Pearson SY0-701 New Attempt

Risk identificationis the first step in the risk management process, where potential threats and vulnerabilities are analyzed to understand their impact on an organization. This includesidentifying assets, evaluating threats, and assessing potential vulnerabilities.

Risk mitigation: Reducing risk by implementing controls.

Risk treatment: Determining how to handle identified risks.

Risk monitoring and review: Ongoing evaluation of risk controls.

To block signature-based attacks, the Intrusion Prevention System (IPS) must be in active mode. In this mode, the IPS can actively monitor and block malicious traffic in real time based on predefined signatures. This is the best mode to prevent known attack types from reaching the internal network.

Monitor mode and sensor mode are typically passive, meaning they only observe and log traffic without actively blocking it.

Audit mode is used for review purposes and does not actively block traffic​​​.

RBAC stands for Role-Based Access Control, which is a method of restricting access to data and resources based on the roles or responsibilities of users. RBAC simplifies the management of permissions by assigning roles to users and granting access rights to roles, rather than to individual users. RBAC can help enforce the principle of least privilege and reduce the risk of unauthorized access or data leakage. The other options are not as suitable for the scenario asRBAC, as they either do not prevent access based on responsibilities, or do not apply a simplified format. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 133 1

Risk tolerance determines how much risk an organization is willing to accept before taking action. Security+ SY0-701 highlights risk tolerance as a primary factor in prioritizing remediation because different organizations evaluate threats differently depending on regulatory, financial, and operational pressures.

A low-tolerance organization may remediate even low-severity vulnerabilities quickly, while a high-tolerance organization may delay action on anything below critical severity.

Reporting impact to executives (A) does not influence risk priority. Open-source information (C) helps identify vulnerabilities but does not dictate remediation priority. The source of the risk report (D) is irrelevant; the severity and tolerance matter more.

Thus, the correct answer is B: The overall organizational risk tolerance.