A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?
A. AddTXT @ "v=apfl mx lnclude:_spf .comptia.org +a 11" to the web server.
B. Add : XT @ "v=spfl mx include:_spf.comptia.org -all" to the email server.
C. Add TXT @ "v=spfl mx include:_spf.comptia. org -all" to the DNS record.
D. Add TXT @ "v=spfl mx include:_spf.comptia.org +all" to the domain controller.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material. Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?
A. Update the DLP rules and metadata.
B. Add client addresses to the blocklist.
C. Sanitize the marketing material.
D. Update the insider threat procedures.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Some hard disks need to be taken as evidence for further analysis during an incident response. Which of the following procedures must be completed FIRST for this type of evidence acquisition?
A. Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from nonauthorized access.
B. Perform a disk sanitization using the command #dd if=/dev/zero of=/dev/sdc bs=1M over the media that will receive a copy of the collected data.
C. Build the chain-of-custody document, noting the media model, serial number, size, vendor, date, and time of acquisition.
D. Execute the command #dd if-/dev/sda of=/dev/sdc bs=512 to clone the evidence data to external media to prevent any further change.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A security analyst reviews the following post-incident information to determine the origin and cause of a breach:
Based on this information, which of the following should the analyst record in the incident report related to the breach? (Select two).
A. IP address 43.23.10.201 should be blocked at the firewall.
B. Forensic analysis Should be performed on 192.168, 1.10.
C. An on-path attack is impersonating the gateway.
D. A reverse shell was used.
E. Host 192.168.1.210 should be disconnected from the network.
F. The /images folder should be scanned with anti-malware.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the most appropriate product category for this purpose?
A. UEBA
B. SOAR
C. SCAP
D. WAF
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
谷口 -
試験の答案も奇をてらわない無難な構成のものが掲載されており、Pass4Test高印象です。問題集内容は超絶わかりやすくて受験するにピッタリな問題集だと思う。