SY0-601 : CompTIA Security+ 2021 : Part 08
-
A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?
- SPIM
- Vishing
- Spear phishing
- Smishing
-
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?
- Watering-hole attack
- Credential harvesting
- Hybrid warfare
- Pharming
-
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)
- Alarms
- Signage
- Lighting
- Mantraps
- Fencing
- Sensors
-
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
- CVE
- SIEM
- SOAR
- CVSS
-
A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
- Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamper-evident bag.
- Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
- Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches.
- Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
-
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO’s concerns? (Choose two.)
- Geolocation
- Time-of-day restrictions
- Certificates
- Tokens
- Geotagging
- Role-based access controls
-
In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?
- Identification
- Preparation
- Lessons learned
- Eradication
- Recovery
- Containment
-
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?
- Updating the playbooks with better decision points
- Dividing the network into trusted and untrusted zones
- Providing additional end-user training on acceptable use
- Implementing manual quarantining of infected hosts
-
A security analyst is reviewing the following attack log output:
SY0-601 Part 08 Q09 015 Which of the following types of attacks does this MOST likely represent?
- Rainbow table
- Brute-force
- Password-spraying
- Dictionary
-
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?
- A captive portal
- PSK
- 802.1X
- WPS
-
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)
- Unsecure protocols
- Use of penetration-testing utilities
- Weak passwords
- Included third-party libraries
- Vendors/supply chain
- Outdated anti-malware software
-
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?
- Physical
- Detective
- Preventive
- Compensating
-
An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?
- Shadow IT
- An insider threat
- A hacktivist
- An advanced persistent threat
-
A security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?
- S/MIME
- DLP
- IMAP
- HIDS
-
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?
- Bug bounty
- White-box
- Black-box
- Gray-box
-
A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Choose two.)
- Password and security question
- Password and CAPTCHA
- Password and smart card
- Password and fingerprint
- Password and one-time token
- Password and voice
-
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:
SY0-601 Part 08 Q17 016 Which of the following attacks MOST likely occurred?
- Dictionary
- Credential-stuffing
- Password-spraying
- Brute-force
-
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?
- DLP
- HIDS
- EDR
- NIPS
-
A Chief Information Security Officer (CISO) is concerned about the organization’s ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?
- Upgrade the bandwidth available into the datacenter.
- Implement a hot-site failover location.
- Switch to a complete SaaS offering to customers.
- Implement a challenge response test on all end-user queries.
-
A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?
- WEP
- MSCHAP
- WPS
- SAE
-
A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)
- An air gap
- A cold aisle
- Removable doors
- A hot aisle
- An IoT thermostat
- A humidity monitor
-
Which of the following will MOST likely cause machine learning and AI-enabled systems to operate with unintended consequences?
- Stored procedures
- Buffer overflows
- Data bias
- Code reuse
Subscribe
0 Comments
Newest