Vce SY0-701 Questions Latest

Alerts generated by SIEM (Security Information and Event Management) tools are detective controls, as they identify and notify about suspicious activities but do not prevent or correct the events themselves.

Preventive controls stop incidents before they occur, corrective controls remediate issues, and compensating controls are alternatives used when primary controls aren’t feasible.

Detective controls are foundational in Security Operations for incident detection and response【6:Chapter 14†CompTIA Security+ Study Guide】.

Aconflict of interest (B)arises when personal relationships or interests could potentially influence professional decisions. In this case, the CFO ' s friendship with the vendor could improperly affect the procurement decision-making process.

This scenario falls underDomain 5.3: Explain the importance of frameworks, policies, procedures, and controls—specifically under“Personnel policies (e.g., conflict of interest, mandatory vacations, job rotation).”

A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) - Wikipedia2

The best answer is A. Peer review requirements.

The question asks about information security policies related to the software development methodology. At the policy and governance level, a CISO is most likely to document broad secure development requirements that apply across the organization. Peer review requirements fit this well because they establish a formal development control to help ensure code quality, reduce security flaws, and support secure software development practices.

Peer review is a common secure development requirement because it helps detect:

coding errors

insecure logic

poor implementation of security controls

accidental exposure of sensitive functionality

Why the other options are less appropriate:

B. Multifactor authenticationMFA is a security control, but it is not specifically tied to documenting the software development methodology itself.

C. Branch protection testsBranch protection is more of a technical repository or version control configuration detail than a high-level policy requirement.

D. Secrets management configurationsSecrets management is important, but configurations are typically procedural or technical implementation details rather than the most likely policy language a CISO would include in methodology documentation.

From a Security+ perspective, governance documents usually define secure coding expectations, review processes, and oversight requirements, making peer review requirements the best answer.