The answer is to replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies. This is correct because shared accounts like FIN-ADMIN destroy individual accountability—when three managers use the same credentials, you cannot prove who approved an invoice or changed a vendor bank. Named accounts enforce non-repudiation by tying every action to a specific user, while a dedicated break-glass account satisfies the need for emergency access without sacrificing audit trails. On the Security+ SY0-701 exam, this scenario tests your understanding of identity and access management controls, specifically the principle of least privilege and the concept of shared account accountability break-glass procedures. A common trap is thinking a password rotation or MFA on the shared account is enough, but the exam wants you to recognize that only unique credentials provide true accountability. Memory tip: break the glass, not the audit trail—named accounts for daily work, a break-glass account for emergencies only.
SY0-701 General Security Concepts Practice Question
This SY0-701 practice question tests your understanding of general security concepts. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
07:55:12 Account=FIN-ADMIN Action=ApproveInvoice Host=JUMP-02 IP=10.30.8.21
07:56:03 Account=FIN-ADMIN Action=ChangeVendorBank Host=JUMP-02 IP=10.30.8.21
07:57:44 Account=FIN-ADMIN Action=ExportReport Host=JUMP-02 IP=10.30.8.21
Note: FIN-ADMIN is used by three finance managers during after-hours support.
Based on the exhibit, which change best improves accountability while still allowing emergency access?
A finance team uses the following shared account on a jump host:
Note: FIN-ADMIN is used by three finance managers during after-hours support.
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue: "best"
Why it matters: Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies.
Option B is correct because replacing the shared account with named user accounts ensures individual accountability through unique credentials and audit trails, while a separate break-glass account provides emergency access without compromising security. This aligns with the principle of least privilege and non-repudiation, as each finance manager's actions are logged under their own identity, and the break-glass account can be tightly controlled and monitored for rare use.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
Require the shared account password to be changed every 24 hours.
Why it's wrong here
Frequent password changes may reduce reuse, but they do not show which person performed each action.
✓
Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies.
Why this is correct
Named accounts preserve accountability, role-based access supports least privilege, and break-glass access preserves emergency availability.
Clue confirmation
The clue word "best" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
✗
Enable automatic account lockout after five failed logons.
Why it's wrong here
Lockout helps against guessing attacks, but it does not solve shared-account traceability or accountability.
✗
Restrict the jump host by MAC address and subnet only.
Why it's wrong here
Network-based restrictions may reduce exposure, but they do not identify the individual using the account.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often choose password rotation (Option A) thinking it improves security, but it fails to address the core issue of non-repudiation and accountability required for audit trails.
Trap categories for this question
Command / output trap
Frequent password changes may reduce reuse, but they do not show which person performed each action.
Detailed technical explanation
How to think about this question
Named user accounts with role-based access control (RBAC) enable fine-grained permissions and tie each action to a specific user via authentication logs (e.g., Windows Security Event ID 4624 for logon, or Linux auditd entries). A break-glass account should be disabled by default, require a separate approval workflow to enable, and generate immediate alerts upon use, as recommended by NIST SP 800-53 AC-2 and AC-6. In real-world scenarios, shared accounts violate PCI DSS Requirement 10.2.1 for individual user identification and can lead to regulatory fines during audits.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this SY0-701 question in full detail.
General Security Concepts — This question tests General Security Concepts — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Replace the shared account with named user accounts, role-based access, and a separate break-glass account for rare emergencies. — Option B is correct because replacing the shared account with named user accounts ensures individual accountability through unique credentials and audit trails, while a separate break-glass account provides emergency access without compromising security. This aligns with the principle of least privilege and non-repudiation, as each finance manager's actions are logged under their own identity, and the break-glass account can be tightly controlled and monitored for rare use.
What should I do if I get this SY0-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "best". Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.