SY0-701 Practice Test

Explanation: Estimating the recovery time of systems is a task typically included in the Business Impact Analysis (BIA) process. BIA involves identifying the critical functions of a business and determining the impact of a disruption. This includes estimating how long it will take to recover systems and resume normal operations.
Estimating the recovery time of systems: A key component of BIA, which helps in understanding the time needed to restore systems and services after a disruption. Identifying the communication strategy: Typically part of the incident response plan, not BIA.
Evaluating the risk management plan: Part of risk management, not specifically BIA. Establishing the backup and recovery procedures: Important for disaster recovery, not directly part of BIA.
Developing the incident response plan: Focuses on responding to security incidents, not on the impact analysis.
Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk management process (Business Impact Analysis - BIA).

Explanation: To ensure that sensitive data, such as Personally Identifiable Information (PII), is not modified, the bank should implement file integrity monitoring (FIM). FIM tracks changes to files and provides alerts if unauthorized modifications are detected, ensuring data integrity. Full disk encryption protects data at rest but does not prevent or monitor modifications. Network access control (NAC) manages access to the network but doesn't monitor file changes. User behavior analytics (UBA) detects suspicious user activities but is not focused on file integrity.

Explanation: Push notifications offer a seamless and user-friendly method of multi-factor authentication (MFA) that can easily integrate into a user’s workflow. This method leverages employee-owned devices, like smartphones, to approve authentication requests through a push notification. It's convenient, quick, and doesn't require the user to input additional codes, making it a preferred choice for seamless integration with existing workflows. References = CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

Explanation: Zero Trust is a security model that assumes no trust for any entity inside or outside the network perimeter and requires continuous verification of identity and permissions. Zero Trust can provide a secure zone by isolating and protecting sensitive data and resources from unauthorized access. Zero Trust can also enforce a company- wide access control policy by applying the principle of least privilege and granular segmentation for users, devices, and applications. Zero Trust can reduce the scope of threats by preventing lateral movement and minimizing the attack surface.
References: 5: This source explains the concept and benefits of Zero Trust security and how it differs from traditional security models. 8: This source provides an overview of Zero Trust identity security and how it can help verify the identity and integrity of users and devices.

Explanation: A false positive is a result that indicates a vulnerability or a problem when there is none. In this case, the vulnerability scanning report shows that the telnet service on port 23 is open and uses an insecure network protocol. However, the security analyst performs a test using nmap and a script that checks for telnet encryption support. The result shows that the telnet server supports encryption, which means that the data transmitted between the client and the server can be protected from eavesdropping. Therefore, the reported vulnerability is a false positive and does not reflect the actual security posture of the server. The security analyst should verify the encryption settings of the telnet server and client and ensure that they are configured properly3. References: 3: Telnet Protocol - Can You Encrypt Telnet?