Free Access CompTIA.SY0-701.v2025-10-27.q603 Practice Test (Page 86)

Question 421

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out.
This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

A.A brute-force attack was used against the time-keeping website to scan for common passwords.

B.A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site.

D.ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine.

Question 422

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A.Accept

B.Transfer

C.Mitigate

D.Avoid

Correct Answer: B

Explanation
Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A risk register is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization. The four common risk mitigation strategies are:
* Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is usually chosen when the risk is low or the cost of mitigation is too high.
* Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is high or the company lacks the resources or expertise to handle the risk.
* Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk.
This strategy is usually chosen when the risk is moderate or the cost of mitigation is reasonable.
* Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is unacceptable or the cost of mitigation is too high.
By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a cyberattack. Therefore, the correct answer is B.
Transfer. References = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 377. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).

Question 423

A systems administrator discovers a system that is no longer receiving support from the vendor.
However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

A.Accept

B.Transfer

C.Reject

D.Avoid

Question 424

A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support. Which of the following best meets the company's needs?

A.IAM

B.IPS

C.WAF

D.SASE

Question 425

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A.Clustering servers

B.Off-site backups

C.Geographic dispersion

D.Load balancers

Other Version: 3845CompTIA.SY0-701.v2024-10-22.q162; 5312CompTIA.SY0-701.v2024-07-17.q165

Latest Upload: 296PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 429Nokia.4A0-113.v2026-05-01.q69; 459EC-COUNCIL.312-49v11.v2026-04-30.q214; 431Microsoft.MB-820.v2026-04-30.q101; 294Salesforce.MC-202.v2026-04-30.q57; 342BICSI.INSTC_V8.v2026-04-29.q53; 480NMLS.MLO.v2026-04-28.q82; 308NCARB.Project-Management.v2026-04-28.q27; 573EMC.D-AV-DY-23.v2026-04-27.q184; 1439ServiceNow.CSA.v2026-04-27.q483

Question 421

Question 422

Question 423

Question 424

Question 425

Download PDF File