Pass the CompTIA CompTIA Security+ SY0-701 Questions and answers with CertsForce

Jailbreaking is the process of removing the restrictions imposed by the manufacturer or carrier on a mobile device, such as an iPhone or iPad. Jailbreaking allows users to install unauthorized applications, modify system settings, and access root privileges. However, jailbreaking also exposes the device to potential security risks, such as malware, spyware, unauthorized access, data loss, and voided warranty. Therefore, an organization may prohibit employees from jailbreaking their mobile devices to prevent these vulnerabilities and protect the corporate data and network. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Mobile Device Security, page 507 2

A screenshot of a computer AI-generated content may be incorrect.

Based on the logs, it seems that the host that originated the infection is 192.168.10.22. This host has a suspicious process named svchost.exe running on port 443, which is unusual for a Windows service. It also has a large number of outbound connections to different IP addresses on port 443, indicating that it is part of a botnet.

The firewall log shows that this host has been communicating with 10.10.9.18, which is another infected host on the engineering network. This host also has a suspicious process named svchost.exe running on port 443, and a large number of outbound connections to different IP addresses on port 443.

The other hosts on the R & D network (192.168.10.37 and 192.168.10.41) are clean, as they do not have any suspicious processes or connections.

The best answer is B. It is used to make access control decisions without inheriting permission decisions from prior events.

In a Zero Trust environment, the core principle is never trust, always verify. A policy engine evaluates each access request using current context and defined security policies. Access is not automatically granted simply because a user or device was previously authenticated or allowed access earlier.

This means decisions are made continuously and based on factors such as:

user identity

device posture

location

requested resource

risk level

session context

The phrase “without inheriting permission decisions from prior events” best reflects the Zero Trust concept that trust is not assumed or permanently granted.

Why the other options are incorrect:

A. It is used by a central server to apply default permissions across a range of network and computing resources.This sounds more like centralized administration, but it does not capture the dynamic, context-based access decision-making of a Zero Trust policy engine.

C. It is used to dynamically assign user permissions based on a user ' s identity and previous activity.This is close, but the wording emphasizes previous activity, whereas Zero Trust focuses on real-time evaluation of current conditions rather than inherited trust.

D. It is used when user roles are unknown and the organization wants to leverage ML to control access.Machine learning may support analytics, but this is not the main purpose of a Zero Trust policy engine.

From the SY0-701 perspective, a policy engine is central to making explicit, context-aware access decisions for every request, which is best captured by B.

Multi-Factor Authentication (MFA) and patch management are both examples of preventative and technical controls. MFA prevents unauthorized access by requiring multiple forms of verification, and patch management ensures that systems are protected against vulnerabilities by applying updates. Both of these controls are implemented using technical methods, and they work to prevent security incidents before they occur.

Serverless architecture allows companies to deploy code without managing the underlying infrastructure. This approach significantly reduces the time and expense involved in code deployment because developers can focus solely on writing code, while the cloud provider manages the servers, scaling, and maintenance. Serverless computing also enables automatic scaling and pay-per-execution billing, which further optimizes costs.

References =

CompTIA Security+ SY0-701 Course Content: The course covers cloud technologies, including serverless architectures, which are highlighted as a method to streamline and reduce costs associated with code deployment​​​.

This scenario describes a bug bounty program, which invites external security researchers to responsibly identify and report vulnerabilities in an organization’s systems. CompTIA Security+ SY0-701 defines bug bounty programs as structured initiatives that reward researchers for discovering and disclosing security flaws before they can be exploited by malicious actors.

Bug bounty programs extend security testing beyond internal teams and provide continuous, real-world testing of public-facing assets. They are particularly effective for identifying zero-day vulnerabilities, logic flaws, and edge-case issues that automated tools may miss.

Red teaming (B) is a controlled, internal or contracted adversarial exercise, not an open invitation. Open-source intelligence (C) involves gathering publicly available information, not vulnerability reporting. Third-party information sharing (D) refers to sharing threat intelligence, not soliciting vulnerability reports.

Because the CISO is inviting the broader security community to report vulnerabilities, the correct answer is A: Bug bounty.

A buffer overflow is a vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory locations. A register is a small storage area in the CPU that holds temporary data or instructions. An attacker can exploit a buffer overflow to overwrite a register with a malicious address that points to a shellcode, which is a piece of code that gives the attacker control over the system. By doing so, the attacker can bypass the normal execution flow of the application and execute arbitrary commands.

Bug bounty programs invite vetted external researchers to report software vulnerabilities in exchange for rewards. According to Security+ SY0-701, two major benefits are:

(1) Reduction in the number of zero-day vulnerabilities (B) – Ethical hackers can discover unknown vulnerabilities before malicious attackers do. These vulnerabilities are often zero-days because they are unknown to vendors at the time of discovery. Bug bounty programs surface these issues early, helping organizations mitigate severe risks proactively.

(2) Quicker discovery of vulnerabilities (E) – A distributed network of global security researchers can identify vulnerabilities far faster than an internal team alone. This accelerates detection, increases coverage, and lowers attacker dwell time.

Option A (Transference of risk) is incorrect because bug bounties do not transfer risk—they help identify vulnerabilities. C (Security awareness) relates to internal training, not bug bounties. D (Reduced cost) is misleading; bug bounties can be expensive depending on payout structure. F (Patch management) does not directly improve through bug bounty programs.

Therefore, the correct benefits are B and E.

To mitigate the risk of confidential documents being left unattended in Multi-Function Printers (MFPs), implementing an authentication factor that requires in-person action before printing (such as PIN codes or badge scanning) is the most effective measure. This ensures that documents are only printed when the authorized user is present to collect them, reducing the risk of sensitive information being exposed.

References = CompTIA Security+ SY0-701 study materials, particularly in the domain of physical security and access control​​.

Quantitative risk analysis involves assigning numeric values to risk components, such as potential financial losses. Estimating the replacement cost of a physical server is part of calculating the potential impact and exposure during this process.

Disaster recovery tests (B) validate recovery procedures, physical security controls review (C) assesses physical protections, and threat modeling (D) identifies potential threats and attack vectors.

Quantitative analysis is a key part of risk management addressed in the SY0-701 Risk Management domain【6:Chapter 17†CompTIA Security+ Study Guide】

Updating wire transfer processes to include verification steps (such as requiring dual approval or verifying account changes via a secondary communication method) canprevent fraudulenttransactions. Attackers often use business email compromise (BEC) or pretexting to trick employees into transferring funds to fraudulent accounts.

Standardizing security incident reportingis useful for tracking security events but does not prevent fraud in real time.

Executing regular phishing campaignsimproves awareness but does not enforce a verification process for financial transactions.

Implementing insider threat detectionfocuses on internal risks but does not specifically prevent external fraud.

Amore secure wire transfer processwith additional verification steps is the most effective measure against fraudulent transactions.