CompTIA Security+ Practice Test (SY0-701)

Pretexting involves the creation of a fabricated scenario designed to persuade a victim to release information or perform some action. In this case, the attacker is pretending to be a familiar and legitimate entity—such as an IT department representative—to gain the trust of the employee and obtain sensitive information. This is a common tactic where attackers carefully craft a believable story that seems legitimate to the victim.

Reputational damage refers to the harm to a company’s prestige or esteem that occurs following a detrimental event, such as a security breach. This can result in lost customers, partners, reduced sales, and difficulty in attracting talent. Understanding this concept is essential because it transcends the immediate financial impact and can have long-term effects on the organization's success. 'Loss of confidence' refers to a more temporary or individualistic perception which might not necessarily translate into widespread damage to the organization's reputation. 'Ethical violation' is a specific behavior of non-compliance but does not directly equate to reputational damage. 'Operational downtime' refers to periods when systems or services are not operational; while it can contribute to reputational damage if it results from a security incident, on its own it does not encapsulate the broader implications of reputational damage.

Proprietary or third-party threat feeds often provide actionable intelligence that can be directly mapped to an organization's existing vulnerabilities. By offering this tailored information, security teams can prioritize threats based on relevance and direct applicability to the organization's environment. This level of specificity assists in making informed decisions, as opposed to more generic information that could lead to misprioritization or resource waste on lower-risk vulnerabilities.

The zero trust security model works on the basis of “never trust, always verify.” Devices and users on the network are always required to be authenticated even if they were previously.

The legal principle known as the 'Right to Be Forgotten' empowers individuals to have their personal data removed from the records of an organization, particularly when it is no longer necessary or pertinent. This principle is an important aspect of privacy law in many jurisdictions and requires organizations to take action upon such requests, subject to certain conditions and exceptions. The term 'Data Retention' refers to the policies that establish how long data should be kept before disposition, which is a separate topic. 'Data Sovereignty' describes the legal implications of data being subject to the laws of the country where it is stored, which does not deal directly with data removal requests by individuals. Lastly, 'Information Custodian' pertains to the roles and responsibilities associated with the protection and care of data, which does not entail an individual's right to request deletion.

The Health Insurance Portability and Accountability Act (HIPAA) includes the Privacy Rule and Security Rule, which mandate safeguards to ensure the confidentiality, integrity, and availability of PHI handled by covered entities and their business associates. PCI DSS focuses on payment-card data, SOX addresses financial reporting controls, and GLBA governs the security of consumers' financial information; none of these specifically set nationwide requirements for safeguarding medical records.

An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious actions or policy violations. Its primary purpose is to detect suspicious activities and generate alerts so that administrators can take appropriate action. Unlike preventive controls that block or prevent attacks, IDS serves as a detective control, identifying potential threats without necessarily stopping them.

Phishing simulations are a practical method of testing employees' abilities to recognize and respond to social engineering attacks. This type of simulation provides actionable insights by creating realistic scenarios similar to actual phishing attempts, without the associated risk. This helps measure the effectiveness of the training and identifies areas where additional training may be necessary. Answer options like 'Unannounced network scans' and 'Publishing quarterly newsletters' are less direct and less effective methods of assessing the specific understanding of recognizing social engineering attacks. Although helpful in a broader security context, they do not directly test the application of the training content. 'Including a quiz at the end of the training session' can validate immediate retention but does not measure long-term understanding or practical application in an actual work environment.

Performing passive DNS analysis is a passive reconnaissance method used to gather historical DNS data for a domain without directly interacting with the target's systems. This technique helps in mapping the target's infrastructure without triggering alerts. In contrast, a full network scan and running an automated website crawler are forms of active reconnaissance, as they involve sending packets and requests directly to the target's network and can be detected. Similarly, making social engineering calls is an active method that involves direct interaction with the company's employees.

The correct answer is 'Nation-state'. Nation-state actors possess high levels of sophistication, resources, and funding, and their motivations often include espionage, political gain, and disrupting the critical infrastructure of other nations. Attacks on power grids and water facilities are characteristic of cyber warfare campaigns intended to cause significant societal and economic harm.

