CompTIA Security+ Practice Test (SY0-701)

The statement is false. The Choose Your Own Device (CYOD) model requires employees to select a device from a curated list of company-approved options. This approach allows the organization to ensure that devices meet its security and compatibility standards, giving IT more control than a Bring Your Own Device (BYOD) model. The scenario described, where any personal device is allowed, is characteristic of a BYOD policy, not CYOD.

Risk avoidance involves not preforming an activity to avoid the associated risk. Not preforming the activity means the risk from that activity is zero. Each other method still leaves some level of risk.

Under the shared-responsibility model, duties move up the stack as you transition from IaaS to SaaS:

• IaaS: The customer controls and secures the guest OS and anything above it, including the application code.
• PaaS: The provider secures the underlying OS and runtime, but the customer still secures any applications they develop and deploy on the platform.
• SaaS: The provider operates and patches the application itself, while the customer focuses on data protection, identity, and configuration. Therefore, the most accurate statement is that responsibility varies by service model: the customer handles the application layer in IaaS and usually in PaaS, whereas the provider handles it in SaaS.

Containerization provides a lightweight alternative to full virtualization by encapsulating an application in a container with its own operating environment. This isolation ensures that applications do not interfere with each other and can be managed independently, enhancing security by containing potential breaches within the isolated environment of the container.

Maintaining detailed documentation of evidence handling is the most important aspect to ensure the admissibility of digital evidence in legal proceedings. This documentation often includes who collected the evidence, when and where it was collected, how it was collected, any changes in the evidence, who has had custody of the evidence, and how it was secured throughout the handling process. Without this detailed documentation, evidence may be considered tampered with or contaminated, leading to its rejection in a court of law.

The correct answer is that the data remains on the drive and can be recovered. A quick format only removes the pointers to the files in the file system's index (like a table of contents), but it does not erase the actual data stored on the disk. Specialized data recovery tools can easily scan the drive and reconstruct the files, creating a significant data breach risk. Proper sanitization methods, such as those outlined in NIST 800-88 (e.g., overwriting, degaussing, or physical destruction), are required to ensure data is truly unrecoverable.

The badges in question are at risk of Radio-Frequency Identification (RFID) cloning. The lack of a mutual authentication process in the badge system permits an attacker to easily capture the badge's signal and create a duplicate without being verified by the reader. This process leads to unauthorized individuals potentially gaining access to secured facilities. Mutual authentication is a security feature where a badge and its reader verify each other before any data is transmitted. Options such as 'Email compromise' and 'Social engineering tactics' are not directly related to the scenario described where radio-frequency signals could be exploited. 'Encryption breaking' is also incorrect as it doesn't directly pertain to the cloning of an RFID signal, which is an issue distinct from cryptographic weaknesses.

A warm site has more equipment in place than a cold site but does not have active data in place like a hot site. It is a compromise between the two other backup sites.

Standards are documents that define the technical requirements and are designed to be used consistently as rules. Policies provide high-level overall plans that embrace the general goals and directives of an organization, but they do not delve into specifics. Guidelines suggest a course of action for meeting policies and standards but are not mandatory. Procedures are detailed instructions on how to perform a particular task.

To calculate MTBF, divide the total operational time by the total number of failures. The total operational time over the 2-year period is 17,520 hours, and there were 4+2=6 outages. Therefore, the MTBF is 17,520 hours / 6 outages = 2,920 hours. Accurate calculation of MTBF is essential for gauging the reliability of equipment and scheduling maintenance to minimize downtime.

Environmental threats involve natural disasters like floods, earthquakes, and fires that can physically damage an organization's assets and infrastructure. Unlike human-driven attacks, these threats originate from environmental factors. Brute force attacks are attempts to guess credentials through trial and error, RFID cloning involves duplicating access badges, and logic bombs are malicious code triggered by specific conditions. Recognizing environmental threats is crucial for comprehensive security planning.

