SA1-Exam Scope Revision HSYD202-1 PDF
Document Details
Uploaded by ReliableSugilite5643
2024
BOSTON
Tags
Related
- Certified Cybersecurity Technician Information Security Attacks Exam 212-82 PDF
- Network Security Fundamentals Exam 212-82 PDF
- Certified Cybersecurity Technician Data Security PDF Exam 212-82
- Certified Cybersecurity Technician Exam 212-82 PDF
- WGU D430 Fundamentals of Information Security Exam - 2024/2025 Past Paper PDF
- CompTIA Security+ Exam Mastery Guide PDF
Summary
This document is a past paper from Boston University, covering examples of multiple choice questions relating to cybersecurity concepts from the CompTIA Security+ Student Guide SY0-701. These multiple-choice questions cover topics like authentication, encryption, and other essential concepts in information security.
Full Transcript
July - December 2024 Summative Assessment Examination Revision Module: Systems Development 2B (HSYD202-1) Instructions: In preparation for the upcoming Summative Assessment 1 (SA1), please see below 50 examples Multiple Choice Questions with solutions: Question 1...
July - December 2024 Summative Assessment Examination Revision Module: Systems Development 2B (HSYD202-1) Instructions: In preparation for the upcoming Summative Assessment 1 (SA1), please see below 50 examples Multiple Choice Questions with solutions: Question 1 (1 Mark) Sarah is a security professional tasked with implementing a new access control system for her company's sensitive data. She must ensure that only authorised employees can access this data. What security control must Sarah implement to ensure that only authorised employees can access the sensitive data? A. Authentication B. Encryption C. Firewalls D. Intrusion Detection Systems (IDS) CompTIA Security+ Student Guide SY0-701, Lesson 1 - Page 5 Learning Outcome: Summarize information security concepts. Question 2 (1 Mark) John is the Chief Information Security Officer (CISO) of a large financial institution. The company has recently adopted a cybersecurity framework to improve its security posture and ensure regulatory compliance. John needs to conduct a gap analysis to identify areas where the company's security systems deviate from the framework's requirements. What is the purpose of conducting a gap analysis in this scenario? A. To evaluate the effectiveness of the company's existing security controls 1 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 B. To identify areas where the company's security systems deviate from the requirements or recommendations of the adopted cybersecurity framework C. To assess the financial performance of the company's security program D. To determine the level of employee satisfaction with the current security measures CompTIA Security+ Student Guide SY0-701, Lesson 1 - Page 4 Learning Outcome: Summarize information security concepts. Question 3 (1 Mark) Emily, the compliance officer of a retail company, is tasked with prioritising investments to achieve the target cybersecurity capabilities identified through the gap analysis. What does prioritising investments based on the gap analysis findings allow the organisation to achieve? A. Enhanced customer service B. Improved employee morale C. Regulatory compliance and improved cybersecurity capabilities D. Increased market share CompTIA Security+ Student Guide SY0-701, Lesson 1 - Page 4 Learning Outcome: Summarize information security concepts. 2 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 4 (1 Mark) An employee unknowingly clicks on a phishing email link, leading to a data breach. What cybersecurity term best describes this employee's action? A. Threat actor B. Vulnerability C. Threat D. Risk CompTIA Security+ Student Guide SY0-701, Lesson 2 - Page 16 Learning outcome: Compare and contrast attributes and motivations of threat actor types. Question 5 (1 Mark) A company identifies a critical vulnerability in its payment processing system that could lead to financial loss if exploited. What concept is crucial in assessing the potential impact of this vulnerability? A. Threat vector B. Risk C. Vulnerability D. Threat CompTIA Security+ Student Guide SY0-701, Lesson 2 - Page 16 Learning outcome: Compare and contrast attributes and motivations of threat actor types. 3 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 6 (1 Mark) A threat actor demands payment from a company to prevent releasing sensitive customer data. What is the primary motivation driving this action? A. Blackmail B. Extortion C. Fraud D. Political motivation CompTIA Security+ Student Guide SY0-701, Lesson 2 - Page 18 Learning outcome: Compare and contrast attributes and motivations of threat actor types. Question 7 (1 Mark) Alice wants to securely send a confidential message to Bob over an insecure channel. She decides to encrypt the message before sending it. Which cryptographic concept does Alice utilise when she encrypts the message? A. Plaintext B. Ciphertext C. Algorithm D. Cryptanalysis CompTIA Security+ Student Guide SY0-701, Lesson 3 - Page 38 Learning outcome: Compare and contrast cryptographic algorithms. Question 8 (1 Mark) Which type of cipher involves replacing characters or blocks in the plaintext with different ciphertext? A. Substitution cipher B. Transposition cipher C. Hybrid cipher D. One-time pad cipher CompTIA Security+ Student Guide SY0-701, Lesson 3 - Page 39 4 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Learning outcome: Compare and contrast cryptographic algorithms. Question 9 (1 Mark) Alice and Bob meet in person to agree on a cipher and a secret key value for encrypting their confidential document. Why is meeting in person important for Alice and Bob? A. To ensure authentication B. To prevent brute force attacks C. To agree on a secret key without interception D. To establish data integrity CompTIA Security+ Student Guide SY0-701, Lesson 3 - Page 40 Learning outcome: Compare and contrast cryptographic algorithms. Question 10 (1 Mark) As part of their evaluation, the security team is considering the usability aspect of authentication methods. Which authentication design principle focuses on ensuring that authentication does not impede workflows and is user-friendly? A. Confidentiality B. Integrity C. Availability D. Redundancy CompTIA Security+ Student Guide SY0-701, Lesson 4 - Page 70 Learning Outcome: Implement password-based and multifactor authentication Question 11 (1 mark) Your company is considering implementing biometric authentication for access control to its secure facilities. What is the first step in setting up biometric authentication? A. Comparing the biometric scan to a template B. Acquiring the biometric sample from the target C. Creating a mathematical representation of the sample D. Determining the False Rejection Rate (FRR) 5 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 CompTIA Security+ Student Guide SY0-701, Lesson 4 - Page 74 - 75 Learning outcome: Implement password-based and multifactor authentication Question 12 (1 Mark) The security team is discussing the advantages and disadvantages of fingerprint recognition. Which advantage of fingerprint recognition is mentioned in the scenario? A. It is resistant to spoofing attempts B. It is non-intrusive and relatively simple to use C. It is less expensive than other biometric technologies D. It can detect multiple indicators about the size and shape of the face CompTIA Security+ Student Guide SY0-701, Lesson 4 - Page 74 - 75 Learning outcome: Implement password-based and multifactor authentication Question 13 (1 Mark) Why is controlling data flow between network segments important in secure architecture design? A. To introduce vulnerabilities B. To enhance system performance C. To prevent unauthorised access and data breaches D. To increase network dependencies CompTIA Security+ Student Guide SY0-701, Lesson 5 - Page 101 Learning Outcome: Compare and contrast security implications of different on- premises network architecture models 6 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 14 (1 Mark) Cheerleaders Pvt, Ltd. has implemented VLANs in its network infrastructure to segment workstation computers and VoIP handsets. Each VLAN corresponds to a separate subnet. What is the purpose of VLAN segmentation in this scenario? A. To prevent communication between different floors of the office B. To improve network performance by reducing broadcast domains C. To limit access to the internet for specific devices D. To facilitate communication between workstation computers and VoIP handsets CompTIA Security+ Student Guide SY0-701, Lesson 5 - Page 105 - 106 Learning Outcome: Compare and contrast security implications of different on-premises network architecture models. Question 15 (1 Mark) In Cheerleaders Pvt, Ltd's network, a VoIP handset with IP address 10.1.40.100 needs to communicate with a workstation computer with IP address 10.1.32.100. However, due to VLAN configuration, direct communication between these devices is not possible. What networking device would the VoIP handset need to use to contact the workstation computer? A. Firewall B. Switch C. Router D. Access Point CompTIA Security+ Student Guide SY0-701, Lesson 5 - Page 105 - 106 Learning Outcome: Compare and contrast security implications of different on-premises network architecture models. 