CompTIA Security+ Practice Test (SY0-701)

Reviewing the vendor's security and compliance certifications ensures that the supplier follows recognized industry standards and regulations (such as ISO 27001 or SOC 2). This provides independent assurance of the vendor's security posture and is typically the first due-diligence step before deeper, resource-intensive activities. Assessing financial stability or speaking with references helps manage business risk but does not directly validate security controls. Conducting an on-site assessment can be valuable later in the process, yet it is costly and often reserved for only the highest-risk suppliers after their documentation has been reviewed.

Single sign-on (SSO) is an authentication scheme that allows a user to use a single set of credentials (like a username and password) to access multiple different applications and resources. This directly addresses the company's goal of reducing the number of logins employees must manage.

• RADIUS and TACACS+ are AAA (Authentication, Authorization, and Accounting) protocols, primarily used for centralizing authentication for network access (like Wi-Fi or VPNs) or network device administration, respectively. They do not provide the seamless single-login experience across various applications that SSO offers.
• 802.1X is a port-based network access control (PNAC) standard used to authenticate devices before they are allowed to connect to a network. It is not used for authenticating users to applications.

Security policies, standards, and guidelines do not directly stop or detect attacks. Instead, they provide direction by defining required behaviors and rules. Because they set expectations and guide how people and systems should act, they are categorized as directive controls. Detective controls identify incidents after they occur, preventive controls stop incidents, and corrective controls restore normal operations.

To correctly restore affected systems to their operational state after a breach, it is crucial to utilize verified backups. Verified backups have been checked for integrity and are free from the corruption or compromise that affected the original data. Using the latest system images would not be ideal as they might contain vulnerabilities that led to the breach. Applying the latest patches does not address the data loss issue. Simply wiping the drives could result in further data loss if no backup is available. Replication, while useful for high availability, may propagate the breach effects if not segregated and verified.

Installing or configuring a firewall is a technical control because it involves the use of technology, while other controls are related to people, processes or physical restrictions.

The term 'Data Subject' refers to the individual to whom the personal data belongs and who is the subject of that personal data. This person possesses certain rights in terms of privacy laws, such as the right to access, correct, and request the deletion of their personal data. The other terms provided do not accurately describe this individual in the context of data processing.

Containerization enables developers to package applications along with all their dependencies into isolated units called containers. This approach ensures that the application runs consistently regardless of the environment, enhancing portability and security by isolating applications from one another. Virtualization, while also providing isolation, involves creating full virtual machines with their own operating systems, which is more resource-intensive. Microservices refer to an architectural style that structures an application as a collection of loosely coupled services, focusing on design rather than deployment. Serverless computing allows developers to build and run applications without managing the underlying infrastructure but does not involve packaging applications with dependencies for consistency across environments.

A Hardware Security Module (HSM) is a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, and provides strong authentication. HSMs are specifically designed for the secure generation, storage, and management of cryptographic keys, offering a higher level of security compared to software-based key management solutions. They are widely used in applications requiring high-level security, such as banking, government, and healthcare.

A fail-open configuration is designed to allow traffic to pass through when the security device experiences a failure, such as a malfunction or a loss of power, thus ensuring that network availability is prioritized. While this might introduce a security risk by allowing potentially unsecured traffic during the failure event, it supports the company's requirement for maximum uptime. The other provided responses either incorrectly relate to device security postures not focused on availability (such as fail-close), or do not relate to failure modes directly affecting traffic (such as a high availability cluster, which is designed for redundancy but not specifically addressing the company's need for availability during a security device failure).

This type of penetration test is known as a black-box test. In this approach, the testers are given little to no prior information about the target system. For example, they are not provided with details like the web server type or access to the source code. Instead, the testers must perform reconnaissance to gather information and probe for vulnerabilities, simulating an attack from an external threat actor with no inside knowledge.

Deterrent controls are security measures that are put in place to discourage potential attackers from attempting to breach an organization's defenses. They work by making the target appear more difficult, time-consuming, or risky to attack. Security cameras are a prime example of a deterrent control because their presence can make potential intruders think twice about attempting to gain unauthorized access, as they know their actions may be recorded and used as evidence against them. Preventive controls aim to stop an incident from happening, detective controls identify incidents as they occur, and corrective controls are used to limit the damage after an incident.

The correct answer is a guideline. A security guideline is a document that provides recommendations and best practices; it is not mandatory. In contrast, a policy is a high-level statement of intent from management that is mandatory. A standard is a mandatory rule that supports a policy, often specifying technologies or configurations. A procedure is a detailed, step-by-step set of instructions for performing a specific task, which is also mandatory.

A passive device attribute allows the network appliance to observe traffic without interacting or making changes to it, enabling monitoring and analysis without affecting data flow. This contrasts with an active device, which is designed to interact with or change the traffic passing through it, performing actions such as blocking or modifying packets.

The term 'Neutral' is used to describe an organization's approach to risk appetite where they are neither aggressive in seeking out risks that may offer substantial rewards nor overly cautious to the point of hindering potential growth. This approach aims for a balance between the two, with decision making that is well-calibrated to engage with risks that offer a reasonable trade-off between potential benefits and potential harm. 'Expansionary' suggests an aggressive stance towards growth and assuming more risk, while 'Conservative' indicates a more cautious approach that avoids risks. 'Risk Mitigation' is a strategy to reduce the impact of risks, but it does not describe an appetite for risk.

Including real-life scenarios and examples in the training module is crucial as it allows employees to relate the training to their daily activities and better prepare them to recognize and manage potential incidents. These practical examples enhance the training's relevance and retention, ensuring employees are more likely to respond correctly. Excessive reliance on technical jargon may confuse employees rather than educate them. Brief training might not cover all necessary information, and focusing on punishment over education can create a culture of fear rather evenly-informed and proactive security stance.

Chain of custody is a legal concept that refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. Maintaining the chain of custody is vital to ensure that the evidence can be trusted and is admissible in a court of law. If the chain of custody is broken or cannot be proven, the integrity of the evidence may be questioned, potentially rendering it inadmissible. Legal hold is a process that preserves all forms of relevant information when litigation is reasonably anticipated, which differs from ensuring the evidence admissibility. Both acquisition and reporting are steps within the digital forensics process, but they do not serve to maintain the integrity of the evidence through documentation like chain of custody does.

A playbook is a document that provides a step-by-step guide for responding to a specific type of security incident, such as ransomware or a data breach. A Business Impact Analysis (BIA) is an assessment used to identify critical business functions and determine the potential effects of their disruption. A risk register is a tool for documenting and tracking identified risks. An Acceptable Use Policy (AUP) is a policy that defines the rules and constraints for how users may use an organization's resources.

A logic bomb is a type of malware that is designed to execute a malicious action when certain conditions are met, such as a specific time or event. The recurring nature of the incident every Friday suggests that it is triggered by a time-based event, characteristic of a logic bomb. Other types of malware like Trojans or worms do not have this behavior tied to a specific condition and typically continue to execute or propagate regardless of specific events or times.

Predictive (virtual) site surveys use computer modeling and digital floor plans to estimate RF propagation and can generate heat maps before a building is finished or remodeled. Although these simulated heat maps must later be validated with an on-site survey, they are accurate enough for preliminary design, budgeting, and cabling plans. Therefore, heat-map creation does not always require the physical environment to be in its final state.

While automation brings efficiency, consistency, and speed, it can also concentrate reliance on a single script, platform, or orchestration engine. If that component fails, the organization could lose critical security visibility and controls-a classic single point of failure. By contrast, improved reaction time, automatic enforcement of baselines, and standardized infrastructure configurations are typical benefits, not risks, of automation.