CompTIA Security+ Practice Test (SY0-701)

The correct answer is that this statement is false. Even with a skilled IT department, establishing a dedicated committee for overseeing information security is important because it ensures that there is specialized focus and governance over security matters that may be outside the everyday functions of the IT department. Committees bring together multiple stakeholders and perspectives, ensuring a broader and more complete oversight of the security program. Additionally, committees may include members not part of the IT department, such as legal, HR, and executive leadership, who can provide essential insight and decision-making capabilities that are crucial for effective security governance.

The primary risk associated with Shadow IT is the potential for security breaches due to the use of unauthorized applications or systems that have not been vetted by the organization's security protocols. These tools might not be compliant with the organization’s security policies, may not be regularly patched or updated, and could lead to the exposure of sensitive data.

The correct answer is 'Incremental backups every 2 hours with daily full backups'. This approach efficiently balances the need to maintain recent data save points to minimize loss in the event of a system failure while utilizing resources effectively. Incremental backups save changes since the last full or incremental backup, reducing the volume of data that needs to be copied and the time required for each subsequent backup. Daily full backups ensure that there is always a recent complete copy of data to restore from, while the frequent incremental backups capture the ongoing changes.

Biometrics include things like fingerprints, retinas and palm veins. These are all considered “something you are.”

The correct answer is True. Organizations must comply with the national laws and regulations of the countries in which they operate. This applies even if the organization is foreign or headquartered in a different country. Compliance is mandatory for legal operation within a nation's boundaries, and failure to adhere to these laws can result in legal penalties, fines, sanctions, or other consequences. National compliance ensures that organizations align with the country's standards for data protection, privacy, and information security, based on legislative frameworks that may include data breach notification requirements, data residency stipulations, and industry-specific regulations.

An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious actions or policy violations. Its primary purpose is to detect suspicious activities and generate alerts so that administrators can take appropriate action. Unlike preventive controls that block or prevent attacks, IDS serves as a detective control, identifying potential threats without necessarily stopping them.

Insider threats are often motivated by personal reasons, which can include dissatisfaction with the employer, a desire for revenge against the organization, or personal gain. While insider threats can have a variety of motivations, the betrayal is usually tied to personal grievances or financial incentives, making revenge a more common motivator compared to philosophical or political beliefs. However, it is not unheard of for insider threats to act on such beliefs, but these cases are less frequent and typically tied to hacktivism, which is more characteristic of external threat actors rather than internal personnel.

In this scenario the best option for next steps is to organize the vulnerabilities by criticality. Some may be very important and represent significant risk, while others may be false positive or very minor issues. Most scanning solutions will have this information readily available. There is no way to identify false positives without going through each and every one, and halting all code changes would likely cause major disruptions to the business. The logical next step is to begin planning and focus on the worst issues first.

Custodians, also known as stewards, are responsible for the day-to-day maintenance and implementation of the security controls over assets based on the policies and guidelines set forth by the organization. While an owner may define the policy for data protection, it is the custodian's role to enforce and implement these policies through technical means, such as configuring and applying encryption to sensitive data. The data owner is typically a senior-level executive who defines what level of protection is required for the data but does not directly manage the security mechanisms. The controller is responsible for making decisions about the processing of the data, and auditors are responsible for reviewing the adherence to policies and regulations, not implementing security measures.

Storing information with a 'Restricted' classification in a secure, access-controlled environment ensures that only authorized personnel with the necessary clearance or permissions have access to that data. Keep in mind the question is regarding physical access to the data. While encryption, logging, and secure disposal are important for the overall security posture, they do not inherently restrict access to the data to the appropriate individuals.

Fail-closed mode is used in security devices to ensure that if the device fails, it does not allow any traffic through, thereby maintaining the security posture by default. This contrasts with fail-open mode, where the device would allow all traffic through in the event of a failure, potentially compromising security.

Directive controls are designed to direct the actions of individuals or systems within an organization. They provide guidance and instructions on how to maintain security and comply with established policies. Examples of directive controls include security policies and guidelines that outline acceptable behaviors, procedures, and best practices. These controls help ensure that employees and systems operate in a manner consistent with the organization's security objectives.

The primary function of antivirus software is to detect, prevent, and remove malware. By constantly monitoring the system for suspicious activity and known malware signatures, it helps defend against potential threats. It may not, however, always encrypt data or information, which is more commonly a role of encryption software. Antivirus software does not optimize system performance as its core function—although some packages come with optimization tools, that's not the main purpose. Additionally, antivirus does not provide backups, which is the role of backup software or services.

An Uninterruptible Power Supply (UPS) is designed to provide power to a device for a short duration in the event of a power interruption. It uses batteries to supply power instantly when regular power sources fail, allowing for the safe shutdown of equipment or to maintain critical operations until a generator or alternate power source can take over.

A warm site is a backup location equipped with hardware and network connectivity, allowing an organization to restore operations more quickly than at a cold site. However, it does not have current data or complete configurations, so data restoration and system setup are necessary before it becomes fully operational. This makes it a balance between a hot site, which is fully operational with real-time data replication, and a cold site, which lacks pre-installed hardware and requires significant time to set up.