Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA Security+ SY0-601 Dumps PDF

Page: 41 / 80
Total 1063 questions

CompTIA Security+ Exam 2023 Questions and Answers

Question 161

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 162

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

Options:

A.

Engage the penetration-testing firm's red-team services to fully mimic possible attackers.

B.

Give the penetration tester data diagrams of core banking applications in a known-environment test.

C.

Limit the scope of the penetration test to only the system that is used for teller workstations.

D.

Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

Question 163

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

Options:

A.

NIST CSF

B.

SOC 2 Type II

C.

ISO 27001

D.

PCI DSS

Question 164

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Page: 41 / 80
Total 1063 questions