CompTIA Security+ Practice Test (SY0-701)

Ongoing supportability refers to the ability to regularly update and maintain security systems and processes over their operational life. This includes providing necessary patches, updates, and modifications to adapt to emerging threats and maintain compliance with industry standards. It ensures that systems can continue to be secured effectively throughout their use. The incorrect options, while possibly related to security operations, do not define the term 'ongoing supportability'.

The Security Content Automation Protocol (SCAP) is a framework of standards that enables automated vulnerability management, measurement, and policy compliance evaluation. It provides a standardized approach for sharing security data across different tools, which helps automate assessments and maintain consistent security configurations.

A Configuration Management Database (CMDB) stores information about hardware and software assets within an organization but does not automate vulnerability assessments or enforce security configurations.

An Endpoint Detection and Response (EDR) solution focuses on real-time monitoring and response to threats on endpoint devices but doesn't provide a standardized method for automating vulnerability assessments across various systems and tools.

A Network Access Control (NAC) system enforces security policy compliance for devices attempting to access the network but doesn't automate assessments or manage configurations across all systems and tools.

A honeypot is a security mechanism set up to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Honeypots can come in the form of network-attached systems, applications, or data that simulate a real environment but are closely monitored to gain insights into attacker motives and tactics. This is distinctly different from the other options: Honeynet is a network of honeypots, a honeyfile is a decoy file rather than a system, and a honeytoken is not a system, but a piece of data or a token that serves as a trap.

To receive alerts without the need for regular polling by the management system, network devices can be configured to transmit notifications autonomously when certain events are detected. This is a critical mechanism for immediate identification and response to network incidents. The most secure way to configure this functionality is to use a current and robust version of the management protocol offering strong authentication and encryption features. It is understood that the said protocol refers to the latest version available, providing enhanced security compared to earlier versions that lack sufficient security measures. Comparatively, systematic checks involve a passive approach, hence not suitable for the proactive requirement. Furthermore, employing the capabilities of older, less secure iterations of the protocol would compromise security. Lastly, notification mechanisms that require acknowledgments can slow down the reporting process and are not ideal for rapid notifications in dynamic network environments.

When a company accepts a risk, they decide that the cost of any of the other risk treatments isn’t worth the potential loss if the risk is realized. They just accept the risk and any loss that could come with it.

Risk acceptance is the risk management strategy where a risk to an asset is accepted and no action is taken. This usually happens when the cost to mitigate the risk is more than the loss that would occur in the event the risk materializes.

In an Infrastructure as a Service (IaaS) model, the cloud service provider manages the infrastructure up to the virtualization layer. However, from the operating system and upwards including applications, data security, and identity management tasks typically become the customer's responsibility. This includes ensuring that operating systems are patched and secure, managing the security policies of applications, and safeguarding data through encryption and access controls. Network controls may be shared responsibilities depending on the service agreement. The provider would not typically manage client's application updates or the patching of operating systems.

Managerial controls are designed to establish security policies, procedures, and guidelines within an organization. They help in the strategic alignment of security practices with business operations and in ensuring that organizational security objectives are met. They are essential for the governance of security within the company.

Technical controls, on the other hand, involve the use of technology to enforce security measures, such as firewalls and encryption. Operational controls are more about implementing and maintaining day-to-day security tasks. Physical controls include tangible measures like locks, biometrics, and surveillance systems.

A sign-in/out log with a security guard would be the best compensating control because it would provide a record of all individuals accessing the server room and could be carefully monitored. While it's not as secure as biometric controls, it is a reasonable temporary measure that also ensures human oversight. Using a key code might still be secure but it doesn't provide an audit trail of who actually enters, as codes can be shared. CCTV is a deterrent and provides a record but does not control access. A standard key lock might be easy to implement but it is less secure than biometrics. A notice is simply a warning and does nothing to secure the area.

