A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?
The correct answer is Attack surface because opening multiple common service ports unnecessarily increases the number of potential entry points an attacker can target. In the Security+ SY0-701 exam objectives, the attack surface is defined as the total number of exposed interfaces, services, ports, protocols, and access points that an attacker could attempt to exploit. Each open port corresponds to a listening service, and every exposed service represents an opportunity for reconnaissance, exploitation, or abuse.
In this scenario, the business intends to open ports for FTP, SSH, SMTP, HTTP, and HTTPS without clearly limiting access. While some of these services may be required, opening all of them broadly---especially to a screened subnet---significantly expands the attack surface. If any of these services are misconfigured, unpatched, or vulnerable, attackers could exploit them to gain unauthorized access. The SY0-701 study guide emphasizes minimizing exposed services as a foundational defensive strategy, often referred to as reducing attack surface area.
Option C, least privilege, is related but not the best answer. Least privilege focuses on granting users or systems only the minimum access required, whereas this question specifically concerns exposed network services rather than access rights. Option A, secure access service edge (SASE), is a cloud-based architecture model and is unrelated to basic firewall port exposure decisions. Option D, separation of duties, applies to role and responsibility distribution, not network exposure.
By advising against opening multiple common ports, the consultant is recommending a reduction in exposed services to limit opportunities for attack. This aligns directly with SY0-701 guidance on secure network design, firewall hardening, and minimizing externally accessible services.
In summary, limiting open ports reduces the organization's attack surface, making Attack surface the correct and best answer.
Which of the following is an example of a false negative vulnerability detection in a scan report?
A false negative occurs when a security control or scanning tool fails to detect a vulnerability that actually exists. In vulnerability scanning, this means the scan reports a system as secure even though it is vulnerable. Therefore, a result that shows no known vulnerability is an example of a false negative if a vulnerability is present but undetected.
CompTIA Security+ SY0-701 explains that false negatives are particularly dangerous because they provide a false sense of security, potentially leaving systems exposed to exploitation. Causes of false negatives include outdated vulnerability signatures, misconfigured scanners, credentialed scan failures, or unsupported legacy systems.
Option A describes a false positive, where a vulnerability is reported but does not exist. Option B may indicate an outdated scan result, not necessarily a false negative. Option D is incorrect because zero-day vulnerabilities do not have known remediations and are typically not detected by signature-based scanners.
Thus, the correct example of a false negative is C: A result that shows no known vulnerability.
A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?
A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143
Donald Jackson
15 days agoKenneth Thompson
29 days agoJames Howard
1 month agoThomas Rivera
2 months agoRichard Rivera
2 months agoDennis Miller
2 months agoCharles Wright
1 month agoJennifer Baker
1 month agoMarguerita
3 months agoJanessa
3 months agoLeota
3 months agoDianne
3 months agoDorinda
4 months agoEllsworth
4 months agoParis
4 months agoTeddy
5 months agoMalcolm
5 months agoJosephine
5 months agoDaniel
5 months agoHoa
6 months agoYolando
6 months agoCherry
6 months agoAnnmarie
6 months agoLindsey
7 months agoShawnna
7 months agoDesmond
7 months agoBlair
7 months agoMargurite
8 months agoBettina
8 months agoIndia
8 months agoVirgina
8 months agoLatanya
9 months agoWillard
9 months agoLoreta
9 months agoBrent
9 months agoZoila
10 months agoKatina
10 months agoKate
10 months agoRosendo
12 months agoLavonna
12 months agoJerry
1 year agoBarbra
1 year agoGearldine
1 year agoadam zampa
1 year agoyetodol
1 year agodejevi
1 year agojamini
1 year agoDerrick
1 year agojames
1 year agocameron
1 year agokeven
1 year agoGregg
1 year agoaliena
1 year agoSon
1 year agoMargery
1 year agoVanna
1 year agoTu
1 year agoValentin
1 year agoNaulen
1 year agoPrecious
1 year agoYolande
1 year agoSue
1 year agoMarjory
1 year agoNoel
1 year agoFiliberto
1 year agoAlesia
1 year agoHassie
2 years agoTresa
2 years agoLilli
2 years agoCherelle
2 years agoKaran
2 years agoCelestina
2 years agoAlton
2 years agoTamie
2 years agoCraig
2 years agoDorthy
2 years agoVenita
2 years agoKaran
2 years agoJesusita
2 years agoNathalie
2 years agoLelia
2 years agoBettina
2 years agoElfriede
2 years agoFernanda
2 years agoAshlyn
2 years agoMarget
2 years agoLaurel
2 years agoLera
2 years agoLorenza
2 years agoParis
2 years agoPura
2 years agoAriel
2 years agoJoye
2 years agoKeech
2 years agoMark james
2 years agoBrook
2 years agoHelina
2 years agoMark james
2 years agoChauncey
2 years agojohnes
2 years ago