CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 4 )

Explanation:

A) Enabling malware detection through a UTM best addresses protecting file uploads by inspecting content for malware at the network edge, reducing risk from PDFs containing malware before reaching hosts.
B) Incorrect: Blocking command injections via a WAF focuses on input validation for web apps, not general malware in uploaded PDFs; while helpful for input-based attacks, it’s not as comprehensive for uploaded file scanning as a UTM’s malware signature/id-based detection.
C) Limiting affected servers with a load balancer helps availability and segmentation but does not detect or scan uploaded PDFs for malware.
D) Utilizing attack signatures in an IDS detects known network attacks but is not effective for inspecting individual uploaded files for malware.

Reference:

Explanation:

A) D is correct because ensuring others understand the script reduces reliance on a single individual and avoids a single point of failure, promoting cross-team knowledge and continuity. B) Identifying complexity is useful, but the primary benefit here is resilience through shared understanding, not merely recognizing complexity. C) Remediating technical debt involves addressing long-term quality and maintainability; while helpful, it is not the main reason for team-wide understanding in this scenario. E) The option list has no E; among given options, A) to reduce implementation cost is not as strong as preventing a single point of failure.

Reference:

Explanation:

Containerization is the correct approach because it consolidates workloads into isolated containers, reducing the number of separate OS instances while maintaining process isolation and consistent security boundaries. It enables lightweight, portable deployment across hosts, lowering attack surface and simplifying patch management.
A) Microservices - While compatible with containerization, microservices describes an architectural style, not a deployment mechanism to reduce OS instances.
C) Virtualization - Increases the number of OS instances (each VM runs its own OS), opposite of the goal.
D) Infrastructure as code - Automates provisioning, not specifically reducing OS counts or isolation boundaries.

Reference:

Explanation:

A) Disabling default accounts prevents attackers from using well-known credentials to gain initial access.
C) Removing unnecessary services reduces the attack surface by limiting exploitable functionality.
B) Adding the server to asset inventory is a good practice but not a hardening step per se.
D) Documenting default passwords is risky and counterproductive; change or remove defaults.
E) Sending logs to SIEM aids monitoring, not a hardening action.
F) Joining to a domain is deployment/management but not a direct hardening step; could introduce additional risks if misconfigured.

Reference:

Explanation:

A) Internal auditing provides ongoing, formal reviews of controls and procedures to verify compliance objectives and governance, meeting frequent assessment needs.
B) Penetration testing simulates external attacks to find exploitable flaws, not a broad compliance review.
C) Internal auditing is correct: systematic evaluation of controls, policies, and procedures to ensure compliance with standards and objectives.
D) Vulnerability scans identify known weaknesses but do not assess adherence to policies or governance requirements, nor provide comprehensive compliance evidence.

Reference:

Explanation:

A RADIUS server provides centralized AAA (Authentication, Authorization, and Accounting) services for network access, enabling verification, policy enforcement, and session tracking. B is correct. A) CIA is a confidentiality, integrity, availability model not specifically implemented by RADIUS. C) ACLs are access control lists used to permit or deny traffic, not the primary function of a RADIUS server. D) PEM refers to privacy-enhanced mail or certificate formats, not a security concept tied to RADIUS functionality.

Reference:

Explanation:

A clear version control process tracks, documents, and audits all revisions to contracts, enabling rollback and accountability across multiple revisions. A) Version validation is not a standard term for tracking changes. B) Version changes implies changes occur but lacks the formal mechanism and history tracking. C) Version updates suggests updating but not preserving a complete change history. D) Version control provides a structured system (check-in/check-out, changelogs, permissions) to manage contract revisions across three iterations.

Reference:

Explanation:

A cold site provides DR capability at the lowest ongoing cost by providing space and basic infrastructure without active systems, meeting the requirement to minimize costs and without funding extra internet connections.
A) Hot site is expensive with immediate readiness and active systems, not aligning with cost constraints.
C) Failover site is not a standard DR option and could imply dynamic switching; it’s not the commonly defined DR facility type.
D) Warm site has partial readiness and some pre-installed equipment, but typically costs more than a cold site and may require bandwidth setup.

Reference: