CompTIA Security+ Practice Test (SY0-701)

A preventive control is a security measure designed to stop an incident or attack from occurring in the first place. Firewalls and access controls are examples of preventive controls that proactively protect systems and data by blocking unauthorized access or malicious traffic before it can cause harm. In contrast, detective controls identify incidents that have already occurred, corrective controls limit damage after an incident, and compensating controls serve as substitutes for primary controls.

An air-gap refers to a network security measure where a system is physically isolated from unsecured networks, preventing external communication. This isolation enhances security by eliminating pathways that could be exploited by attackers. In contrast, a Virtual LAN (VLAN) and a software-defined network (SDN) provide logical network segmentation but do not physically isolate systems. Split tunneling allows simultaneous access to secure and unsecured networks, which can introduce security risks.

Requiring passwords to be long and include a combination of uppercase letters, lowercase letters, numbers, and special characters significantly increases their complexity, making them harder to guess or crack. Allowing password reuse or limiting password age does not directly enhance password strength and can lead to weaker security practices.

Creating encrypted channels over a public network like the internet is essential for protecting sensitive data in transit. A Virtual Private Network (VPN) establishes an encrypted tunnel, which is required to maintain the confidentiality and integrity of data between two points. This technique involves creating a secure path over which data can be sent safely, ensuring that even if intercepted, the data remains unintelligible to unauthorized parties.

• Access control lists (ACLs) filter traffic but do not encrypt it.
• A cloud-based solution like SASE is a valid architecture, but the core protective technology it would use for this task is an encrypted tunnel.
• Intranet capabilities are confined to the internal network and cannot secure traffic over the public internet.

The exposure factor (EF) is the metric that defines the anticipated percentage of an asset's value that could be lost if a given vulnerability were exploited. This metric is a critical component of a comprehensive risk assessment. While the other options might appear related to risk management, none of them specifically measure the potential percentage loss of an asset's value due to exploitation. An 'impact score' is typically a generalized rating rather than a precise percentage. A 'financial loss ratio' is not a standard term in risk management and does not accurately reflect the value loss of an asset due to a vulnerability. 'Annualized loss expectancy' is a calculation of expected loss over a year and incorporates both the exposure factor and the annual rate of occurrence, rather than just the loss associated with a single incident.

The team is most likely implementing technical controls in the form of email security technologies, such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These technologies help to verify sender identities and assess the trustworthiness of the emails, acting as preventive controls to stop phishing attempts before they reach the employees.

Web browsers establish encrypted sessions with external web servers using the HTTPS protocol, which by default uses TCP port 443. Allowing outbound (and corresponding return) traffic on this port restores secure web access. Ports 80 and 8080 carry unencrypted HTTP, while 3389 is used for Remote Desktop, so opening those would not solve the problem.

Preventive controls are security measures that are put in place to prevent incidents from happening. They are proactive in nature and aim to stop threats before they can cause harm. Examples of preventive controls include firewalls, which block unauthorized access, and access controls, which restrict access to sensitive resources. Detective controls, on the other hand, are designed to identify and respond to incidents after they have occurred. Corrective controls aim to limit the damage after an incident, while compensating controls substitute for primary controls.

Choosing the backup frequency is primarily driven by the maximum acceptable data loss the business can tolerate, known as the Recovery Point Objective (RPO). This defines how often backups need to be taken to meet business continuity requirements. While the cost of backup media is important for budgeting, it should not take precedence over critical data protection needs. The features of backup software may enhance backup processes but do not directly determine how often backups should occur. Network throughput can affect backup speed but is a technical constraint, not the primary factor in setting backup frequency.

A Code Signing certificate allows developers to sign software digitally, which verifies the integrity of the software and ensures that it has not been tampered with since being signed. Self-Signed certificates could be used but aren't typically trusted by users' operating systems or browsers by default, thereby potentially raising security warnings. An Email certificate is used for securing email communication and ensuring the authenticity of the sender, not for software integrity. A Root certificate is at the top of a certificate chain and signs other certificates rather than being directly used to sign software.

Creating a digital hash of the hard drive image is critical to maintain the integrity of the investigation. Hashing the image ensures that an investigator can verify that the evidence has not been altered from the time of acquisition. This process establishes a unique digital fingerprint for the data at the moment of capture, which can be compared against the data at any point afterward to confirm that it remains unaltered. Physically securing the server and limiting access to the server are important, but they do not address the integrity of the digital evidence after its acquisition. Documenting the process is also essential but secondary to securing the image's integrity through hashing.

The best action is to verify the identity of the caller through a callback to a known, official phone number for the telecommunications provider before discussing sensitive information. This is because providing such details over the phone without verification can lead to potential security breaches. Unverified calls, especially those requesting sensitive information, are likely to be vishing attacks where attackers attempt to extract critical information by impersonating legitimate entities. Unlike the incorrect options, immediate verification is critical and proper protocol in such situations; informing a supervisor is also advisable but does not directly address the potential immediate threat. Sharing the requested information or placing the caller on a brief hold without attempting to verify their identity doesn't reduce the risk associated with the potential vishing attempt.

Incident response is the correct answer because it is an operational control that focuses on identifying, containing, and recovering from security incidents. Change management is incorrect because it deals with managing changes to systems and applications, not specifically security incidents. Access controls are preventive measures that limit access to resources, but do not directly address incident handling.

Risk transfer is characterized by shifting the financial burden of a risk to another entity. Obtaining a cybersecurity insurance policy effectively transfers the financial risk of a cyber attack to the insurance company. Adjusting security controls to enhance detection would be an example of mitigation, which aims at reducing the risk's probability or impact. Developing a response strategy falls under preparedness and mitigation, as it prepares the organization to handle the impact, but does not transfer the risk. Lastly, training employees is a preventive measure and also falls into risk mitigation; it does not transfer the risk.

Implementing a VPN would provide encrypted connections from remote locations to the data center, allowing for secure communication while limiting exposure to attacks. A proxy server primarily acts as an intermediary for users seeking resources from other servers and might not provide the necessary encryption for all communications. Intrusion detection systems (IDS) are crucial for monitoring and detecting potential threats but do not directly provide secure access for remote users. While a jump server can provide a controlled entry point into a network, it's not as comprehensive for remote access security as a VPN, which also encrypts the data in transit.