The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 431
- Exam Question
- Correct Answer
- Question 432
- Exam Question
- Correct Answer
- Question 433
- Exam Question
- Correct Answer
- Question 434
- Exam Question
- Correct Answer
- Question 435
- Exam Question
- Correct Answer
- Question 436
- Exam Question
- Correct Answer
- Question 437
- Exam Question
- Correct Answer
- Question 438
- Exam Question
- Correct Answer
- Question 439
- Exam Question
- Correct Answer
- Question 440
- Exam Question
- Correct Answer
Question 431
Exam Question
While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?
A. Scarcity
B. Authority
C. Consensus
D. Intimidation
E. Urgency
Correct Answer
C. Consensus
Question 432
Exam Question
An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)
A. Urgency
B. Familiarity
C. Authority
D. Consensus
E. Intimidation
F. Scarcity
Correct Answer
A. Urgency
C. Authority
E. Intimidation
Question 433
Exam Question
Which of the terms listed below refers to a platform used for watering hole attacks?
A. Mail gateways
B. Websites
C. PBX systems
D. Web browsers
Correct Answer
B. Websites
Question 434
Exam Question
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
A. Vishing
B. Impersonation
C. Virus hoax
D. Phishing
Correct Answer
C. Virus hoax
Question 435
Exam Question
Phishing scams targeting people holding high positions in an organization or business are known as:
A. Vishing
B. Smishing
C. Whaling
D. Pharming
Correct Answer
C. Whaling
Question 436
Exam Question
In social engineering, the term “Elicitation” describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.
A. True
B. False
Correct Answer
A. True
Question 437
Exam Question
Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)
A. Domain hijacking
B. Traffic redirection
C. Fraudulent website
D. Password attack
E. Credential harvesting
Correct Answer
B. Traffic redirection
C. Fraudulent website
E. Credential harvesting
Question 438
Exam Question
In computer security, the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.
A. True
B. False
Correct Answer
A. True
Question 439
Exam Question
What type of spam relies on text-based communication?
A. Vishing
B. SPIM
C. Bluesnarfing
D. SPIT
Correct Answer
B. SPIM
Question 440
Exam Question
The practice of using a telephone system to manipulate user into disclosing confidential information is known as:
A. Whaling
B. Spear phishing
C. Vishing
D. Pharming
Correct Answer
C. Vishing