CompTIA Updated SY0-701 Exam Questions and Answers by luna-rose

TheCommon Vulnerability Scoring System (CVSS)is astandardized framework for assessing the severity of vulnerabilities. It provides a numerical score (0-10) based on factors such asexploitability, impact, and complexity, helping security analystsprioritize remediation efforts based on risk.

Business impact analysis (A)helps identifycritical business functionsbut does not specificallyprioritize vulnerabilities.

Risk register (C)tracks identified risks but does not classify vulnerabilities.

Exposure factor (D)is used inquantitative risk assessmentbut is not an industry standard for vulnerability prioritization.

Static analysis is the process of examining a file without executing it to identify known malicious signatures, suspicious patterns, strings, embedded resources, or code fragments. When a security engineer needs to quickly extract a signature from a known malicious file, static analysis is the most efficient approach. This method allows analysts to inspect binary code, metadata, file headers, and hashes such as MD5/SHA-256.

According to Security+ SY0-701, static analysis is ideal for identifying:

Malware signatures

Embedded malicious payloads

Hash values for detection

Known indicators of compromise (IOCs)

Sandboxing (B) is used to observe behavior by executing the malware, which takes longer and is unnecessary when the malware is already known. Network traffic analysis (C) is used to observe communications, not generate file signatures. Package monitoring (D) refers to monitoring OS-level changes and system calls, which is a dynamic method.

Static analysis aligns with the requirement for quick identification, making option A the correct choice.

A Host-based Intrusion Prevention System (HIPS) acts as a preventive control by actively blocking threats and a detective control by monitoring and alerting to suspicious activities on endpoints.

802.1X is a network access control protocol that provides an authentication mechanism to devices trying to connect to a LAN or WLAN. It supports the use of certificates for authentication, can quarantine unapproved devices, and ensures that only approved and updated devices can access network resources. This protocol best meets the requirements of securing both wired and wireless networks with internal certificates.

References = CompTIA Security+ SY0-701 study materials, particularly in the domain of network security and authentication protocols​​.