CompTIA SY0-701 Practice Test

Explanation:

A) Channel overlap is the correct answer.
The issue describes a scenario where multiple wireless access points (WAPs) in the same area (lobby) are using similar frequencies with high power settings. This likely causes channel interference (co-channel or adjacent-channel interference), where signals on the same or overlapping channels disrupt each other, leading to poor performance and connectivity issues for mobile users. The security team should evaluate:

The specific channels assigned to each WAP to avoid overlap.

Adjusting power settings to reduce interference while maintaining coverage.

Ensuring proper channel planning (e.g., using non-overlapping channels like 1, 6, 11 in the 2.4 GHz band).

Why the others are incorrect:

B) Encryption type:
While encryption (e.g., WPA3) is critical for security, it does not cause internet access issues if misconfigured; it would simply prevent authentication or data decryption. The problem here is related to signal interference, not encryption.

C) New WLAN deployment:
The upgrade already occurred, and the issue is localized to the lobby. Re-deploying the entire WLAN is excessive without first diagnosing the specific interference problem.

D) WAP placement:
The heat map already identified multiple WAPs in the area, so placement is likely a factor. However, the root cause is the channel overlap and high power settings causing interference. Adjusting channels or power is a more direct solution than physically moving WAPs.

Reference:
This question tests knowledge of Domain 3.3: Given a scenario, implement secure network designs and Domain 2.6: Explain the security implications of embedded and specialized systems. Proper WLAN configuration, including channel planning and power management, is essential to avoid interference and ensure reliable connectivity, as covered in the SY0-701 objectives.

Explanation: When a company is developing a critical system for the government and storing project information on a fileshare, the data will most likely be classified as Confidential and Restricted.
Confidential: Indicates that the data is sensitive and access is limited to authorized individuals. This classification is typically used for information that could cause harm if disclosed.
Restricted: Indicates that access to the data is highly controlled and limited to those with a specific need to know. This classification is often used for highly sensitive information that requires stringent protection measures. Private: Generally refers to personal information that is not meant to be publicly accessible.
Public: Information that is intended for public access and does not require protection. Operational: Relates to day-to-day operations, but not necessarily to data classification. Urgent: Refers to the priority of action rather than data classification.
Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1 - Security program management and oversight (Data classification).

Explanation:
To prevent a single point of failure (D) is the correct answer. In this context, the "single point of failure" is the security analyst who developed the script. If they are the only person who understands how it works, the team faces significant risks:

Bus Factor:
If that analyst is unavailable (e.g., leaves the company, is on vacation, or is ill), no one else can maintain, troubleshoot, or modify the script.

Operational Risk:
If the script breaks or needs to be updated for a new system, the task it automates could grind to a halt until the original author returns or someone else painstakingly reverse-engineers the code.

Knowledge Silo:
The script's functionality and purpose are trapped with one individual, which is an inefficient and risky way to manage operational processes.

Ensuring other team members understand the script distributes this knowledge, eliminating the single point of failure and making the team more resilient.

Why the others are incorrect:

A) To reduce implementation cost:
The initial implementation cost (the time spent by the analyst to write the script) has already been incurred. Teaching others how it works may have a minor upfront time cost and does not reduce the original development cost. Its primary benefit is reducing future operational and maintenance risks.

B) To identify complexity:
While the process of explaining the script to others might incidentally reveal its complexity, this is not the primary goal or benefit. The explicit goal is knowledge sharing for continuity and resilience.

C) To remediate technical debt:
Technical debt refers to the implied cost of future rework caused by choosing an easy, limited, or quick solution now instead of a better approach that would take longer. The script itself might be technical debt if it's a quick-and-dirty solution. Sharing knowledge about it helps the team manage the debt, but it doesn't directly remediate (fix/rewrite) it.

Reference:
This scenario relates to Domain 4.5: Explain key aspects of digital forensics documentation and evidence handling, but more broadly, it touches on general security operations best practices. It emphasizes the importance of documentation and knowledge sharing within a security team to ensure operational continuity and resilience, which is a core principle in maintaining an effective security posture.

Explanation: The most important security concern when using legacy systems is the lack of vendor support. Without support from the vendor, systems may not receive critical security patches and updates, leaving them vulnerable to exploitation. This lack of support can result in increased risk of security breaches, as vulnerabilities discovered in the software may never be addressed.
References = CompTIA Security+ SY0-701 study materials, particularly in the context of risk management and the challenges posed by legacy systems.

