CompTIA Security+ SY0-601 – Question730

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?


A.
Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Implementing multifactor authentication

Correct Answer: B

CompTIA Security+ SY0-601 – Question727

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?


A.
SSO
B. LEAP
C. MFA
D. PEAP

Correct Answer: A

CompTIA Security+ SY0-601 – Question726

DRAG DROP
A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS
Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Correct Answer:

CompTIA Security+ SY0-601 – Question724

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?


A.
Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole.
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.

Correct Answer: D

CompTIA Security+ SY0-601 – Question723

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?


A.
Jamming
B. NFC attacks
C. Disassociation
D. Bluesnarfing
E. Evil twin

Correct Answer: E

CompTIA Security+ SY0-601 – Question722

An administrator receives the following network requirements for a data integration with a third-party vendor:

Which of the following is the most appropriate response for the administrator to send?

A.
FTP is an insecure protocol and should not be used.
B. Port 8080 is a non-standard port and should be blocked.
C. SSH protocol version 1 is obsolete and should not be used.
D. Certificate stapling on port 443 is a security risk that should be mitigated.

Correct Answer: A

CompTIA Security+ SY0-601 – Question721

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?


A.
Contain the impacted hosts.
B. Add the malware to the application blocklist.
C. Segment the core database server.
D. Implement firewall rules to block outbound beaconing.

Correct Answer: A