CompTIA CertMaster Security+ SY0-701
Domain 4.0 Security Operations
Assessment 100% Verified
Upon receiving new storage media drives for the department, an organization asks a
software engineer to dispose of the old drives. When considering the various methods,
what processes does sanitization involve? (Select the two best options.) - ANSWER It
refers to the process of removing sensitive information from storage media to prevent
unauthorized access or data breaches.
Its process uses specialized techniques, such as data wiping, degaussing, or
encryption.
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
false positives. Which alert tuning techniques can reduce the volume of false positives
by either direct influence or through referral processes? (Select the three best options.)
- ANSWER Refining detection rules and muting alert levels
Redirecting sudden alert "floods" to a dedicated group
Redirecting infrastructure-related alerts to a dedicated group
A proprietary software remains mission-critical ten years after its in-house creation. The
software requires an exception to the rules as it cannot use the latest in-use operating
system (OS) version. How can the IT department protect this mission-critical software
and reduce its exposure factor? (Select the two best options.) - ANSWER Network
segmentation
Compensating controls
In a small software development company, the development team has created a critical
application that handles sensitive user data. The company's security policy mandates
conducting a thorough application security assessment before deployment. To achieve
this, the team employed a static code analysis tool, taking advantage of its primary
feature. How can the development team utilize static code analysis in the critical
application's software development process? - ANSWER To identify potential security
vulnerabilities in the application's source code
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER Network security baselines
, At a large company, the IT department manages user accounts and permissions for the
organization's various systems. The IT team employs a well-structured provisioning and
de-provisioning process to create, modify, and remove user accounts and assign
permissions to minimize potential security risks. Which statements related to user
account provisioning and permission assignments are correct? (Select the two best
options.) - ANSWER Provisioning and de-provisioning of user accounts involve creating,
modifying, and removing user accounts to maintain appropriate access levels.
The principle of least privilege guides the assignment of permissions, ensuring users
have only the necessary access for their job roles.
A company initiates a merger with another company and is reviewing and combining
both companies' procedures for incident response. What plan should be formalized at
the end of the business activity and list the procedures, contracts, and resources
available to responders? - ANSWER Incident response plan
An IT auditor is responsible for ensuring compliance with best practice frameworks. The
auditor conducts a compliance scan, using the security content automation protocol
(SCAP), to measure system and configuration settings against a best practice
framework. Which XML schema should the IT auditor use to develop and audit best
practice configuration checklists and rules? - ANSWER Extensible configuration
checklist description format
A hacker successfully bypasses several protections and exfiltrates sensitive data. The
company immediately begins recovery and takes steps to discover the initial problem
that allowed the infiltration. This type of investigation is commonly referred to as what? -
ANSWER Root cause analysis
What type of log file is application-managed rather than through an operating system
and may use Event Viewer or syslog to write event data in a standard format? -
ANSWER Application logs
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER File metadata
with extended attributes and network transaction logs
An IT admin has been testing a newly released software patch and discovered an
exploitable vulnerability. The manager directs the IT admin to immediately report to
Common Vulnerability Enumeration (CVE), utilizing the common vulnerability scoring
system (CVSS) to base the score for the vulnerability. What could happen if there are
Domain 4.0 Security Operations
Assessment 100% Verified
Upon receiving new storage media drives for the department, an organization asks a
software engineer to dispose of the old drives. When considering the various methods,
what processes does sanitization involve? (Select the two best options.) - ANSWER It
refers to the process of removing sensitive information from storage media to prevent
unauthorized access or data breaches.
Its process uses specialized techniques, such as data wiping, degaussing, or
encryption.
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
false positives. Which alert tuning techniques can reduce the volume of false positives
by either direct influence or through referral processes? (Select the three best options.)
- ANSWER Refining detection rules and muting alert levels
Redirecting sudden alert "floods" to a dedicated group
Redirecting infrastructure-related alerts to a dedicated group
A proprietary software remains mission-critical ten years after its in-house creation. The
software requires an exception to the rules as it cannot use the latest in-use operating
system (OS) version. How can the IT department protect this mission-critical software
and reduce its exposure factor? (Select the two best options.) - ANSWER Network
segmentation
Compensating controls
In a small software development company, the development team has created a critical
application that handles sensitive user data. The company's security policy mandates
conducting a thorough application security assessment before deployment. To achieve
this, the team employed a static code analysis tool, taking advantage of its primary
feature. How can the development team utilize static code analysis in the critical
application's software development process? - ANSWER To identify potential security
vulnerabilities in the application's source code
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER Network security baselines
, At a large company, the IT department manages user accounts and permissions for the
organization's various systems. The IT team employs a well-structured provisioning and
de-provisioning process to create, modify, and remove user accounts and assign
permissions to minimize potential security risks. Which statements related to user
account provisioning and permission assignments are correct? (Select the two best
options.) - ANSWER Provisioning and de-provisioning of user accounts involve creating,
modifying, and removing user accounts to maintain appropriate access levels.
The principle of least privilege guides the assignment of permissions, ensuring users
have only the necessary access for their job roles.
A company initiates a merger with another company and is reviewing and combining
both companies' procedures for incident response. What plan should be formalized at
the end of the business activity and list the procedures, contracts, and resources
available to responders? - ANSWER Incident response plan
An IT auditor is responsible for ensuring compliance with best practice frameworks. The
auditor conducts a compliance scan, using the security content automation protocol
(SCAP), to measure system and configuration settings against a best practice
framework. Which XML schema should the IT auditor use to develop and audit best
practice configuration checklists and rules? - ANSWER Extensible configuration
checklist description format
A hacker successfully bypasses several protections and exfiltrates sensitive data. The
company immediately begins recovery and takes steps to discover the initial problem
that allowed the infiltration. This type of investigation is commonly referred to as what? -
ANSWER Root cause analysis
What type of log file is application-managed rather than through an operating system
and may use Event Viewer or syslog to write event data in a standard format? -
ANSWER Application logs
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER File metadata
with extended attributes and network transaction logs
An IT admin has been testing a newly released software patch and discovered an
exploitable vulnerability. The manager directs the IT admin to immediately report to
Common Vulnerability Enumeration (CVE), utilizing the common vulnerability scoring
system (CVSS) to base the score for the vulnerability. What could happen if there are
