New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA Security+ SY0-601 Reddit Questions

Page: 38 / 80
Total 1063 questions

CompTIA Security+ Exam 2023 Questions and Answers

Question 149

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

Options:

A.

Bug bounty

B.

White-box

C.

Black-box

D.

Gray-box

Question 150

A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Options:

A.

Cross-site request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Question 151

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Question 152

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Options:

A.

SCEP

B.

OCSP

C.

CSR

D.

CRL

Page: 38 / 80
Total 1063 questions