Scroll down to see your responses and detailed results
Prepare for the CompTIA Security+ SY0-701 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
Which of the following options is considered a 'something you have' factor in multifactor authentication?
Voice recognition
Security token
Fingerprint
Password
'Security token' is the correct answer because it is a physical device that the user possesses and uses to gain access to an information system or secure area. In the context of multifactor authentication, 'something you have' refers to a physical object the user must possess, such as a smart card, a hardware token, or a phone with an OTP app. The incorrect options 'Fingerprint' and 'Password' are 'something you are' and 'something you know' factors, respectively, which do not fit the 'something you have' category. 'Voice recognition' is part of biometric authentication, which also falls under 'something you are' since it uses your unique biological characteristics for identification.
A company is designing a new data center for its mission-critical systems and wants to ensure the highest level of uptime. Which of the following solutions should it implement to best safeguard against power interruptions that could lead to system outages?
Power conditioners
Backup generators
Uninterruptible Power Supply (UPS)
Surge protectors
An Uninterruptible Power Supply (UPS) is designed to provide near-instantaneous power protection, supplying energy stored in batteries during a power failure. This ensures that critical systems remain operational while a backup generator starts up, preventing system outages. Generators alone have a startup delay and therefore are not sufficient for maintaining operation without a brief interruption. Surge protectors cannot provide power during an outage, and power conditioners do not supply energy but only regulate the quality of power.
ABC Tech Corporation is considering outsourcing their customer support services to XYZ Support Inc. As part of the vetting process, which of the following is the most appropriate action to ensure due diligence and care is exercised in selecting a third-party vendor?
Choose XYZ Support Inc. because they offered the lowest bid, thereby saving on costs
Delegate the decision to an intern, assuming that third-party vendors have similar capabilities
Conduct an in-depth background check on XYZ Support Inc., which includes financial, reputational, and performance aspects
Review the marketing materials of XYZ Support Inc. for their success stories and client testimonials
Due diligence involves a comprehensive appraisal of a business or person's performance, legal obligations, technical competencies, and financial viability before entering into an agreement. Conducting an in-depth background check, which includes reviewing past performance, financial stability, and reputation in the industry, is the correct course of action to ensure due diligence and care is undertaken. This action helps ascertain XYZ Support Inc.’s ability to deliver on their commitments, and align with ABC Tech Corporation's requirements and standards.
What best describes the practice of giving users only the permissions they need to perform their work tasks?
Complete autonomy
Permission auditing
Access all areas
The principle of least privilege
The principle of least privilege is a security concept where a user is given the minimum levels of access, or permissions, needed to perform his or her job functions. This principle limits the access rights for users to the bare minimum necessary to perform their work. This helps to reduce the attack surface and minimize the potential for misuse of high-level access rights. The other options are incorrect because 'Complete autonomy' refers to having total independent control which does not limit permissions, 'Access all areas' typically implies no restriction on access permissions, and 'Permission auditing' is a process of reviewing permissions, not assigning them.
What is the primary purpose of conducting a system/process audit within an organization?
To ensure compliance with security policies and procedures
To resolve technical issues within IT systems
To replace outdated security systems with newer technology
To conduct an in-depth assessment of system vulnerabilities
The primary purpose of a system/process audit is to ensure compliance with security policies and procedures. Audits are conducted to verify that systems are secure and processes are being followed according to the set standards and regulations. By doing so, organizations can identify gaps in their security measures, streamline processes, and maintain a strong security posture. Audits do not typically focus on issue resolution or vulnerability assessment directly, but these activities may be a result of findings during an audit.
Your organization has recently experienced an attack, and you need to analyze the incident to understand how the attack was perpetrated and how to prevent similar incidents. Which type of control would be best suited for this purpose?
Compensating controls
Corrective controls
Detective controls
Preventive controls
Detective controls are designed to identify and respond to incidents that have occurred, allowing an organization to understand how the attack happened. By analyzing the incident, the organization can take measures to prevent similar attacks in the future. Preventive controls aim to stop incidents before they occur, which is not suitable for analysis after an attack. Corrective controls are focused on limiting damage after an incident and may not provide insight into the attack method. Compensating controls can provide alternative security measures but are not focused on incident analysis.
A corporation employs external auditors who require access to the company's server infrastructure for a limited duration. The security policy enforces minimum necessary privileges and mandates that access credentials should expire immediately after the auditing task is completed. Which of the following practices should be implemented to comply with the security policy?
Generating non-expiring API keys for auditors to use during their review
Allocating time-restricted access tokens for server access
Issuing a set of shared credentials that the audit team can use
Creating permanent accounts with privileged access for each auditor
Allocating time-restricted access tokens ensures that the auditors have temporary access to the necessary resources, and these tokens automatically expire after the designated period, aligning with the security policy of minimum necessary privileges and immediate expiration post-audit. API keys or permanent account credentials do not offer the same level of temporary access and can potentially remain active beyond the requirement, posing a security risk. Shared credentials are inherently insecure as they do not provide individual accountability and can be easily misused.
In the process of updating the contingency plans to address potential infrastructure failures, what should management prioritize to ensure essential system functions are restored within an optimal timeframe after an unforeseen outage occurs?
Keeping a detailed record of equipment and software versions.
