Which of the following is die most important security concern when using legacy systems to provide production service?
Correct Answer: C
Question 72
A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).
Correct Answer: E,F
Multi-Factor Authentication (MFA) and patch management are both examples of preventative and technical controls. MFA prevents unauthorized access by requiring multiple forms of verification, and patch management ensures that systems are protected against vulnerabilities by applying updates. Both of these controls are implemented using technical methods, and they work to prevent security incidents before they occur. Reference: CompTIA Security+ SY0-701 Course Content: Domain 1: General Security Concepts, and Domain 4: Identity and Access Management, which cover the implementation of preventative and technical controls.
Question 73
A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?
Correct Answer: C
Question 74
Which of the following would be thebestway to block unknown programs from executing?
Correct Answer: B
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12. The other options are not the best ways to block unknown programs from executing: Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control list can control thepermissions and privileges of users or groups, but it does not directly block unknown programs from executing13. Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing1 . DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the confidentiality and integrity of data, but it does not directly block unknown programs from executing1 . References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting - CompTIA Security+ SY0-701 - 3.5, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA Security+ SY0-701 Certification Study Guide, page 99. : CompTIA Security+ SY0-701 Certification Study Guide, page 100.
Question 75
Which of the following is a use of CVSS?
Correct Answer: D
CVSS (Common Vulnerability Scoring System) is used to assign severity scores to security vulnerabilities, allowing organizations to assess risk and prioritize remediation efforts. By using CVSS scores, teams can address the most critical vulnerabilities first, based on the potential impact. Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.2: "CVSS is used to score the severity of vulnerabilities and prioritize remediation." Exam Objectives 4.2: "Summarize vulnerability management processes."
