CompTIA Updated SY0-701 Exam Questions and Answers by delilah-rose

Data sovereignty concerns the laws and governance that apply to data at rest outside of a country’s borders. It refers to the legal implications and regulatory controls over where data is stored geographically.

An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization ' s operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees.

Physical controls refer to security measures like locks, fences, or security guards.

Technical controls involve security mechanisms such as firewalls or encryption.

Operational controls are procedures for maintaining security, such as backup and recovery plans​​.

The best answer is A. An exploit will give an attacker access to system functions that span multiple applications .

Operating system vulnerabilities are especially concerning because the OS sits underneath and supports many applications and services. If an attacker exploits an OS-level flaw, the impact can extend across the entire system and affect multiple applications, services, and security controls.

This makes OS-based vulnerabilities particularly serious because compromise at the operating system level can provide broad control over:

system processes

memory and storage access

user accounts and privileges

network services

multiple installed applications

Why the other options are incorrect:

B. The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats. This is not a universal or defining concern with OS-based vulnerabilities.

C. Most users trust the core operating system features and may not notice if the system has been compromised. This may be true in some situations, but it is not the best explanation of the inherent risk of OS vulnerabilities.

D. Exploitation of an operating system vulnerability is typically easier than any other vulnerability. This is too absolute and not generally true.

From a Security+ standpoint, OS vulnerabilities are especially dangerous because they can affect the foundational functions of the system and potentially impact many applications at once, making A the best answer.

Zero Trust architecture is based on the principle of " never trust, always verify, " meaning all traffic between systems must be authenticated and authorized before communication is allowed, regardless of network location.

Policy enforcement (A) is important but broader. Authentication (B) is a component of Zero Trust, and confidentiality (D) refers to data protection, not access validation.

Zero Trust is a modern security framework emphasized in Security Architecture for securing enterprise environments【6:Chapter 3†CompTIA Security+ Study Guide】.