New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SY0-601 Exam Dumps - CompTIA Security+ Exam 2023

Go to page:
Question # 49

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Full Access
Question # 50

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Full Access
Question # 51

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Full Access
Question # 52

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Full Access
Question # 53

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Full Access
Question # 54

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.

Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

A.

NIDS

B.

MAC filtering

C.

Jump server

D.

IPSec

E.

NAT gateway

Full Access
Question # 55

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp—admin/

Which of the following vulnerabilities is the attacker trying to exploit?

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Full Access
Question # 56

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A.

CYOD

B.

MDM

C.

COPE

D.

VDI

Full Access
Go to page: