New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SY0-601 Exam Dumps - CompTIA Security+ Exam 2023

Go to page:
Question # 129

Which of the following describes where an attacker can purchase DDoS or ransomware services?

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Full Access
Question # 130

A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised Which of the following should the analyst to first?

A.

Reboot the device

B.

Set the host-based firewall to deny an incoming connection

C.

Update the antivirus definitions on the device

D.

Isolate the device

Full Access
Question # 131

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

A.

Devices with celular communication capabilities bypass traditional network security controls

B.

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.

These devices often lade privacy controls and do not meet newer compliance regulations

D.

Unauthorized voice and audio recording can cause loss of intellectual property

Full Access
Question # 132

An incident has occurred in the production environment.

Analyze the command outputs and identify the type of compromise.

Full Access
Question # 133

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Full Access
Question # 134

A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?

A.

A red-team test

B.

A white-team test

C.

A purple-team test

D.

A blue-team test

Full Access
Question # 135

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

A.

Ignore the warning and continue to use the application normally.

B.

Install the certificate on each endpoint that needs to use the application.

C.

Send the new certificate to the users to install on their browsers.

D.

Send a CSR to a known CA and install the signed certificate on the application's server.

Full Access
Question # 136

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Full Access
Go to page: