CompTIA Security+ Practice Test (SY0-701)

Validating the security of the server's firmware at the time of delivery is critical, as firmware vulnerabilities can compromise the entire system. Ensuring that the hardware provider has a secure firmware delivery and update process helps protect against supply chain attacks. While obtaining documentation, checking for government connections, and working with familiar brands provide different levels of assurance, they do not offer the same direct mitigation against hardware-based vulnerabilities and firmware integrity as validating the server's firmware security.

An Uninterruptible Power Supply (UPS) provides backup power to the infrastructure in the event of a power outage, ensuring the servers remain operational until either the main power is restored or a longer-term solution like a generator can take over. Surge protectors, while they protect against voltage spikes, do not provide power during an outage. Redundant power supplies ensure the servers can continue to operate if one power supply fails, but they require power from an external source and will not protect against an outage. Battery banks can store power but generally do not switch as rapidly as a UPS to provide uninterrupted power.

Storing encrypted backups at a geographically separate, offsite location is the most effective strategy. This approach ensures that if a physical disaster like an earthquake destroys the primary data center, a complete copy of the data is safe and available for recovery at a different location. Onsite solutions like RAID or local snapshots would be destroyed along with the data center, and a fireproof safe in the same building would not protect against the building's collapse.

Implicit trust zones are areas within a network where once access is granted, there is an assumption that all users and activities within that zone are trustworthy. This is a flaw because it does not adhere to the principle of 'least privilege' and inherently trusts the entities within the zone without continuously verifying their trustworthiness. This can lead to unauthorized access and potential breaches if a malicious actor gains access to the trusted zone and operates without restrictions. The Zero Trust model, on the other hand, never trusts and always verifies, even within the network, and is designed to operate without implicit trust zones.

Integrity refers to the accuracy and reliability of data. When the IT administrator overwrote the configuration files, it led to incorrect data being presented, thus compromising data integrity. Confidentiality involves protecting information from unauthorized access, which is not the issue here. Availability ensures that systems and data are accessible when needed, but the systems are still operational. Authentication relates to verifying the identity of users or systems, which is not impacted in this scenario.

An Intrusion Detection System (IDS) is adept at continuously monitoring network traffic for abnormal behavior and is specifically designed to alert the security team about potential threats without modifying, discarding, or preventing the flow of traffic, which aligns with the requirement in the given scenario. On the other hand, an Intrusion Prevention System (IPS) not only detects but also takes action to prevent the identified threats, which could interfere with data flow. A Jump Server is a hardened and monitored device that acts as a bridging point for administrators to connect to other servers but does not perform real-time threat monitoring. A Unified Threat Management (UTM) device combines several security functions into one, yet its threat detection capabilities are broader and not solely focused on network traffic monitoring.

A next-generation firewall (NGFW) provides the advanced functionality needed for logical network segmentation, augmenting classic firewall capabilities with features such as application awareness and intrusion prevention. NGFWs ensure that strict security policies can be enforced and managed between segmented zones, which is perfect for an environment handling sensitive health records. This technology provides the required granularity for compliance with healthcare regulations, making it the optimal choice over other options that either lack the sophistication in policy management or are not primarily designed for inter-segment traffic control within the same network.

Enabling Secure Simple Pairing (SSP) with the Numeric Comparison method establishes an elliptic-curve Diffie-Hellman key during pairing and encrypts the Bluetooth link, providing protection against eavesdropping and man-in-the-middle attacks. Full-device (at-rest) encryption and strong unlock passcodes safeguard data stored on the handset, not data in transit. Limiting connectivity to WPA3 affects Wi-Fi, not Bluetooth.

The correct principle is that ICS environments require stringent security baselines tailored to their unique operational needs, regardless of network isolation. Even physically isolated or 'air-gapped' systems are vulnerable to threats from removable media (like USB drives), insider threats, and supply chain attacks. Therefore, assuming isolation negates the need for strong security is a dangerous misconception. While an ICS baseline may differ from a standard IT baseline in its priorities (e.g., emphasizing availability and safety over confidentiality) and implementation details (e.g., patch management schedules), it must be comprehensive and robust. Relying on the vendor for all security or applying a less stringent baseline are both inadequate security practices.

