- (Exam Topic 1)
A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

1. A. Adding a new UPS dedicated to the rack
2. B. Installing a managed PDU
3. C. Using only a dual power supplies unit
4. D. Increasing power generator capacity

Correct Answer: B
A managed Power Distribution Unit (PDU) allows you to monitor and control power outlets on the rack. This will allow the security team to identify which devices are drawing power and from which outlets, which can help to identify any unauthorized devices. Moreover, with a managed PDU, you can also control the power to outlets, turn off outlets that are not in use, and set up alerts if an outlet is overloaded. This will help to mitigate the issue of power consumption overloads without compromising the number of outlets available.
Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom

- (Exam Topic 2)
Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

1. A. SSAE SOC 2
2. B. GDPR
3. C. PCI DSS
4. D. NIST CSF

Correct Answer: D
NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) is a set of guidelines and best practices for managing cybersecurity risks. It is based on existing standards, guidelines, and practices that are widely recognized and applicable across different sectors and organizations. It provides a common language and framework for understanding, communicating, and managing cybersecurity risks. References: 1
CompTIA Security+ Certification Exam Objectives, page 7, Domain 1.0: Attacks, Threats, and
Vulnerabilities, Objective 1.4: Explain the techniques used in security assessments 2
CompTIA Security+ Certification Exam Objectives, page 8, Domain 2.0: Architecture and Design, Objective 2.1: Explain the importance of secure staging deployment concepts 3 https://www.nist.gov/cyberframework

- (Exam Topic 1)
Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed,
agreed-upon duration of time?

1. A. PoC
2. B. Production
3. C. Test
4. D. Development

Correct Answer: A
A proof of concept (PoC) environment can be stood up quickly and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time. This environment can utilize either dummy data or actual data. References: CompTIA Security+ Certification Guide, Exam SY0-501

- (Exam Topic 4)
Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor
authentication method that is not something you know or have. Which of the following will meet this requirement?

1. A. Facial recognition
2. B. Six-digit PIN
3. C. PKI certificate
4. D. Smart card

Correct Answer: A
Facial recognition is a type of biometric authentication that uses the unique features of a person’s face to verify their identity. Facial recognition is not something you know or have, but something you are, which is one of the three factors of authentication. Facial recognition can use various methods and technologies, such as 2D or 3D images, infrared sensors, machine learning and more, to capture, analyze and compare facial data. Facial recognition can provide a convenient and secure way to authenticate users on personal mobile devices, as it does not require any additional hardware or input from the user. Facial recognition can also be used in conjunction with other factors, such as passwords or tokens, to provide multi-factor authentication. Verified References:
Biometrics - SY0-601 CompTIA Security+ : 2.4 - Professor Messer IT Certification Training Courses https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/biometrics/ (See Facial Recognition)
Security+ (Plus) Certification | CompTIA IT Certifications https://www.comptia.org/certifications/security (See Domain 2: Architecture and Design, Objective 2.4: Given a scenario, implement identity and access management controls.)
Biometric and Facial Recognition - CompTIA Security+ Certification (SY0-501) https://www.oreilly.com/library/view/comptia-security-certification/9781789953091/video9_6.html (See Biometric and Facial Recognition)

- (Exam Topic 1)
An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

1. A. It allows for the sharing of digital forensics data across organizations
2. B. It provides insurance in case of a data breach
3. C. It provides complimentary training and certification resources to IT security staff.
4. D. It certifies the organization can work with foreign entities that require a security clearance
5. E. It assures customers that the organization meets security standards

Correct Answer: E
ISO 27001 is an international standard that outlines the requirements for an Information Security Management System (ISMS). It provides a framework for managing and protecting sensitive information using risk management processes. Acquiring an ISO 27001 certification assures customers that the organization meets security standards and follows best practices for information security management. It helps to build customer trust and confidence in the organization's ability to protect their sensitive information. References: CompTIA Security+ Certification Exam Objectives, Exam Domain 1.0: Attacks, Threats, and Vulnerabilities, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware, p. 7