Podcast
Questions and Answers
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
- Spear phishing
- Smishing (correct)
- SPIM
- Vishing
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
- Pharming
- Credential harvesting
- Watering-hole attack (correct)
- Hybrid warfare
In a flood zone, an organization is MOST likely to document concerns associated with the restoration of IT operation in a:
In a flood zone, an organization is MOST likely to document concerns associated with the restoration of IT operation in a:
- Disaster recovery plan (correct)
- Business continuity plan
- Continuity of operations plan
- Communications plan
What solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
What solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
A security assessment determines DES and 3DES are still being used on recently deployed production servers. What did the assessment identify?
A security assessment determines DES and 3DES are still being used on recently deployed production servers. What did the assessment identify?
In a scenario where a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, what is the MOST likely cause of the access issues?
In a scenario where a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, what is the MOST likely cause of the access issues?
During a global pandemic, which plan would be BEST to help an organization’s executives determine the next course of action when closing some business units and reducing staffing at others?
During a global pandemic, which plan would be BEST to help an organization’s executives determine the next course of action when closing some business units and reducing staffing at others?
In a scenario where a user reported being prompted for a name and password after connecting to the corporate wireless SSID, followed by unauthorized transactions from the bank, what attack vector was MOST likely used?
In a scenario where a user reported being prompted for a name and password after connecting to the corporate wireless SSID, followed by unauthorized transactions from the bank, what attack vector was MOST likely used?
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?
What is the MOST likely social-engineering technique used when an attacker sends an SMS asking for bank details on a user's mobile phone?
What is the MOST likely social-engineering technique used when an attacker sends an SMS asking for bank details on a user's mobile phone?
Which solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
Which solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?
Which tactic would an attacker MOST likely use in a scenario involving regular SMS messages asking for bank details?
Which tactic would an attacker MOST likely use in a scenario involving regular SMS messages asking for bank details?
What type of plan would an organization located in a flood zone MOST likely use to document concerns associated with the restoration of IT operations?
What type of plan would an organization located in a flood zone MOST likely use to document concerns associated with the restoration of IT operations?
In a scenario where DES and 3DES are still being used on recently deployed production servers, what did the security assessment identify?
In a scenario where DES and 3DES are still being used on recently deployed production servers, what did the security assessment identify?
What is the MOST likely cause of access issues if a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility?
What is the MOST likely cause of access issues if a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility?
When a private organization is forced to close some business units and reduce staffing at others due to a global pandemic, which plan would be BEST to help the organization’s executives determine the next course of action?
When a private organization is forced to close some business units and reduce staffing at others due to a global pandemic, which plan would be BEST to help the organization’s executives determine the next course of action?
Study Notes
Social Engineering Techniques
- Phishing: an SMS asking for bank details on a mobile phone is an example of phishing
- Social engineering tactics used by attackers in a public Internet forum include:
- Posting malicious links or malware
- Gathering sensitive information
- Spreading misinformation
Security Assessment
- Identification of weak encryption: DES and 3DES are still being used on recently deployed production servers
- Weak encryption poses a security risk to the organization
Access Issues
- Errors in datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, are likely caused by:
- Faulty biometric scanner or incorrect fingerprint reader alignment
Business Continuity Planning
- A Business Continuity Plan (BCP) would help an organization's executives determine the next course of action when closing some business units and reducing staffing at others due to a global pandemic
- A BCP ensures business continuity during crises or disasters
IT Operations Restoration
- In a flood zone, an organization would document concerns associated with the restoration of IT operations in a Disaster Recovery Plan (DRP)
- A DRP outlines procedures for restoring IT operations after a disaster or flood
Privileged Account Management
- A solution that meets the requirements of implementing more stringent controls over administrator/root credentials and service accounts includes:
- Check-in/checkout of credentials
- Automated password changes
- Logging of access to credentials
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Prepare for the SY0-601 CompTIA Security+ exam with the newest and valid questions & answers from Certleader. Access 218 Q&As and get ready to ace the exam. Visit Certleader for the leader in IT certification resources.
