- (Exam Topic 5)
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
Correct Answer:
B
- (Exam Topic 3)
An organization needs to implement more stringent controls over administrator/root credentials and service
accounts. Requirements for the project include: Check-in/checkout of credentials
The ability to use but not know the password Automated password changes
Logging of access to credentials
Which of the following solutions would meet the requirements?
Correct Answer:
D
- (Exam Topic 3)
The process of passively gathering information poor to launching a cyberattack is called:
Correct Answer:
B
- (Exam Topic 3)
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:
Which of the following describes the method that was used to compromise the laptop?
Correct Answer:
A
- (Exam Topic 6)
A company owns a public-facing e-commerce website. The company outsources credit card transactions to a payment company. Which of the following BEST describes the role of the payment company?
Correct Answer:
D
A data processor is an organization that processes personal data on behalf of a data controller. In this scenario, the company that owns the e-commerce website is the data controller, as it determines the purposes and means of processing personal data (e.g. credit card information). The payment company is a data processor, as it processes personal data on behalf of the e-commerce company (i.e. it processes credit card transactions).
Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom
