CompTIA Updated SY0-701 Exam Questions and Answers by harlen

A false negative occurs when a security control or scanning tool fails to detect a vulnerability that actually exists. In vulnerability scanning, this means the scan reports a system as secure even though it is vulnerable. Therefore, a result that shows no known vulnerability is an example of a false negative if a vulnerability is present but undetected.

CompTIA Security+ SY0-701 explains that false negatives are particularly dangerous because they provide a false sense of security, potentially leaving systems exposed to exploitation. Causes of false negatives include outdated vulnerability signatures, misconfigured scanners, credentialed scan failures, or unsupported legacy systems.

Option A describes a false positive, where a vulnerability is reported but does not exist. Option B may indicate an outdated scan result, not necessarily a false negative. Option D is incorrect because zero-day vulnerabilities do not have known remediations and are typically not detected by signature-based scanners.

Thus, the correct example of a false negative is C: A result that shows no known vulnerability.

OSINT (Open Source Intelligence) involves collecting publicly available information, including data breaches, leaked credentials, and other exposed company data found online or on the dark web. OSINT tools can discover if a company’s information has been compromised publicly.

SIEM (Security Information and Event Management) monitors internal logs and events but does not collect external breach info. CVE (Common Vulnerabilities and Exposures) is a database of known software vulnerabilities, not breach data. CVSS (Common Vulnerability Scoring System) rates vulnerabilities' severity.

OSINT is a key technique in the Threats and Vulnerabilities domain for external threat intelligence gathering【6:Chapter 2†CompTIA Security+ Study Guide】.

Internal audits are conducted within an organization to independently assess and evaluate the effectiveness of internal controls, policies, and procedures. A key benefit of internal audits is the identification of control gaps or weaknesses that can then be remediated before they lead to security incidents or compliance failures.

Unlike external audits, internal audit findings are primarily for management and internal stakeholders, focusing on improving security posture and operational efficiency. Reports generated are formal and documented to ensure accountability, and internal audits do not replace the need for external audits, which provide independent verification to external parties like regulators or shareholders.

This role of internal audits in identifying deficiencies and driving remediation efforts is emphasized in the Security Program Management and Oversight domain of the SY0-701 exam【7:Chapter 5†CompTIA Security+ Practice Tests】.

In this scenario, employees are attempting to navigate to spoofed websites, which is being blocked by the web filter. To address this issue, the administrator should implement security awareness training. Training helps employees recognize phishing and other social engineering attacks, reducing the likelihood that they will attempt to access malicious websites in the future.

Deploying multifactor authentication (MFA) would strengthen authentication but does not directly address user behavior related to phishing websites.

Decreasing the level of the web filter would expose the organization to more threats.

Updating the acceptable use policy may clarify guidelines but is not as effective as hands-on training for improving user behavior​​​.