New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SY0-601 Exam Dumps - CompTIA Security+ Exam 2023

Go to page:
Question # 217

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Full Access
Question # 218

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Full Access
Question # 219

Which of the following provides guidelines for the management and reduction of information security risk?

A.

CIS

B.

NISTCSF

C.

ISO

D.

PCIDSS

Full Access
Question # 220

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be implemented to allow for this type of access? (Select two).

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Full Access
Question # 221

A security analyst reviews web server logs and notices the following line:

Which of the following vulnerabilities is the attacker trying to exploit?

A.

Token reuse

B.

SQL injection

C.

Server side request forgery

D.

Cross-site scripting

Full Access
Question # 222

Callers speaking a foreign language are using company phone numbers to make unsolicited phone calls to a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

A.

The executive team is traveling internationally and trying to avoid roaming charges.

B.

The company's SIP server security settings are weak.

C.

Disgruntled employees are making calls to the partner organization.

D.

The service provider has assigned multiple companies the same numbers.

Full Access
Question # 223

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered.

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Full Access
Question # 224

A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?

A.

Personal verification questions

B.

Software-based TOTP

C.

Log-in image checks

D.

Secondary PIN code

Full Access
Go to page: