CompTIA Security+ SY0-601 – Question719

The Chief Technology Officer of a local college would like visitors to utilize the school's Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?


A.
Requiring all new. on-site visitors to configure their devices to use WPS
B. Implementing a new SSID for every event hosted by the college that has visitors
C. Creating a unique PSK for every visitor when they arrive at the reception area
D. Deploying a captive portal to capture visitors' MAC addresses and names

Correct Answer: D

CompTIA Security+ SY0-601 – Question718

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?


A.
Smart card
B. PIN code
C. Knowledge-based question
D. Secret key

Correct Answer: A

CompTIA Security+ SY0-601 – Question717

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending the prize. Which of the following best describes this type of email?


A.
Spear phishing
B. Whaling
C. Phishing
D. Vishing

Correct Answer: C

CompTIA Security+ SY0-601 – Question716

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?


A.
DoS attack
B. ARP poisoning
C. DNS spoofing
D. NXDOMAIN attack

Correct Answer: C

CompTIA Security+ SY0-601 – Question715

Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?


A.
SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks

Correct Answer: D

CompTIA Security+ SY0-601 – Question714

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?


A.
Memory dumps
B. The syslog server
C. The application logs
D. The log retention policy

Correct Answer: B

CompTIA Security+ SY0-601 – Question713

A company is designing the layout of a new data center so it will have an optimal environmental temperature.
Which of the following must be included? (Choose two.)


A.
An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor

Correct Answer: BD

CompTIA Security+ SY0-601 – Question711

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?


A.
Privilege escalation
B. Buffer overflow
C. SQL injection
D. Pass-the-hash

Correct Answer: D