CompTIA SY0-701 Practice Test - Questions Answers, Page 22

When calculating risk ratings, the concepts of impact and likelihood are most likely to be considered. Risk assessment typically involves evaluating the potential impact of a threat (how severe the consequences would be if the threat materialized) and the likelihood of the threat occurring (how probable it is that the threat will occur).

Impact: Measures the severity of the consequences if a particular threat exploits a vulnerability. It considers factors such as financial loss, reputational damage, and operational disruption.

Likelihood: Measures the probability of a threat exploiting a vulnerability. This can be based on historical data, current threat landscape, and expert judgment.

To increase the resilience of an application by splitting the traffic between two identical sites, a systems administrator should set up load balancing. Load balancing distributes network or application traffic across multiple servers or sites, ensuring no single server becomes overwhelmed and enhancing the availability and reliability of applications.

Load balancing: Distributes traffic across multiple servers to ensure high availability and reliability. It helps in managing the load efficiently and can prevent server overloads.

Geographic disruption: Not a standard term related to resilience. This might imply the use of geographically distributed sites but isn't the precise solution described.

Failover: Refers to switching to a standby server or system when the primary one fails. It doesn't inherently split traffic but rather takes over when a failure occurs.

Parallel processing: Refers to the simultaneous processing of tasks, not specifically related to load balancing web traffic.

To prevent the issuance of an MFA bypass code to an attacker posing as an employee, implementing identity proofing would be most effective. Identity proofing involves verifying the identity of individuals before granting access or providing sensitive information.

Identity proofing: Ensures that the person requesting the MFA bypass is who they claim to be, thereby preventing social engineering attacks where attackers pose as legitimate employees.

Hardware token MFA: Provides an additional factor for authentication but does not address verifying the requester's identity.

Biometrics: Offers strong authentication based on physical characteristics but is not related to the process of issuing MFA bypass codes.

Least privilege: Limits access rights for users to the bare minimum necessary to perform their work but does not prevent social engineering attacks targeting the service desk.

When a security manager is hired from outside the organization to lead security operations, the first action should be to review the existing security policies. Understanding the current security policies provides a foundation for identifying strengths, weaknesses, and areas that require improvement, ensuring that the security program aligns with the organization's goals and regulatory requirements.

Review security policies: Provides a comprehensive understanding of the existing security framework, helping the new manager to identify gaps and areas for enhancement.

Establish a security baseline: Important but should be based on a thorough understanding of existing policies and practices.

Adopt security benchmarks: Useful for setting standards, but reviewing current policies is a necessary precursor.

Perform a user ID revalidation: Important for ensuring user access is appropriate but not the first step in understanding overall security operations.

To ensure the integrity of compiled binaries in the production environment, the best security measure is code signing. Code signing uses digital signatures to verify the authenticity and integrity of the software, ensuring that the code has not been tampered with or altered after it was signed.

Code signing: Involves signing code with a digital signature to verify its authenticity and integrity, ensuring the compiled binaries have not been altered.

Input validation: Ensures that only properly formatted data enters an application but does not verify the integrity of compiled binaries.

SQL injection: A type of attack, not a security measure.

Static analysis: Analyzes code for vulnerabilities and errors but does not ensure the integrity of compiled binaries in production.

To demonstrate that the system can be restored to a working state in the event of a performance issue after deploying a change, the systems administrator must submit a backout plan. A backout plan outlines the steps to revert the system to its previous state if the new deployment causes problems.

Backout plan: Provides detailed steps to revert changes and restore the system to its previous state in case of issues, ensuring minimal disruption and quick recovery.

Impact analysis: Evaluates the potential effects of a change but does not provide steps to revert changes.

Test procedure: Details the steps for testing the change but does not address restoring the system to a previous state.

Approval procedure: Involves obtaining permissions for the change but does not ensure system recovery in case of issues.

The security administrator's actions of removing default permissions and adding permissions only for users who need access as part of their job duties best describe the principle of least privilege. This principle ensures that users are granted the minimum necessary access to perform their job functions, reducing the risk of unauthorized access or data breaches.

Least privilege: Limits access rights for users to the bare minimum necessary for their job duties, enhancing security by reducing potential attack surfaces.

Encryption standard compliance: Involves meeting encryption requirements, but it does not explain the removal and assignment of specific permissions.

Data replication requirements: Focus on duplicating data across different systems for redundancy and availability, not related to user permissions.

Access control monitoring: Involves tracking and reviewing access to resources, but the scenario is about setting permissions, not monitoring them.

Effective change management procedures include having a backout plan when a patch fails. A backout plan ensures that there are predefined steps to revert the system to its previous state if the new change or patch causes issues, thereby minimizing downtime and mitigating potential negative impacts.

Having a backout plan when a patch fails: Essential for ensuring that changes can be safely reverted in case of problems, maintaining system stability and availability.

Approving the change after a successful deployment: Changes should be approved before deployment, not after.

Using a spreadsheet for tracking changes: While useful for documentation, it is not a comprehensive change management procedure.

Using an automatic change control bypass for security updates: Bypassing change control can lead to unapproved and potentially disruptive changes.