SY0-601 CompTIA Security+ Exam Questions & Answers

17 Questions

If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?

Smishing

In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?

Watering-hole attack

In a flood zone, an organization is MOST likely to document concerns associated with the restoration of IT operation in a:

Disaster recovery plan

What solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?

A privileged access management system

A security assessment determines DES and 3DES are still being used on recently deployed production servers. What did the assessment identify?

Weak encryption

In a scenario where a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, what is the MOST likely cause of the access issues?

Cross-over error rate

During a global pandemic, which plan would be BEST to help an organization’s executives determine the next course of action when closing some business units and reducing staffing at others?

A business continuity plan

In a scenario where a user reported being prompted for a name and password after connecting to the corporate wireless SSID, followed by unauthorized transactions from the bank, what attack vector was MOST likely used?

Rogue access point

In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?

Watering-hole attack

If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?

Smishing

What is the MOST likely social-engineering technique used when an attacker sends an SMS asking for bank details on a user's mobile phone?

Smishing

Which solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?

A privileged access management system

Which tactic would an attacker MOST likely use in a scenario involving regular SMS messages asking for bank details?

Smishing

What type of plan would an organization located in a flood zone MOST likely use to document concerns associated with the restoration of IT operations?

Disaster recovery plan

In a scenario where DES and 3DES are still being used on recently deployed production servers, what did the security assessment identify?

Weak encryption

What is the MOST likely cause of access issues if a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility?

Cross-over error rate

When a private organization is forced to close some business units and reduce staffing at others due to a global pandemic, which plan would be BEST to help the organization’s executives determine the next course of action?

A business continuity plan

Study Notes

Phishing: an SMS asking for bank details on a mobile phone is an example of phishing
Social engineering tactics used by attackers in a public Internet forum include:
- Posting malicious links or malware
- Gathering sensitive information
- Spreading misinformation

Security Assessment

Identification of weak encryption: DES and 3DES are still being used on recently deployed production servers
Weak encryption poses a security risk to the organization

Access Issues

Errors in datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, are likely caused by:
- Faulty biometric scanner or incorrect fingerprint reader alignment

Business Continuity Planning

A Business Continuity Plan (BCP) would help an organization's executives determine the next course of action when closing some business units and reducing staffing at others due to a global pandemic
A BCP ensures business continuity during crises or disasters

IT Operations Restoration

In a flood zone, an organization would document concerns associated with the restoration of IT operations in a Disaster Recovery Plan (DRP)
A DRP outlines procedures for restoring IT operations after a disaster or flood

Privileged Account Management

A solution that meets the requirements of implementing more stringent controls over administrator/root credentials and service accounts includes:
- Check-in/checkout of credentials
- Automated password changes
- Logging of access to credentials

Prepare for the SY0-601 CompTIA Security+ exam with the newest and valid questions & answers from Certleader. Access 218 Q&As and get ready to ace the exam. Visit Certleader for the leader in IT certification resources.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

SY0-601 CompTIA Security+ Exam Questions & Answers

17 Questions

If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?

In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?

In a flood zone, an organization is MOST likely to document concerns associated with the restoration of IT operation in a:

What solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?

A security assessment determines DES and 3DES are still being used on recently deployed production servers. What did the assessment identify?

In a scenario where a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility, what is the MOST likely cause of the access issues?

During a global pandemic, which plan would be BEST to help an organization’s executives determine the next course of action when closing some business units and reducing staffing at others?

In a scenario where a user reported being prompted for a name and password after connecting to the corporate wireless SSID, followed by unauthorized transactions from the bank, what attack vector was MOST likely used?

In the context of company engineers participating in a public Internet forum, what tactic would an attacker MOST likely use?

If a user received an SMS asking for bank details on their mobile phone, which social-engineering technique was used?

What is the MOST likely social-engineering technique used when an attacker sends an SMS asking for bank details on a user's mobile phone?

Which solution would meet the requirements of implementing more stringent controls over administrator/root credentials and service accounts, including check-in/checkout of credentials, automated password changes, and logging of access to credentials?

Which tactic would an attacker MOST likely use in a scenario involving regular SMS messages asking for bank details?

What type of plan would an organization located in a flood zone MOST likely use to document concerns associated with the restoration of IT operations?

In a scenario where DES and 3DES are still being used on recently deployed production servers, what did the security assessment identify?

What is the MOST likely cause of access issues if a security analyst notices an abundance of errors in the datacenter access logs for a fingerprint scanner, correlating with users' reports of issues accessing the facility?

When a private organization is forced to close some business units and reduce staffing at others due to a global pandemic, which plan would be BEST to help the organization’s executives determine the next course of action?