In which of the following common use cases would steganography be employed?A. ObfuscationB. IntegrityC. Non-repudiationD. BlockchainCorrect Answer:A
Section: (none)ExplanationExplanation/Reference:QUESTION 55To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials.Which of the following will BEST ensure the site’s users are not compromised after the reset?CSection: (none)
Get answer to your question and much more
ExplanationExplanation/Reference:QUESTION 56In which of the following risk management strategies would cybersecurity insurance be used?ASection: (none)
Get answer to your question and much more
ExplanationExplanation/Reference:QUESTION 57An organization has implemented a policy requiring the use of conductive metal lockboxes for personalelectronic devices outside of a secure research lab. Which of the following did the organization determine to bethe GREATEST risk to intellectual property when creating this policy?
Get answer to your question and much more
D283ABFBEDB32CDCE3B3406B9C29DB2F
DNEW QUESTION 200An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Whichof the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?A. The theft of portable electronic devicesB. Geotagging in the metadata of imagesC. Bluesnarfing of mobile devicesD. Data exfiltration over a mobile hotspotAnswer:D
NEW QUESTION 205In which of the following risk management strategies would cybersecurity insurance be used?A
Get answer to your question and much more
NEW QUESTION 206A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logonattempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?D
Get answer to your question and much more
NEW QUESTION 208A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded andshared to the internet. Which of the following would MOST likely allow the company to find the cause?D
Get answer to your question and much more
NEW QUESTION 212An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?A. Document the collection and require a sign-off when possession changes.B. Lock the device in a safe or other secure location to prevent theft or alteration.C. Place the device in a Faraday cage to prevent corruption of the data.D. Record the collection in a blockchain-protected public ledger.Answer:
The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Exam Question 31
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
C. SAML
D. PAP
Correct Answer:
C. SAML
Exam Question 32
In which of the following risk management strategies would cybersecurity insurance be used?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
Correct Answer:
A. Transference
Exam Question 33
An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?
A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot
Correct Answer:
D. Data exfiltration over a mobile hotspot
Exam Question 34
A commercial
cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.
Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
A. perform attribution to specific APTs and nation-state actors.
B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on
the observed data.
Correct Answer:
B. anonymize any PII that is observed within the IoC data.
Exam Question 35
An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?
A. Incident response
B. Communications
C. Disaster recovery
D. Data retention
Correct Answer:
C. Disaster recovery
Exam Question 36
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization’s needs for a third factor?
A. Date of birth
B. Fingerprints
C. PIN
D. TPM
Correct Answer:
B. Fingerprints
Exam Question 37
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?
A. Order of volatility
B. Data recovery
C. Chain of custody
D. Non-repudiation
Correct Answer:
C. Chain of custody
Exam Question 38
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?
A. Deploy an MDM solution.
B. Implement managed FDE.
C. Replace all hard drives with SEDs.
D. Install DLP agents on each laptop.
Correct Answer:
B. Implement managed FDE.
Exam Question 39
Which of the following refers to applications and systems that are used within an organization without consent or approval?
A. Shadow IT
B.
OSINT
C. Dark web
D. Insider threats
Correct Answer:
A. Shadow IT
Exam Question 40
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?
A. An air gap
B. A Faraday cage
C. A shielded cable
D. A
demilitarized zone
Correct Answer:
A. An air gap