The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 441
- Exam Question
- Correct Answer
- Question 442
- Exam Question
- Correct Answer
- Question 443
- Exam Question
- Correct Answer
- Question 444
- Exam Question
- Correct Answer
- Question 445
- Exam Question
- Correct Answer
- Question 446
- Exam Question
- Correct Answer
- Question 447
- Exam Question
- Correct Answer
- Question 448
- Exam Question
- Correct Answer
- Question 449
- Exam Question
- Correct Answer
- Question 450
- Exam Question
- Correct Answer
Question 441
Exam Question
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
A. Phishing
B. Privilege escalation
C. Backdoor access
D. Shoulder surfing
Correct Answer
A. Phishing
Question 442
Exam Question
Which of the following answers refers to the correct formula for calculating probable financial loss due to a risk over a one-year period?
A. SLE = AV x EF
B. ALE = ARO x SLE
C. SLE = ALE x AV
D. ALE = AV x EF
Correct Answer
B. ALE = ARO x SLE
Question 443
Exam Question
Which term describes the predicted loss of value to an asset based on a single security incident?
A. SLE
B. ARO
C. ALE
D. SLA
Correct Answer
A. SLE
Question 444
Exam Question
A calculation of the Single Loss Expectancy (SLE) is an example of:
A. Quantitative risk assessment
B. Risk deterrence
C. Qualitative risk assessment
D. Risk acceptance
Correct Answer
A. Quantitative risk assessment
Question 445
Exam Question
Which of the following statements are not true? (Select 2 answers)
A. Risk awareness is the acknowledgement of risk existence
B. Control risk is the risk caused by improper implementation of security controls
C. Risk appetite is the amount of risk an organization is willing to take in pursuit of its goals
D. Inherent risk is the remaining risk after implementing controls
E. Residual risk is the original level of risk that exist before implementing any controls
Correct Answer
D. Inherent risk is the remaining risk after implementing controls
Question 446
Exam Question
Which of the following answers refers to a document containing detailed information on potential cybersecurity risks?
A. Risk register
B. Risk heat map
C. Risk matrix
D. Risk repository
Correct Answer
A. Risk register
Question 447
Exam Question
Cybersecurity insurance is an example of which risk management strategy?
A. Risk avoidance
B. Risk deterrence
C. Risk transference
D. Risk acceptance
Correct Answer
C. Risk transference
Question 448
Exam Question
Disabling certain system functions or shutting down the system when risks are identified is an example of:
A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk deterrence
Correct Answer
B. Risk avoidance
Question 449
Exam Question
Which of the following privacy-enhancing technologies replaces actual data with a substitute that holds a reference to it but by itself does not represent any valuable information that could be used by an attacker?
A. Pseudo-anonymization
B. Tokenization
C. Data masking
D. Anonymization
Correct Answer
B. Tokenization
Question 450
Exam Question
In the context of IT security, the term “Data minimization” refers to the process of removing all unnecessary characters from the source code to make it less intelligible for humans and faster to process by machines.
A. True
B. False
Correct Answer
B. False