CompTIA Security+ Practice Test (SY0-701)

Setting up a system that monitors, detects, and blocks potentially unauthorized data transmissions can dramatically lower the likelihood of sensitive information being leaked or transferred outside the company by an insider with legitimate access. While biometric authentication adds a layer of security, it does not prevent data exfiltration by authenticated users. Disabling unused service ports and enforcing strong encryption enhance security but are not directly effective in monitoring or preventing the transfer of sensitive data from insiders. Segmenting the network can reduce the risk of widespread internal access, but it is not specifically aimed at preventing data exfiltration.

The correct answer is 'Network segmentation'. This practice would isolate the legacy system from the rest of the network, reducing the potential impact of a vulnerability being exploited. While other options like intrusion detection systems and replacement could also be considered, they do not immediately address the risk of the legacy system being compromised. Network segmentation is a straightforward mitigation step that can be applied without requiring the removal of critical, yet non-patchable, equipment.

Auditing gathers evidence after the fact by reviewing log and permission data to uncover unauthorized access or policy violations. Because it identifies issues that have already occurred, its chief purpose is detection, not prevention, correction, or deterrence. Therefore, it is categorized as a detective control.

Endpoint protection software's role as a system hardening technique is to enhance the security of individual devices within a network by providing a combination of various security measures against threats such as malware, exploits, and unauthorized access attempts. It typically includes functionalities like antivirus, antimalware, and personal firewalls. The correct answer encapsulates these capabilities. The incorrect answers either misrepresent the scope of endpoint protection or attribute unrelated functions to it.

An air-gapped system is physically isolated from all other networks, including the Internet. Because no network interfaces remain connected, data cannot enter or leave electronically, providing maximum protection for highly sensitive assets. A host-based firewall, VLAN segmentation, or an IDS can restrict or monitor traffic, but all still depend on an active network connection and therefore cannot guarantee total isolation.

The 'Somewhere you are' factor relates to the use of geographic location as part of the authentication process. Typically, this involves technologies such as GPS or IP address location services to verify the user's current physical location. This kind of authentication is particularly useful for enforcing location-based access policies, such as allowing access to a corporate network only from within a secure physical office or predefined safe geofenced areas. Other answers, 'Something you know', 'Something you have', and 'Something you are', refer respectively to knowledge factors like passwords, possession factors like smart cards or tokens, and inherence factors like biometrics, all of which are separate from the user's location.

The correct answer is 'Nation-state'. Nation-state actors possess high levels of sophistication, resources, and funding, and their motivations often include espionage, political gain, and disrupting the critical infrastructure of other nations. Attacks on power grids and water facilities are characteristic of cyber warfare campaigns intended to cause significant societal and economic harm.

• Organized crime is primarily motivated by financial gain and is more likely to use ransomware or steal data for extortion rather than cause widespread service disruption for its own sake.
• A hacktivist is typically motivated by political or social beliefs and usually conducts less sophisticated attacks like website defacement or DDoS attacks against specific organizations, lacking the resources for a large-scale infrastructure attack.
• An insider threat acts from within an organization, and while potentially disruptive, is less likely to orchestrate a widespread, coordinated attack on national critical infrastructure.

Detective controls are designed to identify and record unauthorized activities or access within a system or network. Intrusion Detection Systems (IDS) are a perfect example of detective controls since their main purpose is to detect potential security breaches, log security events, and alert systems or network administrators. While firewalls are used for prevention, and security policies guide user behavior, they are not primarily used to detect unauthorized activities.

An air-gap refers to a network security measure where a system is physically isolated from unsecured networks, preventing external communication. This isolation enhances security by eliminating pathways that could be exploited by attackers. In contrast, a Virtual LAN (VLAN) and a software-defined network (SDN) provide logical network segmentation but do not physically isolate systems. Split tunneling allows simultaneous access to secure and unsecured networks, which can introduce security risks.

There are times when certain data is required to be kept for a certain period of time due to legal, regulatory or policy reasons. There are also requirements pertaining to when data isn’t supposed to be kept. This is all referred to as data retention.

RBAC restricts what an authenticated account can see, but if the account credentials are stolen the attacker gains the same database access. Requiring multi-factor authentication (MFA) adds a second, independent factor the attacker is unlikely to possess, making stolen passwords alone insufficient. The other options improve security but do not address the stolen-credential threat as effectively: longer passwords still fail once the password is known, full-disk encryption protects only when the system is powered off, and suppressing SQL errors mainly reduces information disclosure during reconnaissance rather than blocking authenticated access.

Containerization enables developers to package applications along with all their dependencies into isolated units called containers. This approach ensures that the application runs consistently regardless of the environment, enhancing portability and security by isolating applications from one another. Virtualization, while also providing isolation, involves creating full virtual machines with their own operating systems, which is more resource-intensive. Microservices refer to an architectural style that structures an application as a collection of loosely coupled services, focusing on design rather than deployment. Serverless computing allows developers to build and run applications without managing the underlying infrastructure but does not involve packaging applications with dependencies for consistency across environments.

Written policies that outline permitted or required behavior are directive controls because they provide explicit guidance to users and systems. Detective controls identify incidents, preventive controls block them from occurring, and compensating controls provide alternatives when primary controls are not feasible. Therefore, the acceptable-use policy exemplifies a directive control.

A system image is a copy of the entire state of a system. That image can be used as a way to restore the system it came from to that exact state or it can be copied onto other similar system to bring them all to a uniform state.

Gran' was a victim of a voice phishing or vishing attack. This is the term used when an attacker contacts the victim via phone and attempts to steal personal information or by tricking the user to install malware on their computer. They may claim to be from a valid tech support company or vendor such as Microsoft or as a bill collector from a local utility company or anything in between.