Free Access to CompTIA.SY0-701.v2025-08-18.q266 with Valid Practice Test (Page 49)

Question 236

A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A.Creating a unified password complexity standard
B.Integrating each SaaS solution with the Identity provider
C.Securing access to each SaaS by using a single wildcard certificate
D.Configuring geofencing on each SaaS solution

Question 237

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

A.802.1X
B.SAML
C.RADIUS
D.CHAP

Question 238

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.Provisioning resources
B.Disabling access
C.Reviewing change approvals
D.Escalating permission requests

Question 239

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

A.MSA
B.SLA
C.BPA
D.SOW

Correct Answer: D

Explanation
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome.
For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership. References = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 8.2:
Compliance and Controls, video: Contracts and Agreements (5:12).

Question 240

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

A.Asymmetric
B.Symmetric
C.Homomorphic
D.Ephemeral

Question 236

Question 237

Question 238

Question 239

Question 240

Download PDF File