Creating a schedule for regular data archiving and retrieval tests.
Setting specific deadlines for restoring vital operations.
Harmonizing the procedural manual with the prevalent statutory requirements.
Establishing specific deadlines for the restoration of vital services is the cornerstone of an effective contingency plan, ensuring that the most critical operations are available again to meet business needs and customer expectations. While a meticulous resource inventory is useful for resource management and recovery, and defining storage and retrieval processes preserves data integrity, neither sets the timeline for restoring business services. Regulation adherence is also a consideration in planning but does not determine the urgency with which services must be reactivated.
What does the concept of ongoing supportability in the context of cybersecurity operations entail?
The periodic change in security policies dictated by organizational structure.
The capacity for continued maintenance and updates of security systems and processes.
The initial implementation of security controls in a new system.
The step-by-step playbook used for responding to security incidents.
Ongoing supportability refers to the ability to regularly update and maintain security systems and processes over their operational life. This includes providing necessary patches, updates, and modifications to adapt to emerging threats and maintain compliance with industry standards. It ensures that systems can continue to be secured effectively throughout their use. The incorrect options, while possibly related to security operations, do not define the term 'ongoing supportability'.
What is the primary role of a generator within the security architecture of a data center?
To provide backup power in the event of a main power supply failure
To cool down the server racks and prevent overheating
To regulate the distribution of power to different circuits
To serve as a primary power source during peak operation times
The primary role of a generator in the security architecture of a data center is to provide backup power in the event that the main power supply fails. This ensures that critical systems remain operational during power outages, thus maintaining high availability and preventing potential security breaches that could occur due to system downtime.
What can an organization implement when a vulnerability cannot be patched immediately, to mitigate the risk while maintaining business functionality?
Compensating controls
Threat intelligence
Encryption
Penetration testing
Compensating controls are security measures that are put in place to mitigate the risk associated with identified vulnerabilities that cannot be immediately resolved. They serve as alternatives to the direct remediation of security weaknesses, often due to technical, business, or financial constraints. Implementing compensating controls allows an organization to continue operations securely by reducing the potential impact of the vulnerability until it can be properly addressed. Encryption is not inherently a compensating control but might be part of one, depending upon the context. Threat intelligence and Penetration testing are methods for identifying vulnerabilities, not compensating for them.
A security analyst is reviewing the organization's incident reports and notices an incident where attackers sent deceptive messages to employees' mobile phones with the intent to trick them into sharing sensitive information. What type of attack does this scenario describe?
Exploit Kits via MMS
SMS phishing
Spyware Installation
Direct Malware Injection
This scenario describes a phishing attack that is conducted through SMS messages, commonly known as 'SMS phishing' or by its other name Smishing. Both 'Spyware Installation' and 'Direct Malware Injection' can be results of this kind of attack if the recipient takes the bait, but they are not names of the attack method itself. 'Exploit Kits via MMS' involve multimedia content and are not the same as text-based phishing attacks.
Your organization has decided to migrate to a cloud service model. As the IT security professional, you are reviewing the shared responsibility matrix provided by the potential cloud service provider. According to the matrix, which of these responsibilities would typically be managed by your organization rather than the provider in an Infrastructure as a Service (IaaS) model?
Environmental control of the hardware
Patching of the host operating system
Physical security of the data center
Virtualization platform management
In an Infrastructure as a Service (IaaS) model, the cloud service provider manages the infrastructure up to the virtualization layer. However, from the operating system and upwards including applications, data security, and identity management tasks typically become the customer's responsibility. This includes ensuring that operating systems are patched and secure, managing the security policies of applications, and safeguarding data through encryption and access controls. Network controls may be shared responsibilities depending on the service agreement. The provider would not typically manage client's application updates or the patching of operating systems.
Your organization is looking to improve its incident response capabilities by implementing security automation. As the security manager, you need to decide which aspect of the incident response process would most benefit from automation. Given the goal to reduce response times and human error, which would be the most effective use of automation?
Automating decision-making on how to handle every aspect of the incident response.
Automating the initial incident triage to categorize and prioritize incidents based on predefined rules and criteria.
Automating communication with the media regarding details of the incident.
Automating the entire post-incident report generation without human review.
Automating the initial incident triage process allows incidents to be quickly categorized and prioritized based on predefined criteria, such as source, type, and severity. This rapid classification helps to ensure that higher severity incidents are dealt with promptly and reduces the manual effort needed by the incident response team, allowing them to focus on responding to incidents rather than initial data gathering and assessment. On the other hand, fully automating the decision-making process on how to handle an incident could be risky, as it may require human judgment and context that cannot be replicated by automation processes. Similarly, generating the post-incident report is important but does not critically impact response time. Finally, automated communication with the media would not be appropriate as it requires careful crafting by someone with PR expertise to manage potential reputational damage.
What type of malware typically encrypts an organization's data and demands payment for the decryption key?
Trojan
Ransomware
Virus
Worm
Ransomware is a type of malware that encrypts the victim's data and requires payment, often demanded in cryptocurrency, to provide the decryption key. This description matches exactly what ransomware does. A Trojan is a malicious program disguised as legitimate software. A Worm replicates itself to spread to other computers, and a Virus requires user interaction to spread and is not defined by demanding a ransom.
Looks like that's it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features