ComptiA Security+ Certification Exam Questions and answer - Part 23

1. An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?

A) Time of day restrictions
B) Principle of least privilege
C) Role-based access control
D) Separation of duties



2. An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability?

A) Faraday cage
B) Air gap
C) Mantrap
D) Bollards



3. An employee in the finance department receives an email,which appears to come from the Chief Financial Officer (CFO),instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.)(Select 2answers)

A) Familiarity
B) Scarcity
C) Urgency
D) Authority
E) Consensus


4. An employee receives an email,which appears to be from the Chief Executive Officer (CEO),asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring?

A) Policy violation
B) Social engineering
C) Whaling
D) Spear phishing



5. An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual,this type of access policy is BEST defined as:

A) Something you have.
B) Something you know.
C) Something you do.
D) Something you are.