Curious about Actual CompTIA Security+ (SY0-701) Exam Questions?

Correct : A

The vulnerability likely present in the application that is storing data using MD5 is a cryptographic vulnerability. MD5 is considered to be a weak hashing algorithm due to its susceptibility to collision attacks, where two different inputs produce the same hash output, compromising data integrity and security.

Cryptographic: Refers to vulnerabilities in cryptographic algorithms or implementations, such as the weaknesses in MD5.

Malicious update: Refers to the intentional injection of harmful updates, not related to the use of MD5.

Zero day: Refers to previously unknown vulnerabilities for which no patch is available, not specifically related to MD5.

Side loading: Involves installing software from unofficial sources, not directly related to the use of MD5.

Correct : D

For a company located in an area prone to hurricanes and needing to immediately continue operations, the best type of site is a hot site. A hot site is a fully operational offsite data center that is equipped with hardware, software, and network connectivity and is ready to take over operations with minimal downtime.

Hot site: Fully operational and can take over business operations almost immediately after a disaster.

Cold site: A basic site with infrastructure in place but without hardware or data, requiring significant time to become operational.

Tertiary site: Not a standard term in disaster recovery; it usually refers to an additional backup location but lacks the specifics of readiness.

Warm site: Equipped with hardware and connectivity but requires some time and effort to become fully operational, not as immediate as a hot site.

Correct : C

When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical. In this case, segmenting the legacy server into a private network serves as a compensating control to protect it from potential vulnerabilities that cannot be mitigated directly.

Compensating: Provides an alternative method to achieve the desired security outcome when the primary control is not possible.

Deterrent: Aims to discourage potential attackers but does not directly address segmentation.

Corrective: Used to correct or mitigate the impact of an incident after it has occurred.

Preventive: Aims to prevent security incidents but is not specific to the context of segmentation.

Correct : B

When a security manager is hired from outside the organization to lead security operations, the first action should be to review the existing security policies. Understanding the current security policies provides a foundation for identifying strengths, weaknesses, and areas that require improvement, ensuring that the security program aligns with the organization's goals and regulatory requirements.

Review security policies: Provides a comprehensive understanding of the existing security framework, helping the new manager to identify gaps and areas for enhancement.

Establish a security baseline: Important but should be based on a thorough understanding of existing policies and practices.

Adopt security benchmarks: Useful for setting standards, but reviewing current policies is a necessary precursor.

Perform a user ID revalidation: Important for ensuring user access is appropriate but not the first step in understanding overall security operations.

Correct : B

To reduce the number of individual operating systems while decommissioning physical servers, the company should use containerization. Containerization allows multiple applications to run in isolated environments on a single operating system, significantly reducing the overhead compared to running multiple virtual machines, each with its own OS.

Containerization: Uses containers to run multiple isolated applications on a single OS kernel, reducing the need for multiple OS instances and improving resource utilization.

Microservices: An architectural style that structures an application as a collection of loosely coupled services, which does not necessarily reduce the number of operating systems.

Virtualization: Allows multiple virtual machines to run on a single physical server, but each VM requires its own OS, not reducing the number of OS instances.

Infrastructure as code: Manages and provisions computing infrastructure through machine-readable configuration files, but it does not directly impact the number of operating systems.