7 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 16 (1 Mark) Discuss the security implications of single-tenant and multi-tenant architectures in cloud environments, highlighting their advantages and disadvantages. A. Single-tenant architectures provide better performance and control but are more expensive, while multi-tenant architectures are cost-effective but may pose risks of unauthorised access. B. Single-tenant architectures are cost-effective and scalable but may increase the risk of data leakage, while multi-tenant architectures offer better control over infrastructure. C. Single-tenant architectures offer the highest level of security and control but are less scalable, while multi-tenant architectures are scalable but may raise concerns about data isolation. D. Single-tenant architectures are highly flexible and suitable for small businesses, while multi-tenant architectures offer better performance for large enterprises. CompTIA Security+ Student Guide SY0-701, Lesson 6 - Page 142 - 145 Learning outcome: Ensure secure communications for remote access and tunnelling. Question 17 (1 Mark) 2nd Wave Pvt, Ltd. plans to implement a hybrid cloud environment to leverage public and private cloud infrastructures. However, they are concerned about security challenges associated with managing multiple cloud environments. Which security concern is most relevant to 2nd Wave Pvt, Ltd’s hybrid cloud implementation? A. Data redundancy B. Integration issues C. Network latency D. Service-level agreements (SLAs) CompTIA Security+ Student Guide SY0-701, Lesson 6 - Page 142 - 145 Learning outcome: Ensure secure communications for remote access and tunnelling. 8 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 18 (1 Mark) A startup company specialising in e-commerce is exploring options to enhance the performance and reliability of its online platform. They want to distribute their content across multiple servers to improve performance, scalability, and reliability. Which technology would best meet their requirements? A. Blockchain B. Peer-to-peer (P2P) networks C. Content delivery networks (CDNs) D. Distributed databases CompTIA Security+ Student Guide SY0-701, Lesson 6 - Page 147 - 148 Learning outcome: Apply cloud security solutions. Question 19 (1 Mark) A large organisation is updating its asset management process to enhance accountability and security. Which of the following processes involves designating specific individuals or teams as responsible for particular assets within the organisation? A. Asset enumeration B. Asset monitoring C. Asset ownership assignment D. Asset acquisition/procurement CompTIA Security+ Student Guide SY0-701, Lesson 7 - Page 172 - 173 Learning outcome: Understand asset management practices. 9 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 20 (1 Mark) An organisation is concerned about ransomware attacks compromising their backup infrastructure. Which strategy can help defend against this risk? A. Increasing the frequency of on-site backups B. Implementing air-gapped backups physically disconnected from the network C. Storing backup data only on local hard drives D. Relying solely on off-site backups for recovery CompTIA Security+ Student Guide SY0-701, Lesson 7 - Page 175 – 176 Learning outcome: Explore high availability and resilience strategies. Question 21 (1 Mark) An organisation wants to ensure data availability and integrity across multiple locations and systems. Which data protection method involves creating and maintaining exact copies of data on different storage systems or locations? A. Replication B. Journaling C. Snapshots D. Encryption CompTIA Security+ Student Guide SY0-701, Lesson 7 - Page 177 - 178 Learning outcome: Explore high availability and resilience strategies. Question 22 (1 Mark) What is the main characteristic of an end-of-life (EOL) system? A. It receives regular updates and support from the vendor B. It is outdated and no longer supported by the manufacturer or vendor C. It is compatible with newer architectures and technologies D. It is immune to newly discovered threats and vulnerabilities CompTIA Security+ Student Guide SY0-701, Lesson 8 - Page 212 Learning outcome: Explain security concerns associated with general and application- specific vulnerabilities. 10 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 23 (1 Mark) What is a common characteristic of legacy systems? A. The vendor frequently updates them. B. They are compatible with newer architectures and methods. C. They are no longer in use due to their shortcomings. D. They often remain in use despite being outdated. CompTIA Security+ Student Guide SY0-701, Lesson 8 - Page 212 Learning outcome: Explain security concerns associated with general and application- specific vulnerabilities. Question 24 (1 Mark) Sarah, an employee at a financial institution, wants to install a productivity app on her company-issued Android device. She decides to sideload the app onto her device from a third-party website instead of downloading it from the official Google Play Store. What risk does Sarah expose herself and her organisation to by the app? A. Decreased productivity due to the use of unauthorised apps B. Increased risk of data breaches and compliance violations. C. Enhanced security measures provided by the third-party website D. Improved performance of the productivity app CompTIA Security+ Student Guide SY0-701, Lesson 8 - Page 217 Learning outcome: Explain security concerns associated with general and application- specific vulnerabilities. Question 25 (1 Mark) A server administrator is tasked with securing the organisation's servers from potential cyber threats. Which action should the