• Organized crime is primarily motivated by financial gain and is more likely to use ransomware or steal data for extortion rather than cause widespread service disruption for its own sake.
• A hacktivist is typically motivated by political or social beliefs and usually conducts less sophisticated attacks like website defacement or DDoS attacks against specific organizations, lacking the resources for a large-scale infrastructure attack.
• An insider threat acts from within an organization, and while potentially disruptive, is less likely to orchestrate a widespread, coordinated attack on national critical infrastructure.

A load balancer is used to distribute network or application traffic across multiple servers, which improves responsiveness and increases availability of applications. It is designed to prevent any one server from becoming overloaded with too much traffic, which can degrade performance or cause outages. Proxies may balance requests but are not primarily designed for load balancing, while an IPS/IDS focuses on monitoring and analyzing network traffic for any malicious activity. Jump servers are utilized to manage access to devices within a security zone.

Technical controls rely on hardware, software, or firmware to enforce security. Configuring and administering devices like firewalls, intrusion detection or prevention systems, and antivirus platforms are examples of Technical controls. Managerial controls establish the overarching policies and procedures that direct how these technologies should be used, while Operational controls focus on day-to-day human processes and Physical controls secure the physical environment.

Policies that outline employee responsibilities and expected behaviors are examples of directive controls. Directive controls are designed to guide or instruct individuals or systems to ensure compliance with security requirements. They establish guidelines and expectations to influence behavior. Detective controls are intended to identify and detect unwanted events or incidents after they occur. Corrective controls focus on minimizing the impact of a security incident after it has occurred. Preventive controls aim to stop unwanted events from happening in the first place.

An agent-based monitoring tool would be appropriate for this task because it can be installed on each endpoint to monitor its health and security status in real-time. These agents regularly communicate with a central management console to report on the status of the endpoint and alert security personnel if an anomaly is detected. Other answers involve manual processes, provide incomplete solutions, or are less efficient for real-time monitoring in a large enterprise environment.

The General Data Protection Regulation (GDPR) is a comprehensive data privacy framework that imposes strict rules on data protection and privacy for individuals within the European Union. As it is one of the strictest privacy and security laws in the world, adopting GDPR-compliant policies will likely ensure compliance with a wide range of international data protection standards. The regulation requires businesses to protect the personal data and privacy of EU citizens. Additionally, because the GDPR has extraterritorial applicability, meaning it applies to organizations outside the EU that process data of EU residents, adhering to its standards can help a multinational corporation align with global data protection regulations. The other options are either national and not globally focused (like the Federal Information Security Management Act), industry-specific (such as acts related to shipping port security), or limited in scope with regards to data protection (for example, the United Nations Convention on Contracts for the International Sale of Goods).

Bug bounty programs invite external security researchers to test systems for rewards. This crowdsourced approach greatly expands the range of skills, tools, and perspectives applied to security testing, which helps uncover vulnerabilities that may slip past automated scanners, internal assessments, and periodic penetration tests. Increased transparency or compliance benefits can flow from a program, and zero-day exploits might be caught as a result, but those are secondary effects-not the fundamental purpose of adding the program to vulnerability identification.

Journaling in the context of file systems is used to record changes not yet committed to the file system, which can protect against corruption and ensure the file system can be reliably restored to a good state in the event of a crash. This feature is specifically designed to track changes in a sequential log, providing a mechanism for recovery that does not depend on the file system's regular write processes, which might be incomplete at the time of a crash.

Business Email Compromise (BEC) is effectively combated by strong organizational verification procedures. In a BEC attack, an attacker impersonates an executive or a partner organization in an email to trick an employee into making a financial transfer or revealing sensitive information. Training employees to verify such requests using multiple communication channels, like phone calls or face-to-face meetings, is crucial in preventing successful BEC attacks.

A network intrusion prevention system (NIPS) is the only one of the choices that you can place to monitor your entire network for intrusions while at the same time attempting to prevent the intrusion. HIPS and HIDS are only for a single host, while NIDS will only detect an intrusion.

This security control is preventive because the security guard verifies identity badges to actively prevent unauthorized access to the data center. While the presence of a security guard may also act as a deterrent by discouraging potential intruders, the essential function here is to stop unauthorized entry, which characterizes a preventive control. Detective controls would identify unauthorized access after it happens, and corrective controls focus on restoring systems after an incident.