Explanation:

C: is correct because a Cybersecurity Framework (CSF), such as the NIST Cybersecurity Framework, provides a high-level, strategic view of an information security program. It is built around core functions like Identify, Protect, Detect, Respond, and Recover. Adopting the same CSF provides a common language, a standardized set of goals, and a consistent methodology for managing cybersecurity risk across both organizations. This alignment is crucial for a merger, as it allows the new, combined entity to build a unified, cohesive, and effective security program from the top down, rather than trying to awkwardly stitch together two different security cultures and processes.

A: is incorrect because while deploying CIS (Center for Internet Security) baselines is an excellent technical control for standardizing system hardening (e.g., configuring OS and software settings), it is a tactical, technical solution. It does not provide the overarching strategic alignment needed for entire security programs, which encompass people, processes, and technology far beyond just system configuration.

B: is incorrect because "joint cybersecurity best practices" is a vague and informal concept. Without a defined framework to structure these practices, this approach would likely lead to confusion and disagreements over what constitutes a "best practice." A formal framework provides the necessary structure and authority for standardization.

D: is incorrect because an assessment of controls in a vulnerability report is a point-in-time, operational activity. It focuses on identifying technical weaknesses (vulnerabilities) and the controls that are missing or failing. This is a useful tool within a security program but is far too narrow and reactive to serve as the foundation for standardizing two entire security programs during a major business event like a merger.

Reference:
This question falls under Domain 5.0: Governance, Risk, and Compliance (GRC). It specifically addresses the use of frameworks, policies, and procedures to manage and align cybersecurity strategy, which is a primary objective of the GRC domain. The NIST CSF is a key industry framework highlighted in the SY0-701 objectives.

Explanation:
A) Estimating the recovery time of systems is a core component of the Business Impact Analysis (BIA) process. The BIA focuses on identifying and evaluating the potential effects of disruptions on critical business operations. Key tasks include:

Determining the Recovery Time Objective (RTO): The maximum acceptable time to restore a system or process after a disruption.

Determining the Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time.

Identifying critical systems, processes, and their dependencies.

Assessing the financial, operational, and legal impacts of downtime.

Why the others are incorrect:

B) Identifying the communication strategy:
This is typically part of the incident response plan or crisis communication plan, not the BIA. The BIA informs these plans but does not directly develop them.

C) Evaluating the risk management plan:
The BIA provides input to the risk management plan by quantifying impacts, but it does not evaluate the plan itself.

D) Establishing backup and recovery procedures:
This is an outcome of the BIA (informed by RTO/RPO) but is detailed in the disaster recovery plan (DRP), not the BIA process itself.

E) Developing the incident response plan:
This is a separate process that addresses security incidents, while the BIA focuses on business continuity and disaster recovery planning.

Reference:
This question tests knowledge of Domain 5.4: Explain the importance of business continuity and disaster recovery concepts. The BIA is a foundational step in business continuity planning, as emphasized in the SY0-701 objectives. It prioritizes recovery efforts based on quantitative impacts (e.g., RTO/RPO), ensuring resources are allocated effectively.

Explanation:
File Integrity Monitoring (FIM) is a security control that continuously checks and alerts on unauthorized changes (modifications, deletions, or additions) to critical files, configurations, and directories. By implementing FIM on the server containing customers' PII (Personally Identifiable Information), the bank can ensure that any unauthorized modification to this sensitive data is immediately detected and investigated. This directly addresses the requirement to ensure data is not modified improperly.

Why the others are incorrect:

A) Full disk encryption:
This protects data at rest from unauthorized access if the physical disk is stolen or lost by encrypting the entire storage volume. However, it does not prevent modifications to files by authorized users or malware that has gained access to the system while it is running.

B) Network access control:
NAC regulates which devices are allowed to connect to a network based on security policies. It focuses on network access but does not monitor or protect against modifications to files on a server once access is granted.

D) User behavior analytics:
UBA analyzes user activities to detect anomalous behavior that might indicate insider threats or compromised accounts. While it can indirectly signal potential risks, it does not specifically monitor or prevent file modifications like FIM does.

Reference:
This aligns with SY0-701 Objective 3.2 ("Given a scenario, implement host or application security solutions") and data protection principles. FIM is a critical control for compliance with standards like PCI DSS, which requires monitoring changes to critical files to ensure data integrity. Tools like Tripwire or AWS GuardDuty (for cloud) are examples of FIM solutions.

Explanation:
Push notifications for Multi-Factor Authentication (MFA) best meet all the stated requirements:

Seamless & Integrates into Workflow:
A push notification is sent automatically to an app on the user's device (e.g., Microsoft Authenticator, Duo). The user simply reviews the login details and taps "Approve" or "Deny." This requires minimal effort and integrates smoothly into a modern digital workflow without interrupting it.