administrator prioritise to improve server security? A. Enabling all available services to ensure functionality B. Applying software security patches and updates regularly C. Disabling firewall and intrusion detection systems D. Using default credentials provided by the server manufacturer 11 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 CompTIA Security+ Student Guide SY0-701, Lesson 9 – page 253 Learning outcome: Explore device-hardening concepts Question 26 (1 Mark) A small business wants to enhance the security of its Wi-Fi network by implementing WPA3. Which feature of WPA3 would provide improved security for their network, especially in open environments? A. Enhanced Open B. Simultaneous Authentication of Equals (SAE) C. Updated Cryptographic Protocols D. Wi-Fi Easy Connect CompTIA Security+ Student Guide SY0-701, Lesson 9 – page 258 Learning outcome: Explore device-hardening concepts Question 27 (1 Mark) A company is deploying a new Wi-Fi network and wants to ensure compatibility with both WPA2 and WPA3 devices during the transition period. Which configuration mode should the company choose for their access points? A. WPA3 only B. WPA3-Personal Transition mode C. WPA2-Personal D. WPA3-Enterprise CompTIA Security+ Student Guide SY0-701, Lesson 9 – page 258 Learning outcome: Explore device-hardening concepts 12 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 28 (1 Mark) 2nd Wave Corp is planning to implement baseline configurations to enhance the security of its devices. They aim to establish a standard set of guidelines for configuring devices securely. Given the scenario, why is 2nd Wave Corp interested in implementing baseline configurations? A. To provide flexibility in device configurations for users B. To automatically apply security updates to devices C. To establish a standard set of guidelines for configuring devices securely D. To restrict network access for all device CompTIA Security+ Student Guide SY0-701, Lesson 10 – page 274 Learning outcome: Explore the importance of endpoint hardening. Question 29 (1 Mark) Manhize Corp understands the importance of regularly updating baseline configurations to maintain the security of its devices and mitigate emerging threats. Considering the scenario, why is it crucial for Manhize Corp to regularly update baseline configurations? A. To increase the attack surface of devices B. To minimise the impact of security threats and vulnerabilities C. To reduce the usability and functionality of devices D. To prevent users from accessing network resources CompTIA Security+ Student Guide SY0-701, Lesson 10 – page 275 Learning outcome: Explore the importance of endpoint hardening. 13 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 30 (1 Mark) Manhize Corp regularly tests patches before deploying them into the production environment to ensure stability and security. Why is testing patches before deployment crucial for Manhize Corp? A. To increase the risk of unintended consequences B. To introduce new vulnerabilities into the environment C. To identify potential issues or conflicts arising from the patch D. To disrupt critical operations intentionally CompTIA Security+ Student Guide SY0-701, Lesson 10 – page 275 Learning outcome: Understand hardening techniques. Question 31 (1 Mark) Tom, a network administrator, is setting up a new web server for his company's website. He needs to ensure that sensitive user information, such as login credentials and form data, is securely transmitted over the network. Which protocol should Tom prioritise to achieve this goal? A. HTTP B. HTTPS C. Telnet D. SSH CompTIA Security+ Student Guide SY0-701, Lesson 11 – page 304 Learning outcome: Review email security protocols. 14 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 32 (1 Mark) Olivia, a security consultant, is advising a company on secure communication protocols. She explains that secure protocols, although more complex, are essential for protecting data confidentiality. What additional consideration should Olivia emphasise regarding secure protocols? A. Secure protocols are less prone to vulnerabilities than insecure ones B. Secure protocols require less maintenance than insecure ones C. Effective management of cryptographic keys is crucial for secure protocol D. Secure protocols are easier to implement than insecure ones CompTIA Security+ Student Guide SY0-701, Lesson 11 – page 304 Learning outcome: Review email security protocols. Question 33 (1 Mark) Manhize Corporation maintains an internal DNS server to facilitate name resolution for its network resources. Recently, security advisories have been issued regarding vulnerabilities in the BIND server software, which is used by the corporation's DNS server. The IT security team at Manhize Corporation is tasked with ensuring the security of the DNS server. Which of the following actions should they take to mitigate potential risks associated with these vulnerabilities? A. Implement strict access controls to restrict zone transfers to authorised hosts and prevent unauthorised DNS footprinting. B. Perform regular patching and updates to the BIND server software, applying the latest security patches released by the Internet Systems Consortium (ISC). C. Configure the DNS server to only accept recursive queries from authenticated local hosts and enforce strong authentication mechanisms for DNS record modifications. D. Enable DNS Security Extensions (DNSSEC) to provide cryptographic authentication for DNS responses and prevent spoofing and cache poisoning attacks. CompTIA Security+ Student Guide SY0-701, Lesson 11 – page 316 Learning outcome: Explore DNS filtering capabilities. 