which of the following solutions arc the most appropriate? (Select two).
A. Federation
B. SD-WAN
C. PAM
D. CASB
E. Microsegmentation
F. SASE
正解:D,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A security architect is designing Zero Trust enforcement policies for all end users. The majority of users work remotely and travel frequently for work. Which of the following controls should the security architect do first?
A. Implement TLS decryption and inspect inbound and outbound network traffic.
B. Switch user MFA from software-based tokens to hardware time-based OTPs.
C. Deploy context-aware reauthentication with UBA baseline deviations.
D. Enforce daily posture compliance checks against the endpoint security controls.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A company implemented a NIDS and a NIPS on the most critical environments. Since this implementation, the company has been experiencing network connectivity issues. Which of the following should the security architect recommend for a new NIDS/NIPS implementation?
A. Implementing the NIDS and the NIPS together with the main firewall
B. Implementing the NIDS with a port mirror in the core switch and the NIPS in the main firewall
C. Implementing the NIDS in the bastion host and the NIPS in the branch network router
D. Implementing a NIDS without a NIPS to increase the detection capability
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment.
For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
A. Assess the residual risk.
B. Update the organization ' s threat model.
C. Recalculate the magnitude of the impact.
D. Move to the next risk in the register.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A security analystreviews the following report:
Which of the following assessments is the analyst performing?
A. Organizational
B. Quantitative
C. System
D. Supply chain
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A company implements an Al model that handles sensitive and personally identifiable information. Which of the following threats is most likely the company ' s primary concern?
A. Unsecured output handling
B. Prompt injection
C. Model poisoning
D. Model theft
正解:A
質問 8:
After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
A. Apply code stylometry.
B. Leverage malware detonation.
C. Look for common IOCs.
D. Use IOC extractions.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
A user reports application access issues to the help desk. The help desk reviews the logs for the user:
Which of the following is most likely the reason for the issue?
A. A threat actor has compromised the user ' s account and attempted to log in.
B. The user did not attempt to connect from an approved subnet.
C. The user inadvertently tripped the geoblock rule in NGFW.
D. The user is not allowed to access the human resources system outside of business hours.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A cloud engineer needs to identify appropriate solutions to:
* Provide secure access to internal and external cloud resources.
* Eliminate split-tunnel traffic flows.
*Enable identity and access management capabilities.
Which of the following solutions arc the most appropriate? (Select two).
A. Federation
B. SD-WAN
C. PAM
D. CASB
E. Microsegmentation
F. SASE
正解:D,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A security architect is designing Zero Trust enforcement policies for all end users. The majority of users work remotely and travel frequently for work. Which of the following controls should the security architect do first?
A. Implement TLS decryption and inspect inbound and outbound network traffic.
B. Switch user MFA from software-based tokens to hardware time-based OTPs.
C. Deploy context-aware reauthentication with UBA baseline deviations.
D. Enforce daily posture compliance checks against the endpoint security controls.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A company implemented a NIDS and a NIPS on the most critical environments. Since this implementation, the company has been experiencing network connectivity issues. Which of the following should the security architect recommend for a new NIDS/NIPS implementation?
A. Implementing the NIDS and the NIPS together with the main firewall
B. Implementing the NIDS with a port mirror in the core switch and the NIPS in the main firewall
C. Implementing the NIDS in the bastion host and the NIPS in the branch network router
D. Implementing a NIDS without a NIPS to increase the detection capability
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment.
For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
A. Assess the residual risk.
B. Update the organization ' s threat model.
C. Recalculate the magnitude of the impact.
D. Move to the next risk in the register.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A security analystreviews the following report:
Which of the following assessments is the analyst performing?
A. Organizational
B. Quantitative
C. System
D. Supply chain
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A company implements an Al model that handles sensitive and personally identifiable information. Which of the following threats is most likely the company ' s primary concern?
A. Unsecured output handling
B. Prompt injection
C. Model poisoning
D. Model theft
正解:A
質問 8:
After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
A. Apply code stylometry.
B. Leverage malware detonation.
C. Look for common IOCs.
D. Use IOC extractions.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
Shiraishi -
本当に助けになりました。これを使ってCAS-005不合格になるわけがないよ