Utilize Employee-Owned Devices (BYOD):
Push notification MFA relies on a software app installed on a smartphone. This is ideal for a Bring Your Own Device (BYOD) model, as employees can easily install the required app on their personal phones without the company needing to provision hardware.

Why not B?
Phone call: While a phone call can use an employee-owned device, it is not seamless. It requires the user to answer the call and often press a specific number on the keypad. This is more disruptive and time-consuming than a simple push notification approval.

Why not C?
Smart card: A smart card is a physical hardware token that must be issued by the company. This does not utilize employee-owned devices and requires the company to manage the procurement, distribution, and lifecycle of the cards. It is also less seamless, as it requires a reader and the physical action of inserting the card.

Why not D?
Offline backup codes: These are one-time-use codes provided to users as a backup method if their primary MFA is unavailable. They are not a primary authentication method and are neither seamless nor integrated into a workflow. They are a manual, fallback option.

Reference:
Domain 1.4: "Given a scenario, analyze indicators of malicious activity." While this domain covers broader topics, understanding MFA methods is a core part of identity and access management, which is foundational to security. Push notifications are a recommended, user-friendly MFA method in modern security frameworks like NIST's guidelines on digital identity.

Explanation:
Zero Trust is a security model that aligns perfectly with all three requirements:

Provide a secure zone:
Zero Trust architecture creates micro-segments and secure enclaves within the network. Instead of a single "trusted" internal network, it establishes multiple "secure zones" where access is strictly controlled.

Enforce a company-wide access control policy:
A core principle of Zero Trust is "never trust, always verify." It mandates strict identity verification and least-privilege access controls for every user and device, regardless of whether they are inside or outside the corporate network. This is a universal (company-wide) policy.

Reduce the scope of threats:
By segmenting the network (creating secure zones) and enforcing granular access controls, Zero Trust contains potential breaches. If a threat actor compromises one system, their ability to move laterally to other systems (the "scope" of the threat) is severely limited.

Why not B?
AAA (Authentication, Authorization, and Accounting) is a framework for access control. While it is a critical component used within a Zero Trust model to "enforce access control policy," it is not the overarching framework that also provides "secure zones" and "reduces threat scope" through segmentation.

Why not C?
Non-repudiation is a legal concept that ensures a party cannot deny the authenticity of their signature on a document or a message they sent. It is achieved through techniques like digital signatures. It does not relate to creating secure zones or reducing threat scope.

Why not D?
CIA Triad (Confidentiality, Integrity, Availability) is the fundamental model of information security. It describes security goals (what to protect) but is not a specific architecture or solution that an administrator would "set up" to meet these technical requirements.

Reference:
Domain 2.1: "Explain the importance of security concepts in an enterprise environment." The SY0-701 objectives specifically list Zero Trust as a key security concept, describing it as a model that eliminates implicit trust and continuously validates every stage of digital interaction. The requirements in the question are a direct match for the goals and implementation of a Zero Trust architecture.

Explanation:
The vulnerability scan reported a high-severity issue because Telnet (port 23) is an insecure protocol that transmits data (including credentials) in cleartext, making it susceptible to eavesdropping.

However, the security analyst performed a follow-up test using an Nmap script (telnet-encryption) specifically designed to check if the Telnet service supports encryption. The result (Telnet server supports encryption) indicates that this particular Telnet implementation uses encryption to protect the data in transit, mitigating the inherent risk of the protocol.

Therefore, the original vulnerability scan incorrectly flagged this as a high-severity issue because it did not detect the encryption support. This makes the report a false positive—a finding that is incorrectly identified as a vulnerability when it is not actually present or is mitigated.

Why the others are incorrect:

B. A rescan is required:
A rescan might be useful for verification, but the analyst already conducted a targeted test that provided conclusive evidence (encryption is supported). No further scanning is needed to confirm this specific issue.

C. It is considered noise:
"Noise" in scanning refers to irrelevant or low-priority findings that clutter reports. This was a high-severity finding that required investigation, not mere noise.

D. Compensating controls exist:
Compensating controls are alternative measures (e.g., network segmentation) that reduce risk. Here, the encryption is a direct feature of the service itself, not an external compensating control.

Reference:
This aligns with SY0-701 Objective 4.1 ("Given a scenario, analyze indicators of malicious activity"). Vulnerability management includes validating scan results to eliminate false positives, as emphasized in best practices like NIST SP 800-115 ("Technical Guide to Information Security Testing and Assessment"). The use of tools like Nmap scripts for deeper verification is a key analyst skill.