15 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 34 (1 Mark) Why is archiving historical log and network traffic data important for a SIEM? A. To optimise SIEM performance for live analysis B. To reduce the number of false positives in alert generation C. To meet compliance requirements and enable retrospective incident investigation D. To automatically classify events and prioritise alerts CompTIA Security+ Student Guide SY0-701, Lesson 12 – page 361 Learning outcome: Explain Incident Response and Monitoring Concepts Question 35 (1 Mark) How does Extensible Configuration Checklist Description Format (XCCDF) contribute to vulnerability scanning? A. By assessing the effectiveness of security controls and application settings B. By developing and auditing best practice configuration checklists C. By monitoring statistics for policy violations D. By describing the system security state and querying vulnerability reports CompTIA Security+ Student Guide SY0-701, Lesson 12 – page 361 Learning outcome: Explain Incident Response and Monitoring Concepts Question 36 (1 Mark) What is the purpose of Open Vulnerability and Assessment Language (OVAL) in Security Content Automation Protocol (SCAP)? A. To develop and audit best practice configuration checklists B. To describe system security state and query vulnerability reports C. To assess the effectiveness of security controls and application settings D. To monitor statistics for policy violations CompTIA Security+ Student Guide SY0-701, Lesson 12 – page 365 Learning outcome: Explain Incident Response and Monitoring Concepts 16 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 37 (1 Mark) Consider a situation where a user downloads a free software application from the internet. Unbeknownst to the user, the software contains hidden malicious code that executes unauthorised actions on the user's system. Which type of malware classification does this scenario best describe? A. Virus B. Worm C. Trojan D. PUP/PUA CompTIA Security+ Student Guide SY0-701, Lesson 13 – page 373 Learning outcome: Analyze indicators of malicious activity in malware, physical, network, and application attacks. Question 38 (1 Mark) A user notices that their web browser is behaving unusually. They frequently encounter pop-up advertisements, their default search engine has been changed without their consent, and new bookmarks have appeared. Which type of malware is likely responsible for these actions? A. Tracking cookies B. Supercookies C. Adware D. Spyware CompTIA Security+ Student Guide SY0-701, Lesson 13 – page 375 Learning outcome: Analyze indicators of malicious activity in malware, physical, network, and application attacks. 17 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 39 (1 Mark) An individual installs a seemingly harmless software application from an untrusted source. Unbeknownst to them, the application secretly monitors their online activities, capturing sensitive information such as usernames, passwords, and credit card details. What type of malware is the application most likely classified as? A. Adware B. Spyware C. Tracking cookies D. Supercookies CompTIA Security+ Student Guide SY0-701, Lesson 13 – page 375 Learning outcome: Analyze indicators of malicious activity in malware, physical, network, and application attacks. Question 40 (1 Mark) A company's employees frequently use their work computers to browse the internet and download various software applications. However, the IT department has noticed increased malware infections and system slowdowns due to unauthorised software downloads. Which policy would be most effective in addressing this issue? A. Disaster Recovery B. Incident Response C. Acceptable Use Policy (AUP) D. Business Continuity & Continuity of Operations Plans (COOP) CompTIA Security+ Student Guide SY0-701, Lesson 14 – page 411 Learning outcome: Identify the differences among policies, procedures, standards, and guidelines. 