CompTIA Updated SY0-701 Exam Questions and Answers by harlen

AnSLA (D)or Service Level Agreement is a formal contract that definesperformance standards, includingresponse times, escalation procedures, uptime guarantees, and other service-related metrics.

This is referenced inDomain 5.2: Explain the importance of managing third-party riskunder“Agreements (e.g., SLA, NDA, MOU/MOA, BPA).”

A self-signed certificate is a certificate that is signed by its own private key rather than by a trusted certificate authority (CA). This means that the authenticity of the certificate relies solely on the issuer ' s own authority. If a spoofed identity was detected, it could indicate that a private key associated with a self-signed certificate was compromised. Self-signed certificates are often used internally within organizations, but they carry higher risks since they are not validated by a third-party CA, making them more susceptible to spoofing.

References = CompTIA Security+ SY0-701 study materials, particularly the domains discussing Public Key Infrastructure (PKI) and certificate management​​.

The best answer is C. Traffic will bypass inspection during a failure.

A firewall configured to fail open will allow traffic to continue flowing if the device crashes or fails. This preserves availability, but it creates a security risk because traffic may pass through without being inspected or filtered.

That means malicious traffic, unauthorized connections, or prohibited traffic could traverse the network during the outage.

Why the other options are incorrect:

A. There may be increased latency during failover.This is not the main security risk associated with fail-open mode.

B. Authentication tokens may be invalidated during an outage.This is unrelated to firewall fail-open behavior.

D. All encrypted traffic will be blocked during an outage.Fail-open does the opposite of blocking traffic; it allows traffic to pass through.

From a SY0-701 perspective, fail-open prioritizes availability, but the tradeoff is that security inspection may be bypassed, making C the correct answer.