During an extended holiday break, a company suffered a security incident. This information was properly relayed to appropriate personnel in a timely manner and the server was up to date and configured with appropriate auditing and logging. The Chief Information Security Officer wants to find out precisely what happened. Which of the following actions should the analyst take first?
A. Log in to the affected server and begin analysis of the logs
B. Clone the virtual server for forensic analysis
C. Restore from the last known-good backup to confirm there was no loss of connectivity
D. Shut down the affected server immediately
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?
A. Query the file hashes using VirusTotal
B. Upload the binary to an air gapped sandbox for analysis
C. Send the binaries to the antivirus vendor
D. Execute the binaries on an environment with internet connectivity
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?
A. Identify and discuss the lessons learned with the prior analyst.
B. Accept all findings and continue to investigate the next item target.
C. Validate the root cause from the prior analyst.
D. Review the steps that the previous analyst followed.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?
A. CVSS 3.0/AVP/AC:L/PR:L/UI:N/S U/C:H/I:H/A:H
B. CVSS 3.0/AV:N/AC:L/PR:L/UI:N/S;U/C:H/I:H/A:H
C. CVSS 3.0/AV:A/AC .L/PR:L/UI:N/S:U/C:H/I:H/A:H
D. CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
During the log analysis phase, the following suspicious command is detected-
Which of the following is being attempted?
A. Smurf attack
B. ICMP tunneling
C. Buffer overflow
D. RCE
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?
A. Routing table
B. Malicious tiles
C. Hard disk
D. Primary boot partition
E. Static IP address
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Which of the following most accurately describes the Cyber Kill Chain methodology?
A. It is used to correlate events to ascertain the TTPs of an attacker.
B. It is used to ascertain lateral movements of an attacker, enabling the process to be stopped.
C. It provides a clear model of how an attacker generally operates during an intrusion and the actions to take at each stage
D. It outlines a clear path for determining the relationships between the attacker, the technology used, and the target
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
A Chief Information Security Officer (CISO) wants to disable a functionality on a business-critical web application that is vulnerable to RCE in order to maintain the minimum risk level with minimal increased cost.
Which of the following risk treatments best describes what the CISO is looking for?
A. Avoid
B. Mitigate
C. Accept
D. Transfer
正解:B
質問 9:
A security analyst is reviewing a packet capture in Wireshark that contains an FTP session from a potentially compromised machine. The analyst sets the following display filter: ftp. The analyst can see there are several RETR requests with 226 Transfer complete responses, but the packet list pane is not showing the packets containing the file transfer itself. Which of the following can the analyst perform to see the entire contents of the downloaded files?
A. Change the display filter to f cp. accive. pore
B. Change the display filter to tcg.port=20
C. Navigate to the File menu and select FTP from the Export objects option
D. Change the display filter to f cp-daca and follow the TCP streams
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
神田** -
このCS0-003参考書をまずは通して一周読み解いて、本番試験に受験してスムーズに書けて、無事に受かりました。