18 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 41 (1 Mark) A large corporation has experienced a data breach, resulting in the compromise of sensitive customer information. In the aftermath, the management team needs to implement measures to prevent similar incidents and ensure compliance with regulatory requirements. Which policy would be most relevant in this situation? A. Disaster Recovery B. Incident Response C. Information Security Policies D. Change Management CompTIA Security+ Student Guide SY0-701, Lesson 14 – page 411 Learning outcome: Identify the difference among policies, procedures, standards, and guidelines. Question 42 (1 Mark) An organisation's help desk receives a high volume of support requests from employees via email. Management wants to establish guidelines to ensure consistent and efficient responses from the help desk staff. What would be an example of a guideline in this situation? A. Recommending specific language and tone for email responses B. Mandating response times for all support requests C. Defining strict rules for handling sensitive information D. Implementing a structured plan for software development CompTIA Security+ Student Guide SY0-701, Lesson 14 – page 411 Learning outcome: Identify the differences among policies, procedures, standards, and guidelines. 19 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 43 (1 Mark) A company is considering the implementation of security controls to mitigate potential risks identified during the risk assessment process. Which risk measure would they primarily focus on before implementing any mitigation measures? A. Mitigated risk B. Residual risk D. Inherent risk D. Quantitative risk CompTIA Security+ Student Guide SY0-701, Lesson 15 – page 442 Learning outcome: Understand various risk responses. Question 44 (1 Mark) An organisation acknowledges that it's impossible to completely eliminate risk; instead, the focus is on reducing risk factors to a manageable level. What term describes the overall status of risk management within the organisation? A. Risk eradication B. Risk mitigation C. Risk tolerance D. Risk posture CompTIA Security+ Student Guide SY0-701, Lesson 15 – page 444 Learning outcome: Understand various risk responses. Question 45 (1 Mark) An organisation purchases cybersecurity insurance to protect against fines and liabilities arising from data breaches. Which risk management strategy is being utilised? A. Risk avoidance B. Risk deterrence C. Risk transference D. Risk mitigation CompTIA Security+ Student Guide SY0-701, Lesson 15 – page 445 Learning outcome: Understand various risk responses. 20 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 Question 46 (1 Mark) A company has developed a unique manufacturing process that gives it a competitive edge in the market. What type of information does this represent? A. Legal data B. Financial data C. Trade secret data D. Human-readable data CompTIA Security+ Student Guide SY0-701, Lesson 16 – page 471 Learning outcome: Explain privacy and data sensitivity concepts. Question 47 (1 Mark) An organisation is developing a new military-grade encryption technology. What type of data classification is appropriate for this information? A. Public (unclassifieD. B. Confidential (Secret) C. Critical (top secret) D. Proprietary CompTIA Security+ Student Guide SY0-701, Lesson 16 – page 472 Learning outcome: Explain privacy and data sensitivity concepts. Question 48 (1 Mark) A company operates globally and uses cloud services to store and process data. They need to ensure that data remains within specified legal boundaries. What approach should they take to comply with data sovereignty requirements? A. Utilise any cloud provider without specific location preferences B. Store and process data in data centres located within the defined legal boundaries C. Implement encryption for all data regardless of its location D. Transfer data freely across different jurisdictions without considering legal boundaries 21 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024 CompTIA Security+ Student Guide SY0-701, Lesson 16 – page 473 Learning outcome: Explain privacy and data sensitivity concepts. Question 49 (1 Mark) An organisation fails to implement sufficient cybersecurity measures as stipulated in its contract, leading to a breach of contract. What could be a potential consequence of this breach? A. Termination of the contract B. Loss of revenue due to IP theft C. Fines imposed by regulators D. Breach of data protection laws CompTIA Security+ Student Guide SY0-701, Lesson 16 – page 480 Learning outcome: Explain privacy and data sensitivity concepts. Question 50 (1 Mark) Mark, an IT manager at 2nd Wave Corporation, has extensive privileges and access to the company's computer systems. Recently, some employees have been concerned about potential misuse of privileges. 2nd Wave Corporation has decided to implement a policy that explicitly forbids employees with privileged access from snooping on other employees' activities or disabling security mechanisms. Which policy does this scenario address? A. Acceptable Use Policy (AUP) B. Incident Response Policy C. Data Handling Policy D. Privilege/Credential Management Policy CompTIA Security+ Student Guide SY0-701, Lesson 16 – page 471 Learning outcome: Explain privacy and data protection controls. 22 HSYD202-1-Jul-Dec2024-SA1-Exam-Revision-OD-01112024