Question 140 of 1,152
General Security ConceptshardMultiple ChoiceObjective-mapped

Quick Answer

The answer is to replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies. This is correct because shared accounts like FIN-ADMIN destroy individual accountability—when three managers use the same credentials, you cannot prove who approved an invoice or changed a vendor bank. Named accounts enforce non-repudiation by tying every action to a specific user, while a dedicated break-glass account satisfies the need for emergency access without sacrificing audit trails. On the Security+ SY0-701 exam, this scenario tests your understanding of identity and access management controls, specifically the principle of least privilege and the concept of shared account accountability break-glass procedures. A common trap is thinking a password rotation or MFA on the shared account is enough, but the exam wants you to recognize that only unique credentials provide true accountability. Memory tip: break the glass, not the audit trail—named accounts for daily work, a break-glass account for emergencies only.

SY0-701 General Security Concepts Practice Question

This SY0-701 practice question tests your understanding of general security concepts. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

07:55:12  Account=FIN-ADMIN  Action=ApproveInvoice   Host=JUMP-02  IP=10.30.8.21
07:56:03  Account=FIN-ADMIN  Action=ChangeVendorBank Host=JUMP-02  IP=10.30.8.21
07:57:44  Account=FIN-ADMIN  Action=ExportReport     Host=JUMP-02  IP=10.30.8.21
Note: FIN-ADMIN is used by three finance managers during after-hours support.

Based on the exhibit, which change best improves accountability while still allowing emergency access?

A finance team uses the following shared account on a jump host:

07:55:12 Account=FIN-ADMIN Action=ApproveInvoice Host=JUMP-02 IP=10.30.8.21 07:56:03 Account=FIN-ADMIN Action=ChangeVendorBank Host=JUMP-02 IP=10.30.8.21 07:57:44 Account=FIN-ADMIN Action=ExportReport Host=JUMP-02 IP=10.30.8.21

Note: FIN-ADMIN is used by three finance managers during after-hours support.

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "best"

    Why it matters: Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.

Question 1hardmultiple choice
Full question →

Exhibit

07:55:12  Account=FIN-ADMIN  Action=ApproveInvoice   Host=JUMP-02  IP=10.30.8.21
07:56:03  Account=FIN-ADMIN  Action=ChangeVendorBank Host=JUMP-02  IP=10.30.8.21
07:57:44  Account=FIN-ADMIN  Action=ExportReport     Host=JUMP-02  IP=10.30.8.21
Note: FIN-ADMIN is used by three finance managers during after-hours support.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies.

Option B is correct because replacing the shared account with named user accounts ensures individual accountability through unique credentials and audit trails, while a separate break-glass account provides emergency access without compromising security. This aligns with the principle of least privilege and non-repudiation, as each finance manager's actions are logged under their own identity, and the break-glass account can be tightly controlled and monitored for rare use.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Require the shared account password to be changed every 24 hours.

    Why it's wrong here

    Frequent password changes may reduce reuse, but they do not show which person performed each action.

  • Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies.

    Why this is correct

    Named accounts preserve accountability, role-based access supports least privilege, and break-glass access preserves emergency availability.

    Clue confirmation

    The clue word "best" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Enable automatic account lockout after five failed logons.

    Why it's wrong here

    Lockout helps against guessing attacks, but it does not solve shared-account traceability or accountability.

  • Restrict the jump host by MAC address and subnet only.

    Why it's wrong here

    Network-based restrictions may reduce exposure, but they do not identify the individual using the account.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often choose password rotation (Option A) thinking it improves security, but it fails to address the core issue of non-repudiation and accountability required for audit trails.

Trap categories for this question

  • Command / output trap

    Frequent password changes may reduce reuse, but they do not show which person performed each action.

Detailed technical explanation

How to think about this question

Named user accounts with role-based access control (RBAC) enable fine-grained permissions and tie each action to a specific user via authentication logs (e.g., Windows Security Event ID 4624 for logon, or Linux auditd entries). A break-glass account should be disabled by default, require a separate approval workflow to enable, and generate immediate alerts upon use, as recommended by NIST SP 800-53 AC-2 and AC-6. In real-world scenarios, shared accounts violate PCI DSS Requirement 10.2.1 for individual user identification and can lead to regulatory fines during audits.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SY0-701 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SY0-701 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SY0-701 question test?

General Security Concepts — This question tests General Security Concepts — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies. — Option B is correct because replacing the shared account with named user accounts ensures individual accountability through unique credentials and audit trails, while a separate break-glass account provides emergency access without compromising security. This aligns with the principle of least privilege and non-repudiation, as each finance manager's actions are logged under their own identity, and the break-glass account can be tightly controlled and monitored for rare use.

What should I do if I get this SY0-701 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "best". Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More SY0-701 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.