SY0-701 Questions Bank

Endpoint management software is a tool that allows security engineers to monitor and control the configuration, security, and performance of workstations and servers from a central console. Endpoint management software can help detect and prevent unauthorized changes and software installations, enforce policies and compliance, and provide reports and alerts on the status of the endpoints. The other options are not as effective or comprehensive as endpoint management software for this purpose. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 137 1

The DNS logging tool deployed by the network administrator is designed to monitor and log suspicious websites that users visit and generate daily reports. This functionality is best categorized as a detective control, which focuses on identifying and recording suspicious or unauthorized activities to facilitate further analysis and response.

It does not actively stop activities (as a preventive control would).

It identifies suspicious behavior after it has occurred.

It helps in detecting patterns or potential security issues for future mitigation.

A. Preventive: Preventive controls are designed to stop or mitigate risks before they occur, such as firewalls or access control mechanisms. This DNS tool does not actively block access to suspicious websites.

B. Deterrent: Deterrent controls discourage malicious behavior by influencing potential attackers (e.g., warning banners or security cameras). While the tool might have an indirect deterrent effect, its primary purpose is to detect and log activity.

C. Corrective: Corrective controls address and mitigate the effects of a security incident after it has occurred. The DNS logging tool does not remediate or correct issues; it only identifies them.

Characteristics of a Detective Control:Why not the other options?Conclusion:The DNS logging tool serves as a detective control by identifying and reporting on suspicious activity, aiding in monitoring and potential investigation.

The Common Vulnerability Scoring System (CVSS) is a standardized framework for assessing the severity of security vulnerabilities. It helps organizations prioritize vulnerability patching by providing a numerical score that reflects the potential impact and exploitability of a vulnerability. CVSS scores are used to gauge the urgency of patching vulnerabilities within a company’s IT environment.

References =

CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight​.

CompTIA Security+ SY0-601 Study Guide: Chapter on Vulnerability Management​.

A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work (SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not typically include the details of service levels and performance metrics that an SLA does. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17