Free CompTIA SY0-701 Exam Questions (page: 81)

Which of the following is a risk of conducting a vulnerability assessment?

  1. A disruption of business operations
  2. Unauthorized access to the system
  3. Reports of false positives
  4. Finding security gaps in the system

Answer(s): A

Explanation:

During a vulnerability assessment, scanning or testing can sometimes interfere with normal system operations, potentially leading to slowdowns, unresponsiveness, or even outages. This can disrupt business operations, especially if the assessment is run on production systems without adequate precautions or scheduling during low-impact times.



Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

  1. Creating a false text file in /docs/salaries
  2. Setting weak passwords in /etc/shadow
  3. Scheduling vulnerable jobs in /etc/crontab
  4. Adding a fake account to /etc/passwd

Answer(s): A

Explanation:

A file with a name like "salaries" suggests sensitive information, which would likely draw the attention of an insider threat looking for valuable or confidential data. This technique is often used as part of a honeypot strategy to monitor and detect suspicious activity by insiders attempting unauthorized access.



An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company’s security awareness training program?

  1. Insider threat detection
  2. Simulated threats
  3. Phishing awareness
  4. Business continuity planning

Answer(s): A

Explanation:

Insider threats pose a significant risk to intellectual property, as insiders often have access to sensitive information and may attempt to misuse it. Training employees to recognize signs of insider threats, along with implementing monitoring and reporting protocols, helps protect intellectual property from theft or unauthorized disclosure by employees or other trusted individuals within the organization.



An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

  1. Cloud-based
  2. Peer-to-peer
  3. On-premises
  4. Hybrid

Answer(s): C

Explanation:

An on-premises architecture provides the highest level of control over data security, as the organization manages its own hardware, software, and network infrastructure directly. This setup enables the organization to implement strict access controls, customize security measures according to regulatory requirements, and avoid some of the risks associated with data transmission and storage in cloud environments, particularly for sensitive or proprietary information.



Which of the following is the most relevant reason a DPO would develop a data inventory?

  1. To manage data storage requirements better
  2. To determine the impact in the event of a breach
  3. To extend the length of time data can be retained
  4. To automate the reduction of duplicated data

Answer(s): B

Explanation:

A data inventory provides a comprehensive overview of what data the organization holds, where it is stored, and its sensitivity. This information is crucial for assessing the potential impact of a data breach, as it allows the DPO to identify which data would be affected and the associated risks. Additionally, it aids in compliance with data protection regulations by ensuring that sensitive data is adequately managed and protected.



Viewing page 81 of 138



Post your Comments and Discuss CompTIA SY0-701 exam prep with other Community members:

SY0-701 Exam Discussions & Posts