An air-gapped system is physically isolated from all other networks, including the Internet. Because no network interfaces remain connected, data cannot enter or leave electronically, providing maximum protection for highly sensitive assets. A host-based firewall, VLAN segmentation, or an IDS can restrict or monitor traffic, but all still depend on an active network connection and therefore cannot guarantee total isolation.

The primary goal of uniform configuration standards is to establish a consistent security posture and operational behavior among the company's numerous devices and systems. This not only reduces the potential for errors but also simplifies administration and strengthens the organization's defense against common threats. Consistency makes it easier to manage updates, apply security policies, and ensure compliance with both internal guidelines and external regulations.

The correct answer is the one that aligns with the goal of adhering to the highest regulatory requirements across regions. This ensures that the financial institution complies with all regional regulations while maintaining a uniform standard of security. Implementing the strictest regulatory standard as the company-wide standard is a common approach to simplifying compliance and ensuring the highest security posture is maintained throughout the organization, regardless of location. Options involving conflicting national and local standards, as well as those suggesting the development of new internal standards or solely following the least strict, do not address the overarching need to meet all regional compliance requirements efficiently.

An air-gapped network is the best solution for ensuring high security and operational isolation as it is a physical isolation technique that completely separates the critical systems from unsecured networks, preventing any form of external access or data breach. Logical segmentation, while useful, doesn't offer physical isolation and can be bypassed if the network is compromised. A Virtual Private Network (VPN) provides secure remote access but does not address the requirement for physical isolation of the system. Using an Intrusion Prevention System (IPS) will add a layer of security but does not create isolated operational systems.

A well-designed playbook dedicates a Roles and Responsibilities section to map specific duties to job titles or teams. Consulting this section lets responders immediately see who owns each critical task, enabling a faster and more organized reaction to a breach. The other sections focus on step-by-step technical actions (Incident Response Procedures), messaging rules (Communication Plan), or system restoration steps (Recovery Methods), but they do not enumerate who performs the work.

This attack is a directory traversal. By inserting "../" into the URL, the attacker navigates the file system hierarchy to access files and folders that are outside the intended scope of the web application. This can lead to unauthorized access to sensitive files. Directory traversal exploits occur when input validation is insufficient on file path parameters. The other options are distinct types of attacks: SQL injection involves injecting malicious SQL queries into a database query, cross-site scripting (XSS) entails injecting malicious scripts into web content viewed by other users, and a buffer overflow occurs when too much data is sent to a fixed-length memory buffer, potentially allowing an attacker to execute arbitrary code.

The correct answer is Smishing. Smishing is a form of phishing attack that uses SMS text messages to trick users into revealing personal information or clicking on malicious links. In this scenario, the employee received a deceptive message on their mobile device urging them to click a link, which is characteristic of a smishing attack. Vishing involves voice calls to deceive individuals, so it's not applicable here. Pretexting is a social engineering tactic where the attacker creates a fabricated scenario to obtain information, but it typically involves more elaborate interaction than a simple message. Pharming redirects users to fraudulent websites without their knowledge, which doesn't match the scenario described.

Attestation involves creating a secure baseline of system components which are then compared against current system measurements to verify integrity. The verification step compares the current state against a set of known good values (trusted baseline) that could include measurements from binary files, configuration settings, or patches. Remote attestation extends this concept by allowing a system to report its state to a remote verifier. Hashing system files at startup and sending them to a central server compares current file states against known good hashes, but it is not specifically considered remote attestation which implies a challenge-response mechanism between a local and remote entity. Remote wiping a device and BIOS password protection are security controls to prevent unauthorized access and do not attest to the current state of the system's hardware or software.

Implementing scalability in the infrastructure planning ensures that the system can handle growth in user demand without performance degradation or security compromise. Vertical scaling might offer an immediate increase in resources but often leads to downtime during upgrades and has limitations on how much can be scaled up. On the other hand, selecting a more powerful server might provide temporary relief but doesn't provide a long-term scalable solution. Using a single geographic region for data storage may reduce complexity but doesn't consider the increased load that comes with growth. Horizontal scaling, which involves adding more servers or using cloud resources, offers flexibility, improved fault tolerance, and seamless scalability, making it the most effective option for sustained growth.