New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SY0-601 Exam Dumps - CompTIA Security+ Exam 2023

Go to page:
Question # 97

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

A.

MOU

B.

SLA

C.

EOL

D.

NDA

Full Access
Question # 98

During a recent cybersecurity audit, the auditors pointed out various types of vulnerabilities in the production area. The production area hardware runs applications that are critical to production Which of the following describes what the company should do first to lower the risk to the

Production the hardware.

A.

Back up the hardware.

B.

Apply patches.

C.

Install an antivirus solution.

D.

Add a banner page to the hardware.

Full Access
Question # 99

Which of the following should be addressed first on security devices before connecting to the network?

A.

Open permissions

B.

Default settings

C.

API integration configuration

D.

Weak encryption

Full Access
Question # 100

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Full Access
Question # 101

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

A.

Block cipher

B.

Hashing

C.

Private key

D.

Perfect forward secrecy

E.

Salting

F.

Symmetric keys

Full Access
Question # 102

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

A.

1s

B.

chflags

C.

chmod

D.

lsof

E.

setuid

Full Access
Question # 103

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

A.

BYOD

B.

VDI

C.

COPE

D.

CYOD

Full Access
Question # 104

A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC

The help desk analyst then runs the same command on the local PC

Which of the following BEST describes the attack that is being detected?

A.

Domain hijacking

B DNS poisoning

C MAC flooding

B.

Evil twin

Full Access
Go to page: