CompTIA Security+ Practice Test (SY0-701)

A deterrent control is designed to discourage potential attackers from attempting a security breach, making it the correct answer. Deterrent controls include things like warning signs or false/visible security measures that increase the perceived risk for attackers.

A Virtual Private Network (VPN) creates a secure tunnel between the remote user's device and the corporate network, encrypting data in transit, which helps protect sensitive corporate data from eavesdropping and man-in-the-middle attacks. Remote access and tunneling protocols can be part of a VPN solution, emphasizing the importance of encryption and a secure tunnel. A jump server, even though it acts as a bridge between different security zones, does not inherently encrypt traffic and is less suited as a comprehensive solution for remote employees' secure connectivity.

While all the options might be relevant in different scenarios, the priority action would be to configure account lockout thresholds to prevent brute-force attacks since the observed behavior suggests an attempt to gain unauthorized access by trying multiple combinations of usernames and passwords. Updating firewall firmware and reviewing OS patch levels are routine maintenance tasks that do not directly address the issue of unauthorized access attempts. While conducting user security awareness training is important, it doesn't directly mitigate the observed login attempts from foreign IP addresses.

Information Security Policies need to be monitored and reviewed on a recurring basis, not just one-time. This is because the threat landscape, technology, and business processes are continually evolving, and policies must adapt to remain effective. A one-time review would not suffice to accommodate the dynamic nature of information security.

Typosquatting relies on users making mistakes while typing a URL, leading them to land on a malicious site that mimics a legitimate one. Once the user visits the fake website, the threat actor can execute various malicious activities including malware infection. Incorrect spelling variants in URLs are a hallmark of this technique, therefore, visiting a website with a misspelled URL that resulted in these symptoms indicates a typosquatting attack. Misdirecting and phishing attempts, while also deceptive, typically involve more direct interaction, such as fake emails or links, not the accidental misspelling of a URL. Similarly, domain kiting and domain slamming are related to domain registration practices, not user typos.

The correct answer is 'Data in use'. Data in use refers to information that is currently being processed by an application, being in the immediate memory or CPU, and it is not at rest or in the process of being transmitted. 'Data at rest' describes data that is stored on a physical medium and is not actively being accessed or processed. 'Data in transit' refers to data that is moving through the network or telecommunication channels. 'Encrypted data' is a state that can apply to any of the three data states (at rest, in use, or in transit) and merely specifies that the data is encrypted, not that it is being processed by an application.

The correct answer is 'Microservices' because this architecture model provides the ability to scale components independently and ensure high availability. Microservices facilitate continuous delivery and deployment practices that are ideal for online transaction systems with variable load patterns. This architecture enables quick updates and robust security measures for each service without affecting the entire system. 'Monolithic' architecture would be challenging to scale and update without downtime, making it less suitable for high-availability systems. 'Serverless' focuses on event-driven execution, which may lead to unpredictable costs for high-traffic systems and may have limitations around compliance control. 'On-premises' is not an architecture model; it is a deployment method that can still use various architectural models, including microservices.

The correct answer is SQL injection (SQLi). This occurs when an attacker is able to insert or manipulate SQL queries using input fields exposed by the application. It is a form of injection attack that makes it possible to execute malicious SQL statements that can control a web application's database server.

This protocol is known for using a trusted third-party ticket-granting service to provide secure access to resources. It mitigates the risk of eavesdropping and replay attacks by avoiding the need to transmit passwords over the network. Instead, a client requests an access ticket from the ticket-granting service, which if granted, allows the client to access the desired service using that ticket. In contrast, Direct Access grants remote access to internal networks over IPv6 transitions, Simple Sign-On represents a one-time authentication process across multiple systems, which is not particularly related to ticket-granting, and Network Access Token is a made-up term not associated with a real-world authentication protocol.

The Owner of a system or data is primarily responsible for determining the classification of the data and the controls necessary to protect it. They make decisions on how the data should be handled, dictate access controls, and are often decision-makers on acceptable risk levels for their data. While they may delegate certain tasks to others like Custodians or Processors, the Owner retains the ultimate responsibility for the data's security.

If a system is configured to fail-closed (also called fail-secure) in the event of a failure it will “close” and no longer allow access/pass traffic.

The primary risk associated with Shadow IT is the potential for security breaches due to the use of unauthorized applications or systems that have not been vetted by the organization's security protocols. These tools might not be compliant with the organization’s security policies, may not be regularly patched or updated, and could lead to the exposure of sensitive data.

A brute force attack is a trial-and-error method used to decode encrypted data such as passwords. This type of attack systematically checks all possible combinations to discover the correct one, which can eventually allow an attacker to gain unauthorized access. This definition aligns with the description of a brute force attack.

The correct answer is true. A screened subnet, typically known as an area outside the internal network but inside the external firewall, is designed to host services that need to be accessible from both internal users and the public internet. By isolating this network segment, organizations create an additional security layer. Traffic between the internal network and the external networks, such as the internet, must go through this subnet, which is controlled by firewalls to ensure proper security measures are in place and direct connectivity is restricted.

Since the question context is a cloud service environment without specifying the model, it's important to choose a task that's universally in the customer's purview. Patch management for applications and ensuring the security of the client's data are responsibilities that generally fall to the customer, regardless of the cloud service model they are using. The cloud provider is commonly responsible for the physical infrastructure, but responsibility for application-level security measures, including secure coding practices, remains with the customer.