Implementing security policies and conducting regular compliance audits is a managerial control that ensures employees are aware of the guidelines and that adherence is monitored. This approach helps enforce organizational rules and identifies areas where further training may be needed. Installing antivirus software on all employee computers is a technical control focused on malware prevention, not policy adherence. Setting up surveillance cameras in work areas is a physical control aimed at physical security, which does not directly enforce acceptable use policies. Encrypting network communications with SSL/TLS is a technical control that protects data in transit but does not address whether employees follow company guidelines.

A wildcard certificate (for example, *.example.com) secures an unlimited number of first-level subdomains under the specified parent domain, so one certificate covers any present or future host such as account.example.com or checkout.example.com, greatly simplifying lifecycle management. A multi-domain SAN certificate can secure several hostnames, but every domain must be listed explicitly; adding another subdomain later requires re-issuance. A root certificate is a self-signed trust anchor used by certificate authorities and cannot be purchased to authenticate a commercial website. A self-signed certificate is not trusted by browsers unless the visitor manually installs the issuing root, making it unsuitable for a public e-commerce environment.

Ransomware is characterized by its ability to encrypt files on infected systems and subsequently demand payment for a decryption key, often leading to monetary loss for affected users and organizations. Worms are typically standalone malware that replicate themselves to spread to other computers, without the need for user interaction, but do not demand ransom for recovery. Trojans are malicious programs that disguise themselves as legitimate software but do not have the self-replicating ability of worms or the specific extortion function of ransomware. Viruses, like worms, can self-replicate and spread, but they usually require some form of user action to initiate and may or may not include ransomware characteristics. The correct answer is ransomware because it best fits the criteria of encrypting files and demanding payment.

Containerization provides a lightweight alternative to full virtualization by encapsulating an application in a container with its own operating environment. This isolation ensures that applications do not interfere with each other and can be managed independently, enhancing security by containing potential breaches within the isolated environment of the container.

Log tampering is a deliberate act to manipulate or erase logs to hide unauthorized activities or to disrupt the integrity of the logging process. While logs can be lost due to technical issues such as configuration errors or system overload, sporadic and selective disappearance is more indicative of a deliberate effort to alter logs, which signifies that log tampering is the most likely explanation. Scheduled maintenance wouldn't selectively affect log entries, and time synchronization issues would cause discrepancies in timestamps rather than missing entries. Log rotation without archiving could lead to loss of older records, but would not usually result in sporadic missing entries.

A logic bomb is a type of malware that is designed to execute a malicious action when certain conditions are met, such as a specific time or event. The recurring nature of the incident every Friday suggests that it is triggered by a time-based event, characteristic of a logic bomb. Other types of malware like Trojans or worms do not have this behavior tied to a specific condition and typically continue to execute or propagate regardless of specific events or times.

Vishing (also called voice phishing) is conducting phishing attacks using telephony. This often involves using VoIP features such as caller ID spoofing to avoid detection.

Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.

Any organization that operates, processes data, or otherwise conducts business within a country is subject to that nation's information-security and privacy laws, even if the company is foreign-owned or headquartered elsewhere. This concept-often referred to as data sovereignty-means compliance is mandatory in each jurisdiction where operations occur; failure can lead to fines, sanctions, or loss of the right to do business. The other options are incorrect because host-nation laws are not optional, cannot be ignored in favor of home-country rules, and apply to activities such as cloud or remote processing, not only to data stored physically on local servers.

Automatic failover is when systems or services switch to a redundant or standby system automatically, typically without human intervention, in the event of a failure or service interruption. This type of failover is essential for mission-critical applications where downtime must be minimized. Manual failover, while it involves intentional human intervention to switch systems, would not apply as the question indicates the switch happens without manual intervention. Active-active and active-passive describe configurations of how systems are set up for redundancy, but they do not define the type of failover process.

Business Email Compromise (BEC) is effectively combated by strong organizational verification procedures. In a BEC attack, an attacker impersonates an executive or a partner organization in an email to trick an employee into making a financial transfer or revealing sensitive information. Training employees to verify such requests using multiple communication channels, like phone calls or face-to-face meetings, is crucial in preventing successful BEC attacks.