CompTIA Security+ SY0-701 - Domain 4.0
Security Operations
A proprietary software remains mission-critical ten years after its in-house creation. The software
requires an exception to the rules as it cannot use the latest in-use operating system (OS) version.
%
How can the IT department protect this mission-critical software and reduce its exposure factor?
(Select the two best options.) - ✔✔Network Segmentation & Compensating Controls
A technology firm's network security specialist notices a sudden increase in unidentified activities on
the firm's Security Information and Event and Management (SIEM) incident tracking system. An
unknown entity or process also increases the number of reported incidents. The specialist decides to
0
investigate these incidents. Which combination of data sources would provide a balanced perspective
to support the investigation? - ✔✔System-specific security logs, which track system-level operations;
logs generated by applications running on hosts; and real-time reports from the SIEM solution,
summarizing incidents.
0
A forensic analyst at an international law enforcement agency investigates a sophisticated
cyber-espionage case. The analyst must uncover the timeline of document interactions, detect
concealed or system-protected files, interpret categories of digital events, and trace digital
breadcrumbs left behind during media uploads on social platforms. What combination of data sources
1
would provide the MOST comprehensive information for this multifaceted investigation? - ✔✔File
metadata with extended attributes and network transaction logs
In a medium-sized organization, the IT department manages a wide range of applications employees
use. Recently, the IT security team identified a growing number of security incidents related to
malware infections and unauthorized access to sensitive data. They suspect that certain applications
may be the entry point for these attacks. To mitigate the risks, the team wants to implement a security
measure that isolates applications from the rest of the system to prevent potential threats from
spreading. They aim to achieve this without affecting the overall performance and usability of the
applications. Which security measure should the IT security team consider implementing to isolate
applications from the rest of the system, reduce the impact of potential security threats, and maintain
optimal performance and usability? - ✔✔Sandboxing
A company's network has experienced increased infiltration due to employees accessing dangerous
websites from different content categories. The company has decided to enhance its security by
implementing reputation-based filtering and content categorization in its web filtering system. Which
of the following BEST compares these features? - ✔✔Reputation-based filtering evaluates sites by
past behavior; content categorization sorts by themes like adult content.
, In a medium-sized tech company, employees have different roles and responsibilities requiring
access to specific resources and data. The IT team is implementing security measures to control
access effectively and reduce the risk of unauthorized activities. What security measure could the IT
team implement in the tech company to control access effectively and minimize the risk of
unauthorized activities? - ✔✔The principle of least privilege to grant employees the minimum needed
access based on job roles
%
The network administrator of a small business needs to enhance the security of the business's
wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main
security measure but recognize the need to adjust other wireless security settings to effectively
complement WPA3 and create a robust network for all employees to access critical company
resources securely. What considerations should the network administrator consider when
0
implementing WPA3 and adjusting wireless security settings? (Select the two best options.) -
✔✔Implementing 802.1X authentication for user devices & Enabling media access control address
filtering to restrict access to authorized devices
An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor
0
conducts a compliance scan, using the security content automation protocol (SCAP), to measure
system and configuration settings against a best practice framework. Which XML schema should the
IT auditor use to develop and audit BEST practice configuration checklists and rules? -
✔✔Extensible configuration checklist description format
1
A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized
web-filtering technique groups websites into categories such as social networking, gambling, and
webmail? - ✔✔Content categorization
After a breach, an organization implements new multifactor authentication (MFA) protocols. What
MFA philosophy incorporates using a smart card or key fob to support authentication? -
✔✔Something you have
An IT admin has been testing a newly released software patch and discovered an exploitable
vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability
Enumeration (CVE), utilizing the common vulnerability scoring system (CVSS) to base the score for
the vulnerability. What could happen if there are delays in completing the report? (Select the two best
options.) - ✔✔Can lead to delays in remediation & Increase window of opportunity for attackers
A financial services company is decommissioning many servers that contain highly sensitive financial
information. The company's data protection policy stipulates the need to use the most secure data
destruction methods and comply with strict regulatory requirements. The company also has a
significant environmental sustainability commitment and seeks to minimize waste wherever possible.
