Comptia Security+ SY0-701 - Domain 4.0
Security Operations (Rom Comptia
Security+ SY0-701 Certmaster
Assessment Course) With Complete
Solutions
A proprietary software remains mission-critical ten years after its in-house creation. The
software requires an exception to the rules as it cannot use the latest in-use operating
system (OS) version. How can the IT department protect this mission-critical software
and reduce its exposure factor? (Select the two best options.) - ANSWER-Network
Segmentation & Compensating Controls
A technology firm's network security specialist notices a sudden increase in unidentified
activities on the firm's Security Information and Event and Management (SIEM) incident
tracking system. An unknown entity or process also increases the number of reported
incidents. The specialist decides to investigate these incidents. Which combination of
data sources would provide a balanced perspective to support the investigation? -
ANSWER-System-specific security logs, which track system-level operations; logs
generated by applications running on hosts; and real-time reports from the SIEM
solution, summarizing incidents.
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER-File
metadata with extended attributes and network transaction logs
In a medium-sized organization, the IT department manages a wide range of
applications employees use. Recently, the IT security team identified a growing number
of security incidents related to malware infections and unauthorized access to sensitive
data. They suspect that certain applications may be the entry point for these attacks. To
mitigate the risks, the team wants to implement a security measure that isolates
applications from the rest of the system to prevent potential threats from spreading.
They aim to achieve this without affecting the overall performance and usability of the
applications. Which security measure should the IT security team consider
implementing to isolate applications from the rest of the system, reduce the impact of
potential security threats, and maintain optimal performance and usability? - ANSWER-
Sandboxing
, A system administrator has seen repeated positive vulnerability messages only to
discover that no vulnerability exists. The vulnerability messages repeat daily for several
days, causing the system administrators to ignore them. What can the system
administrator do to combat false positives? (Select the two best options.) - ANSWER-
Adjust scanner config based on log review & Use different scanners
A security operations analyst at a financial institution analyzes an incident involving
unauthorized transactions. The analyst suspects that a malware infection on one of the
endpoints might have led to the unauthorized access. To identify the root cause and
trace the activities of the suspected malware, which combination of data sources should
the analyst primarily consider? - ANSWER-Endpoint logs, log files generated by the OS
components of the affected host computer, and logs from the host-based intrusion
detection system.
A healthcare organization is retiring an old database server that housed sensitive
patient information. It aims to ensure that this information is completely irretrievable.
What key process should the organization prioritize before disposing of this server? -
ANSWER-Secure destruction of all data stored on the server
A company's network has experienced increased infiltration due to employees
accessing dangerous websites from different content categories. The company has
decided to enhance its security by implementing reputation-based filtering and content
categorization in its web filtering system. Which of the following BEST compares these
features? - ANSWER-Reputation-based filtering evaluates sites by past behavior;
content categorization sorts by themes like adult content.
In a medium-sized tech company, employees have different roles and responsibilities
requiring access to specific resources and data. The IT team is implementing security
measures to control access effectively and reduce the risk of unauthorized activities.
What security measure could the IT team implement in the tech company to control
access effectively and minimize the risk of unauthorized activities? - ANSWER-The
principle of least privilege to grant employees the minimum needed access based on
job roles
The network administrator of a small business needs to enhance the security of the
business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3
(WPA3) as the main security measure but recognize the need to adjust other wireless
security settings to effectively complement WPA3 and create a robust network for all
employees to access critical company resources securely. What considerations should
the network administrator consider when implementing WPA3 and adjusting wireless
security settings? (Select the two best options.) - ANSWER-Implementing 802.1X
authentication for user devices & Enabling media access control address filtering to
restrict access to authorized devices
Security Operations (Rom Comptia
Security+ SY0-701 Certmaster
Assessment Course) With Complete
Solutions
A proprietary software remains mission-critical ten years after its in-house creation. The
software requires an exception to the rules as it cannot use the latest in-use operating
system (OS) version. How can the IT department protect this mission-critical software
and reduce its exposure factor? (Select the two best options.) - ANSWER-Network
Segmentation & Compensating Controls
A technology firm's network security specialist notices a sudden increase in unidentified
activities on the firm's Security Information and Event and Management (SIEM) incident
tracking system. An unknown entity or process also increases the number of reported
incidents. The specialist decides to investigate these incidents. Which combination of
data sources would provide a balanced perspective to support the investigation? -
ANSWER-System-specific security logs, which track system-level operations; logs
generated by applications running on hosts; and real-time reports from the SIEM
solution, summarizing incidents.
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER-File
metadata with extended attributes and network transaction logs
In a medium-sized organization, the IT department manages a wide range of
applications employees use. Recently, the IT security team identified a growing number
of security incidents related to malware infections and unauthorized access to sensitive
data. They suspect that certain applications may be the entry point for these attacks. To
mitigate the risks, the team wants to implement a security measure that isolates
applications from the rest of the system to prevent potential threats from spreading.
They aim to achieve this without affecting the overall performance and usability of the
applications. Which security measure should the IT security team consider
implementing to isolate applications from the rest of the system, reduce the impact of
potential security threats, and maintain optimal performance and usability? - ANSWER-
Sandboxing
, A system administrator has seen repeated positive vulnerability messages only to
discover that no vulnerability exists. The vulnerability messages repeat daily for several
days, causing the system administrators to ignore them. What can the system
administrator do to combat false positives? (Select the two best options.) - ANSWER-
Adjust scanner config based on log review & Use different scanners
A security operations analyst at a financial institution analyzes an incident involving
unauthorized transactions. The analyst suspects that a malware infection on one of the
endpoints might have led to the unauthorized access. To identify the root cause and
trace the activities of the suspected malware, which combination of data sources should
the analyst primarily consider? - ANSWER-Endpoint logs, log files generated by the OS
components of the affected host computer, and logs from the host-based intrusion
detection system.
A healthcare organization is retiring an old database server that housed sensitive
patient information. It aims to ensure that this information is completely irretrievable.
What key process should the organization prioritize before disposing of this server? -
ANSWER-Secure destruction of all data stored on the server
A company's network has experienced increased infiltration due to employees
accessing dangerous websites from different content categories. The company has
decided to enhance its security by implementing reputation-based filtering and content
categorization in its web filtering system. Which of the following BEST compares these
features? - ANSWER-Reputation-based filtering evaluates sites by past behavior;
content categorization sorts by themes like adult content.
In a medium-sized tech company, employees have different roles and responsibilities
requiring access to specific resources and data. The IT team is implementing security
measures to control access effectively and reduce the risk of unauthorized activities.
What security measure could the IT team implement in the tech company to control
access effectively and minimize the risk of unauthorized activities? - ANSWER-The
principle of least privilege to grant employees the minimum needed access based on
job roles
The network administrator of a small business needs to enhance the security of the
business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3
(WPA3) as the main security measure but recognize the need to adjust other wireless
security settings to effectively complement WPA3 and create a robust network for all
employees to access critical company resources securely. What considerations should
the network administrator consider when implementing WPA3 and adjusting wireless
security settings? (Select the two best options.) - ANSWER-Implementing 802.1X
authentication for user devices & Enabling media access control address filtering to
restrict access to authorized devices
