CompTIA Updated SY0-701 Exam Questions and Answers by suleiman

Security of architecture is the process of designing and implementing a secure infrastructure that meets the business objectives and requirements. Security of architecture should be considered first when migrating to an off-premises solution, such as cloud computing, because it can help to identify and mitigate the potential risks and challenges associated with the migration, such as data security, compliance, availability, scalability, and performance. Security of architecture is different from security of cloud providers, which is the process of evaluating and selecting a trustworthy and reliable cloud service provider that can meet the security and operational needs of the business. Security of architecture is also different from cost of implementation, which is the amount of money required to migrate and maintain the infrastructure in the cloud. Security of architecture is also different from ability of engineers, which is the level of skill and knowledge of the IT staff who are responsible for the migration and management of the cloud infrastructure. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 3491

Code signing (D)usescryptographic digital signaturesto confirm theintegrity and authenticityof software code. It ensures that the code hasnot been alteredafter being signed, providing assurance that the application is trustworthy.

This aligns withCompTIA Security+ SY0-701 Domain 2.3: Application security techniques, which includescode signingas a method to validatecode integrity.

SPF (Sender Policy Framework) DNS records specify which mail servers are authorized to send email on behalf of a domain. When new email servers are added but SPF records are not updated, recipient mail systems cannot verify the legitimacy of the new servers. As a result, those messages are flagged as spam or rejected altogether.

CompTIA Security+ SY0-701 highlights SPF as an essential email authentication mechanism used to reduce spoofing, phishing, and spam classification errors. Updating the SPF record to include the new servers ensures email reputation is maintained and messages are delivered properly.

CNAME (A) maps hostnames but does not affect outbound email legitimacy. SMTP (B) is the mail protocol, not the authentication method. DLP (C) governs sensitive data handling, not spam classification.

Thus, SPF is the correct answer.

Changing the default password for the local administrator account on a VPN appliance is a basic security measure that would have most likely prevented the unexpected login to the remote management interface. Default passwords are often easy to guess or publicly available, and attackers can use them to gain unauthorized access to devices and systems. Changing the default password to a strong and unique one reduces the risk of brute-force attacks and credential theft. Using least privilege, assigning individual user IDs, and reviewing logs more frequently are also good security practices, but they are not as effective as changing the default password in preventing the unexpected login. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 116; Local Admin Accounts - Security Risks and Best Practices (Part 1)