The term 'Data Subject' refers to the individual to whom the personal data belongs and who is the subject of that personal data. This person possesses certain rights in terms of privacy laws, such as the right to access, correct, and request the deletion of their personal data. The other terms provided do not accurately describe this individual in the context of data processing.

The security administrator should immediately disable the compromised account to prevent the attacker from maintaining access and causing further damage. While changing the passwords of other accounts and reviewing the firewall settings are important measures, they do not directly address the immediate threat of the continued unauthorized access. Performing a forensic analysis is a subsequent step after containing the threat.

Storing data within a country’s own data center or approved hosting service ensures data does not leave that territory, meeting legal compliance. Methods such as strong passcodes do not guarantee data remains in a location. Encryption is valuable for confidentiality but does not constrain the physical location of data. Replicating data globally may violate those region-specific obligations.

A wildcard certificate allows an organization to secure a domain and all of its subdomains with a single certificate. This is achieved by using an asterisk (*) in the domain name portion of the certificate, representing all possible subdomains. Self-signed certificates are generated by the owner and are not trusted by default by browsers and operating systems. Extended Validation (EV) certificates provide higher levels of trust through a rigorous authentication process but do not inherently support multiple subdomains. Root certificates are used to sign other certificates in a certificate hierarchy but are not used to secure specific domains or subdomains.

Just-in-time permissions restrict the timeframe during which administrative or elevated rights are granted to users, minimizing the potential for misuse of those privileges. By limiting access to only when it is required for a specific task and automatically revocating those permissions after a set time, the attack window is reduced. This prevents risks associated with standing privileged accounts, which could be exploited if compromised.

By adopting an Infrastructure as Code approach, the company can define and manage its infrastructure using code-like templates, enabling automation, version control, and consistency across deployments. This practice treats infrastructure configurations similarly to software code, allowing for reuse, sharing, and collaboration, which reduces errors and improves reliability.

Implementing Configuration Management Policies may help in standardizing configurations but does not inherently use code-like templates or enable version control of infrastructure definitions. Utilizing Continuous Integration tools focuses on automating software build and test processes, not infrastructure provisioning. Deploying Virtualization Technologies allows running multiple virtual machines but does not address automating or version-controlling infrastructure configurations.

Limiting the number of running services to only those that are essential for the server's operation significantly reduces the available entry points for an attacker, thus minimizing the attack surface. Unnecessary services can introduce vulnerabilities or become potential targets. Other options, like applying security patches or conducting a vulnerability scan, are important for maintaining security but do not directly minimize the attack surface. The use of strong encryption is essential for protecting the confidentiality of data in transit, but it does not impact the number of attack vectors.

Protected health information (PHI) is any individually identifiable health data-such as diagnoses, treatment details, or prescriptions-maintained or transmitted by a covered entity. Under the HIPAA Breach Notification Rule, a breach involving the unsecured PHI of more than 500 residents of a state or jurisdiction requires the covered entity to notify the affected individuals and prominent media outlets within 60 days. Because that 500-person threshold and media-notice requirement apply specifically to PHI, the stolen data was almost certainly PHI, not general PII, payment-card data (PCI), or another category.

The term 'workforce multiplier' refers to the use of technology, especially automation and orchestration tools, that enables a security team to be more productive by handling tasks that would otherwise require greater staffing. By automating repetitive and tedious tasks, the organization can maximize the effectiveness of its existing workforce, therefore multiplying its capabilities. The incorrect choices are designed to test the student's ability to distinguish between similar terms and concepts in the context of security operations.

Policies that outline employee responsibilities and expected behaviors are examples of directive controls. Directive controls are designed to guide or instruct individuals or systems to ensure compliance with security requirements. They establish guidelines and expectations to influence behavior. Detective controls are intended to identify and detect unwanted events or incidents after they occur. Corrective controls focus on minimizing the impact of a security incident after it has occurred. Preventive controls aim to stop unwanted events from happening in the first place.

Data remanence is the primary risk. If RAM or storage blocks are not sanitized before being reassigned, residual information from the previous VM can persist. A new VM might be able to read that leftover data, exposing sensitive information. While privilege escalation, denial-of-service conditions, and virtual-switch misconfigurations are genuine virtualization issues, none of them directly stem from reusing uncleared resources.