CompTIA SY0-701 CompTIA Security+ Online Training

Question #51

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

A . Documenting the new policy in a change request and submitting the request to change management
B . Testing the policy in a non-production environment before enabling the policy in the production network
C . Disabling any intrusion prevention signatures on the ‘deny any* policy prior to enabling the new policy
D . Including an ‘allow any1 policy above the ‘deny any* policy

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A firewall policy is a set of rules that defines what traffic is allowed or denied on a network. A firewall policy should be carefully designed and tested before being implemented, as a misconfigured policy can cause network disruptions or security breaches. A common best practice is to test the policy in a non-production environment, such as a lab or a simulation, before enabling the policy in the production network. This way, the technician can verify the functionality and performance of the policy, and identify and resolve any issues or conflicts, without affecting the live network. Testing the policy in a non-production environment would prevent the issue of the ‘deny any’ policy causing several company servers to become unreachable, as the technician would be able to detect and correct the problem before applying the policy to the production network.

Documenting the new policy in a change request and submitting the request to change management is a good practice, but it would not prevent the issue by itself. Change management is a process that ensures that any changes to the network are authorized, documented, and communicated, but it does not guarantee that the changes are error-free or functional. The technician still needs to test the policy before implementing it.

Disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy would not prevent the issue, and it could reduce the security of the network. Intrusion prevention signatures are patterns that identify malicious or unwanted traffic, and allow the firewall to block or alert on such traffic. Disabling these signatures would make the firewall less effective in detecting and preventing attacks, and it would not affect the reachability of the company servers. Including an ‘allow any’ policy above the ‘deny any’ policy would not prevent the issue, and it would render the ‘deny any’ policy useless. A firewall policy is processed from top to bottom, and the first matching rule is applied. An ‘allow any’ policy would match any traffic and allow it to pass through the firewall, regardless of the source, destination, or protocol. This would negate the purpose of the ‘deny any’ policy, which is to block any traffic that does not match any of the previous rules. Moreover, an ‘allow any’ policy would create a security risk, as it would allow any unauthorized or malicious traffic to enter or exit the network.

Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 204-205; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 2.1 – Network Security Devices, 8:00 – 10:00.

Question #52

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days.

Which of the following types of sites is the best for this scenario?

A . Real-time recovery
B . Hot
C . Cold
D . Warm

Reveal Solution Hide Solution

Question #53

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling.

Which of the following best describes this policy?

A . Enumeration
B . Sanitization
C . Destruction
D . Inventory

Reveal Solution Hide Solution

Question #54

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.

Which of the following data classifications should be used to secure patient data?

A . Private
B . Critical
C . Sensitive
D . Public

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Data classification is a process of categorizing data based on its level of sensitivity, value, and impact to the organization if compromised. Data classification helps to determine the appropriate security controls and policies to protect the data from unauthorized access, disclosure, or modification. Different organizations may use different data classification schemes, but a common one is the four-tier model, which consists of the following categories: public, private, sensitive, and critical.

Public data is data that is intended for public access and disclosure, and has no impact to the organization if compromised. Examples of public data include marketing materials, press releases, and public web pages.

Private data is data that is intended for internal use only, and has a low to moderate impact to the organization if compromised. Examples of private data include employee records, financial reports, and internal policies.

Sensitive data is data that is intended for authorized use only, and has a high impact to the organization if compromised. Examples of sensitive data include personal information, health records, and intellectual property.

Critical data is data that is essential for the organization’s operations and survival, and has a severe impact to the organization if compromised. Examples of critical data include encryption keys, disaster recovery plans, and system backups.

Patient data is a type of sensitive data, as it contains personal and health information that is protected by law and ethical standards. Patient data should be used only by authorized personnel for legitimate purposes, and should be secured from unauthorized access, disclosure, or modification. Therefore, the systems administrator should use the sensitive data classification to secure patient data.

Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 90-91; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.5 – Data Classifications, 0:00 – 4:30.

Question #55

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.

Which of the following should the hosting provider consider first?

A . Local data protection regulations
B . Risks from hackers residing in other countries
C . Impacts to existing contractual obligations
D . Time zone differences in log correlation

Reveal Solution Hide Solution

Question #56

Which of the following would be the best way to block unknown programs from executing?

A . Access control list
B . Application allow list.
C . Host-based firewall
D . DLP solution

Reveal Solution Hide Solution

Question #57

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

A . White
B . Purple
C . Blue
D . Red

Reveal Solution Hide Solution

Question #58

A software development manager wants to ensure the authenticity of the code created by the company.

Which of the following options is the most appropriate?

A . Testing input validation on the user input fields
B . Performing code signing on company-developed software
C . Performing static code analysis on the software
D . Ensuring secure cookies are use

Reveal Solution Hide Solution

Question #59

Which of the following can be used to identify potential attacker activities without affecting production servers?

A . Honey pot
B . Video surveillance
C . Zero Trust
D . Geofencing

Reveal Solution Hide Solution

Question #60

During an investigation, an incident response team attempts to understand the source of an incident.

Which of the following incident response activities describes this process?

A . Analysis
B . Lessons learned
C . Detection
D . Containment

Reveal Solution Hide Solution