CompTIA Security+ Practice Test (SY0-701)

The correct answer is 'Reduction in operational risks.' Skilled employees who are well-versed in the organization's automated security systems contribute significantly to the maintenance and improvement of these systems. Retaining such employees can lead to a reduction in operational risks, as their expertise helps ensure that security measures are effectively implemented and managed. Experienced staff are also less likely to make errors that could lead to security breaches. The wrong answers do not directly relate to the impact of employee skills and experience on the security of automated systems.

Modern perimeter gateways perform stateful inspection of traffic flowing in BOTH directions. Ingress rules stop unwanted or malicious traffic from entering the network, while egress rules restrict or log outbound connections to enforce policy and prevent data exfiltration. Gateways do not automatically encrypt every packet, nor do they bypass inspection simply because traffic originates from the internal network or uses a well-known port.

This protocol is known for using a trusted third-party ticket-granting service to provide secure access to resources. It mitigates the risk of eavesdropping and replay attacks by avoiding the need to transmit passwords over the network. Instead, a client requests an access ticket from the ticket-granting service, which if granted, allows the client to access the desired service using that ticket. In contrast, Direct Access grants remote access to internal networks over IPv6 transitions, Simple Sign-On represents a one-time authentication process across multiple systems, which is not particularly related to ticket-granting, and Network Access Token is a made-up term not associated with a real-world authentication protocol.

Attribution in cybersecurity is notoriously difficult because attackers can intentionally plant misleading evidence. Linguistic and cultural artifacts-such as comments, debug paths, or variable names written in a specific language-may be genuine, but they can also be inserted deliberately as false flags to divert suspicion toward another actor or nation-state. Without corroborating technical indicators, intelligence, or context, such markers are suggestive at best and never conclusive proof of government-sponsored espionage.

The metric in question is the Recovery Time Objective, which sets the maximum amount of time that a process can be down after a disruption before significantly impacting the organization. It is essential for creating effective disaster recovery strategies. While redundancy is a strategy that may help achieve a lower RTO by having backup systems, it is not a metric. Availability represents the proportion of time a system is operational, and Service Level Agreements establish the expected performance and availability standards between providers and clients, but neither directly defines the maximum tolerable downtime after a disruption.

Static Application Security Testing (SAST) is the correct technique because it analyzes an application's source code or binaries for security vulnerabilities without running the program. This allows developers to find and fix issues like SQL injection and buffer overflows early in the SDLC, which is the core principle of 'shift-left' security. Dynamic Application Security Testing (DAST) analyzes applications in their running state, while fuzzing involves providing invalid or unexpected data to a running application to see if it crashes. A web application firewall (WAF) is a network security control that protects web applications from attacks at the network edge; it does not analyze source code.

Revenge is often a motivation for employees who feel wronged or slighted by their organization. In this scenario, the employee's resignation following a missed promotion and the immediate subsequent data exfiltration suggest a revenge-motivated insider threat. Other motivations like financial gain or data exfiltration for espionage purposes are less direct in linking the disgruntled employee's actions to the incident. Philosophical/political beliefs is unlikely the motive in this context, as the act of retaliation is personal rather than ideological.

An air-gapped environment refers to a security measure that involves isolating a computer or network and preventing it from establishing an external connection. This means the system is physically segregated from unsecured networks, including the internet and local area networks. This isolation provides a strong barrier against unauthorized access and cyber attacks, as there is no pathway for data to flow in or out of the system electronically.

Encrypting the entire drive (or the specific data volume) with a strong algorithm such as AES-256 renders the stored data unreadable without the corresponding decryption key. Controls like TLS focus on data in transit, VLAN segmentation limits network exposure but does not cryptographically protect the files themselves, and a host-based IDS only detects suspicious activity. Therefore, full-disk (or volume) encryption is the most effective measure to protect data at rest on the stolen disks.

Just-in-time permissions are used by privileged access management tools to provide administrative rights on a temporary basis, which are automatically revoked after a set time period or once the designated task has been completed. This reduces the risk of unauthorized access from stale accounts or the misuse of long-standing permissions.

Implementing role-based access control is critical to ensuring that the new analyst has access only to the information necessary to perform their specific job functions, which maintains the principle of least privilege and supports organizational security. Providing a company email or user profile is part of standard onboarding but does not address security concerns regarding access to confidential information. Issuing security badges allows for physical access but is not sufficient for regulating access to digital resources. The completion of general training, while important for overall employee integration, does not directly concern the regulation of access to sensitive data.

Implementing role-based access control (RBAC) allows the organization to assign permissions to users based on their job responsibilities. This ensures that employees have access only to the resources necessary for their tasks, reducing unauthorized access to sensitive files. Encrypting files protects data confidentiality but doesn't prevent authorized users from accessing data beyond their responsibilities. Enforcing multi-factor authentication strengthens login security but doesn't control access permissions. Applying network segmentation divides the network but doesn't directly manage user access to specific files.

The correct answer is "Centralizing control over who can connect to and use network services" because RADIUS is designed to supply centralized authentication, authorization, and accounting (AAA) for users seeking access to network resources. "Facilitating the handshaking process in a TLS session" is incorrect because that task is handled by the TLS protocol during secure communications setup. "Distributing IP addresses to client devices" is a function of the Dynamic Host Configuration Protocol (DHCP), not RADIUS. "Load balancing traffic between servers" is handled by dedicated load-balancing solutions rather than by RADIUS.

Detective controls are designed to identify and record unauthorized activities or intrusions, including any incident that has an impact on the security of information assets. These controls do not prevent or deter the action but instead, detect and report them. For this scenario, implementing a detective control such as an intrusion detection system (IDS) would be the appropriate choice to discover unauthorized access and alert the security team.

Data that isn’t active and is on a storage media is considered data at rest.