CompTIA Security+ Changed SY0-701 Questions

The organization should implement a retention policy to ensure that financial data records are kept for three years and customer data for five years. A retention policy specifies how long different types of data should be maintained and when they should be deleted.

Retention: Ensures that data is kept for a specific period to comply with legal, regulatory, or business requirements.

Destruction: Involves securely deleting data that is no longer needed, which is part of the retention lifecycle but not the primary focus here.

Inventory: Involves keeping track of data assets, not specifically about how long to retain data.

Certification: Ensures that processes and systems meet certain standards, not directly related to data retention periods.

To block signature-based attacks, the Intrusion Prevention System (IPS) must be in active mode. In this mode, the IPS can actively monitor and block malicious traffic in real time based on predefined signatures. This is the best mode to prevent known attack types from reaching the internal network.

Monitor mode and sensor mode are typically passive, meaning they only observe and log traffic without actively blocking it.

Audit mode is used for review purposes and does not actively block traffic​​​.

An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage. However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-gapped network or exfiltrate data from it. Therefore, removable devices are the most common data loss path for an air-gapped network. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 9: Network Security, page 449 1

Patch availability most impacts an administrator's ability to address Common Vulnerabilities and Exposures (CVEs) discovered on a server. If a patch is not available for a discovered vulnerability, the administrator cannot remediate the issue directly through patching, which leaves the system exposed until a patch is released.

Patch availability: Directly determines whether a discovered vulnerability can be fixed promptly. Without available patches, administrators must look for other mitigation strategies.

Rescanning requirements: Important for verifying the effectiveness of patches but secondary to the availability of the patches themselves.

Organizational impact: Considers the potential consequences of vulnerabilities but does not directly impact the ability to apply patches.

Risk tolerance: Influences how the organization prioritizes addressing vulnerabilities but does not affect the actual availability of patches.