CompTIA Updated SY0-701 Exam Questions and Answers by maddox

Application allow listing is the most effective technique to prevent bloatware, unauthorized software, or unnecessary applications from running on devices. Allow lists work by permitting only pre-approved, trusted applications to execute, blocking everything else by default. This is a recommended best practice in Security+ SY0-701 for reducing attack surface, preventing malware, and maintaining lean, hardened system images.

Bloatware often comes pre-installed on devices or is unintentionally installed by users. An allow list ensures only authorized applications required for business functions can run, thereby eliminating bloatware risks.

Disabling ports/protocols (A) hardens network access but does not prevent software installation. Default password changes (C) improve authentication security but are unrelated to software control. Access control permissions (D) restrict who can access what but do not prevent installation of unnecessary apps.

Thus, the correct answer is B: Application allow list.

The best answer is A. Sandboxing environment.

A USB drive associated with a ransomware attack should be treated as highly suspicious. To securely retrieve files without risking infection of production systems, the analyst should use a sandboxing environment. A sandbox provides an isolated environment where files can be opened, examined, and extracted while containing any malicious behavior.

This is the safest option because ransomware may execute automatically or contain hidden malicious payloads.

Why the other options are incorrect:

B. Intrusion prevention systemAn IPS monitors and blocks malicious network traffic. It does not provide a secure environment for opening files from a suspicious USB drive.

C. File integrity management toolFile integrity monitoring detects changes to files, but it is not designed to safely retrieve files from potentially malicious media.

D. Static code analysis toolStatic code analysis is used to inspect source code for vulnerabilities. It is not intended for safely interacting with suspicious files on removable media.

From the SY0-701 perspective, suspicious files and removable media should be handled in an isolated sandbox to reduce the risk of malware execution. Therefore, A is the correct answer.

Detailed Explanation:

Time-of-day restrictions limit access to corporate systems based on predefined schedules. This ensures employees can only access resources during their assigned work hours. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: " Access Control Models " ​​.