CompTIA Security+ Certification SY0-701 Exam Practice Test

Answer : B

Answer : B

A legal hold (also known as a litigation hold) is a notification sent from an organization's legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case. A legal hold is intended to preserve evidence and prevent spoliation, which is the intentional or negligent destruction of evidence that could harm a party's case.A legal hold can be triggered by various events, such as a lawsuit, a regulatory investigation, or a subpoena12

In this scenario, the company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit filed by the customers after the company was compromised. This means that the security team will most likely be required to retain any communications related to the security breach until further notice. This could include emails, instant messages, reports, logs, memos, or any other documents that could be relevant to the lawsuit. The security team should also inform the relevant custodians (the employees who have access to or control over the ESI) of their preservation obligations and monitor their compliance.The security team should also document the legal hold process and its scope, as well as take steps to protect the ESI from alteration, deletion, or loss34

1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Risk Management, page 3032: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management, page 3053: Legal Hold (Litigation Hold) - The Basics of E-Discovery - Exterro54: The Legal Implications and Consequences of a Data Breach6

Answer : C

Data classification is required before implementing a Data Loss Prevention (DLP) solution because DLP policies depend on identifying and categorizing sensitive data to monitor, block, or encrypt it accordingly.

Data destruction (A) and sanitization (B) remove data, and masking (D) obscures data but classification is foundational for DLP effectiveness.

Data classification is emphasized in Security Program Management and Data Protection topics6:Chapter 16CompTIA Security+ Study Guide.

Answer : A

Answer : D

Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradicationphases of incident response.Reference=CompTIA Security+ SY0-701 Certification Study Guide, page 424-425;Professor Messer's CompTIA SY0-701 Security+ Training Course, video 5.1 - Incident Response, 9:55 - 11:18.

Answer : B

Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into a website, which are then executed in the user's web browser, potentially leading to data theft or session hijacking.Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.

Answer : B

AVirtual Private Network (VPN) (B)encrypts all data transmitted between remote users and the enterprise infrastructure, ensuringconfidentiality. VPNs are essential in protecting sensitive data from interception over untrusted networks.

This is covered underDomain 3.3: Secure network designs, whereVPNsare listed as a key control forensuring confidentiality of remote connections.