17 Questions
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
Smishing
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
Watering-hole attack
In a flood zone, an organization is MOST likely to document concerns associated with the restoration of IT operation in a:
Disaster recovery plan
What solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
A privileged access management system
A security assessment determines DES and 3DES are still being used on recently deployed production servers. What did the assessment identify?
Weak encryption
In a scenario where a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, what is the MOST likely cause of the access issues?
Cross-over error rate
During a global pandemic, which plan would be BEST to help an organization’s executives determine the next course of action when closing some business units and reducing staffing at others?
A business continuity plan
In a scenario where a user reported being prompted for a name and password after connecting to the corporate wireless SSID, followed by unauthorized transactions from the bank, what attack vector was MOST likely used?
Rogue access point
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
Watering-hole attack
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
Smishing
What is the MOST likely social-engineering technique used when an attacker sends an SMS asking for bank details on a user's mobile phone?
Smishing
Which solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
A privileged access management system
Which tactic would an attacker MOST likely use in a scenario involving regular SMS messages asking for bank details?
Smishing
What type of plan would an organization located in a flood zone MOST likely use to document concerns associated with the restoration of IT operations?
Disaster recovery plan
In a scenario where DES and 3DES are still being used on recently deployed production servers, what did the security assessment identify?
Weak encryption
What is the MOST likely cause of access issues if a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility?
Cross-over error rate
When a private organization is forced to close some business units and reduce staffing at others due to a global pandemic, which plan would be BEST to help the organization’s executives determine the next course of action?
A business continuity plan
Study Notes
Social Engineering Techniques
- Phishing: an SMS asking for bank details on a mobile phone is an example of phishing
- Social engineering tactics used by attackers in a public Internet forum include:
- Posting malicious links or malware
- Gathering sensitive information
- Spreading misinformation
Security Assessment
- Identification of weak encryption: DES and 3DES are still being used on recently deployed production servers
- Weak encryption poses a security risk to the organization
Access Issues
- Errors in datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, are likely caused by:
- Faulty biometric scanner or incorrect fingerprint reader alignment
Business Continuity Planning
- A Business Continuity Plan (BCP) would help an organization's executives determine the next course of action when closing some business units and reducing staffing at others due to a global pandemic
- A BCP ensures business continuity during crises or disasters
IT Operations Restoration
- In a flood zone, an organization would document concerns associated with the restoration of IT operations in a Disaster Recovery Plan (DRP)
- A DRP outlines procedures for restoring IT operations after a disaster or flood
Privileged Account Management
- A solution that meets the requirements of implementing more stringent controls over administrator/root credentials and service accounts includes:
- Check-in/checkout of credentials
- Automated password changes
- Logging of access to credentials
Prepare for the SY0-601 CompTIA Security+ exam with the newest and valid questions & answers from Certleader. Access 218 Q&As and get ready to ace the exam. Visit Certleader for the leader in IT certification resources.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free