Home / CompTIA / SY0-701

Question list

List of questions

Question 1

(5)

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Question 2

(5)

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Question 3

(3)

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Question 4

(3)

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator

Question 5

(5)

Which of the following involves an attempt to take advantage of database misconfigurations?

Question 6

(4)

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use

Question 7

(1)

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Question 8

(4)

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Question 9

(4)

Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 10

(4)

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

Question 54 - SY0-701 discussion

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Transfer

Mitigate

Avoid

Suggested answer: B

Explanation:

Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A risk register is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization. The four common risk mitigation strategies are:

Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is usually chosen when the risk is low or the cost of mitigation is too high.

Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is high or the company lacks the resources or expertise to handle the risk.

Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk. This strategy is usually chosen when the risk is moderate or the cost of mitigation is reasonable.

Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is unacceptable or the cost of mitigation is too high.

By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a cyberattack. Therefore, the correct answer is B. Transfer.Reference=CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 377.Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).

Show Answer

asked 02/10/2024

Gbena Wale

32 questions

Your answer: A B C D

0 comments

Sorted by