Security Operations
A proprietary software remains mission-critical ten years after its in-house creation. The software
requires an exception to the rules as it cannot use the latest in-use operating system (OS) version.
%
How can the IT department protect this mission-critical software and reduce its exposure factor?
(Select the two best options.) - ✔✔Network Segmentation & Compensating Controls
A technology firm's network security specialist notices a sudden increase in unidentified activities on
the firm's Security Information and Event and Management (SIEM) incident tracking system. An
unknown entity or process also increases the number of reported incidents. The specialist decides to
0
investigate these incidents. Which combination of data sources would provide a balanced perspective
to support the investigation? - ✔✔System-specific security logs, which track system-level operations;
logs generated by applications running on hosts; and real-time reports from the SIEM solution,
summarizing incidents.
0
A forensic analyst at an international law enforcement agency investigates a sophisticated
cyber-espionage case. The analyst must uncover the timeline of document interactions, detect
concealed or system-protected files, interpret categories of digital events, and trace digital
breadcrumbs left behind during media uploads on social platforms. What combination of data sources
1
would provide the MOST comprehensive information for this multifaceted investigation? - ✔✔File
metadata with extended attributes and network transaction logs
In a medium-sized organization, the IT department manages a wide range of applications employees
use. Recently, the IT security team identified a growing number of security incidents related to
malware infections and unauthorized access to sensitive data. They suspect that certain applications
may be the entry point for these attacks. To mitigate the risks, the team wants to implement a security
measure that isolates applications from the rest of the system to prevent potential threats from
spreading. They aim to achieve this without affecting the overall performance and usability of the
applications. Which security measure should the IT security team consider implementing to isolate
applications from the rest of the system, reduce the impact of potential security threats, and maintain
optimal performance and usability? - ✔✔Sandboxing
A company's network has experienced increased infiltration due to employees accessing dangerous
websites from different content categories. The company has decided to enhance its security by
implementing reputation-based filtering and content categorization in its web filtering system. Which
of the following BEST compares these features? - ✔✔Reputation-based filtering evaluates sites by
past behavior; content categorization sorts by themes like adult content.
, In a medium-sized tech company, employees have different roles and responsibilities requiring
access to specific resources and data. The IT team is implementing security measures to control
access effectively and reduce the risk of unauthorized activities. What security measure could the IT
team implement in the tech company to control access effectively and minimize the risk of
unauthorized activities? - ✔✔The principle of least privilege to grant employees the minimum needed
access based on job roles
%
The network administrator of a small business needs to enhance the security of the business's
wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main
security measure but recognize the need to adjust other wireless security settings to effectively
complement WPA3 and create a robust network for all employees to access critical company
resources securely. What considerations should the network administrator consider when
0
implementing WPA3 and adjusting wireless security settings? (Select the two best options.) -
✔✔Implementing 802.1X authentication for user devices & Enabling media access control address
filtering to restrict access to authorized devices
An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor
0
conducts a compliance scan, using the security content automation protocol (SCAP), to measure
system and configuration settings against a best practice framework. Which XML schema should the
IT auditor use to develop and audit BEST practice configuration checklists and rules? -
✔✔Extensible configuration checklist description format
1
A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized
web-filtering technique groups websites into categories such as social networking, gambling, and
webmail? - ✔✔Content categorization
After a breach, an organization implements new multifactor authentication (MFA) protocols. What
MFA philosophy incorporates using a smart card or key fob to support authentication? -
✔✔Something you have
An IT admin has been testing a newly released software patch and discovered an exploitable
vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability
Enumeration (CVE), utilizing the common vulnerability scoring system (CVSS) to base the score for
the vulnerability. What could happen if there are delays in completing the report? (Select the two best
options.) - ✔✔Can lead to delays in remediation & Increase window of opportunity for attackers
A financial services company is decommissioning many servers that contain highly sensitive financial
information. The company's data protection policy stipulates the need to use the most secure data
destruction methods and comply with strict regulatory requirements. The company also has a
significant environmental sustainability commitment and seeks to minimize waste wherever possible.
