CompTIA Security+ Practice Test (SY0-701)

Whaling is a type of phishing attack that targets high-level executives with the purpose of stealing sensitive information from a company. The term 'whaling' is used because it refers to going after the 'big fish' or high-value targets within an organization. Unlike typical phishing attacks, whaling emails are highly customized and often include specific details relevant to the target to make them appear more legitimate.

Operational controls are focused on the day-to-day operations and tasks related to security management. This includes activities such as incident response, which involves detecting, analyzing, and responding to security incidents; change management, which ensures that changes to systems and processes are properly authorized, tested, and documented; and access controls, which regulate who can access specific resources and under what conditions. While the other options are important aspects of security, they are not the primary focus of operational controls.

A false positive occurs when a security system incorrectly identifies benign activity as a threat. In this scenario, the system erroneously flagged normal network traffic as potentially malicious, which is a classic example of a false positive. It is crucial for security analysts to recognize and address false positives to avoid unnecessary responses to non-threatening activities.

User provisioning automates the creation of user accounts and the assignment of appropriate access rights, effectively streamlining the onboarding process. While ticket creation can help manage access requests, it does not automate the provisioning itself. Continuous integration and testing are related to software development practices, and security groups organize users but do not automate access provisioning.

The legal principle known as the 'Right to Be Forgotten' empowers individuals to have their personal data removed from the records of an organization, particularly when it is no longer necessary or pertinent. This principle is an important aspect of privacy law in many jurisdictions and requires organizations to take action upon such requests, subject to certain conditions and exceptions. The term 'Data Retention' refers to the policies that establish how long data should be kept before disposition, which is a separate topic. 'Data Sovereignty' describes the legal implications of data being subject to the laws of the country where it is stored, which does not deal directly with data removal requests by individuals. Lastly, 'Information Custodian' pertains to the roles and responsibilities associated with the protection and care of data, which does not entail an individual's right to request deletion.

Typosquatting relies on users making mistakes while typing a URL, leading them to land on a malicious site that mimics a legitimate one. Once the user visits the fake website, the threat actor can execute various malicious activities including malware infection. Incorrect spelling variants in URLs are a hallmark of this technique, therefore, visiting a website with a misspelled URL that resulted in these symptoms indicates a typosquatting attack. Misdirecting and phishing attempts, while also deceptive, typically involve more direct interaction, such as fake emails or links, not the accidental misspelling of a URL. Similarly, domain kiting and domain slamming are related to domain registration practices, not user typos.

Firewall logs typically contain information on both inbound and outbound traffic. This information is useful for detecting both types of intrusion attempts, as inbound logs could show unsolicited incoming connections that might be indicative of an attack or reconnaissance activity, while outbound logs can help in identifying potentially compromised systems reaching out to malicious hosts or command-and-control servers. The statement is false because firewall logs are not exclusively for outbound traffic and are indeed significant for detecting inbound threats as well.

Risk mitigation is the process of using security controls/countermeasures in reducing risk exposure and minimizing the likelihood of an incident.

This type of malware is called Ransomware. It holds data or information ransom until a fee is paid after which point it will return the information or data (or so it says...). Based on the information available in the question this is the only conclusion we can make. It is possible as the CEO of the company they were targeted specifically via social media (spear phishing) but there isn't definitive evidence of this yet.

The correct answer is resource reuse. This vulnerability occurs when a resource, such as a physical memory block, is not properly sanitized before being reallocated. In this scenario, remnants of the sensitive financial data could remain in memory (a concept known as data remanence) and become accessible to the next VM that uses that same memory space. VM escape is an attack where a process breaks out of a VM and interacts with the host OS, which is a different threat. Buffer overflow and race conditions are application-level vulnerabilities and are not the primary concern related to sanitizing shared hardware after deprovisioning a VM.

Single Sign-On (SSO) is the appropriate authentication method because it enables users to authenticate once and gain access to multiple applications without re-entering credentials. This streamlines the login process and enhances user experience while maintaining security. Multifactor Authentication (MFA) increases security by requiring multiple authentication factors but does not allow access to multiple systems without additional logins. Federated Identity Management allows sharing of identity information across different organizations or domains, which may not be applicable here. Biometric Authentication uses unique physical traits for identity verification but doesn't provide access to multiple systems with a single authentication.

A Gateway in the context of enterprise network security primarily acts as a point of access or exit between two networks, often controlling data traffic between an internal network and the internet or another external network. It manages the flow of data and can provide security functions like filtering, monitoring, and routing to ensure secure and efficient data transmission.

When a product reaches end-of-support, the vendor no longer supplies security patches. Any newly discovered vulnerability therefore remains permanently unpatched, leaving the system open to exploitation. This lack of patching-not power consumption, lost features, or self-protective shutdowns-is the primary security risk. Compensating controls such as network isolation can help, but they do not eliminate the root issue.

Requiring passwords to be long and include a combination of uppercase letters, lowercase letters, numbers, and special characters significantly increases their complexity, making them harder to guess or crack. Allowing password reuse or limiting password age does not directly enhance password strength and can lead to weaker security practices.

A honeypot is an intentionally vulnerable, stand-alone system or service that appears legitimate to threat actors. Any interaction with it is automatically suspicious, allowing defenders to record, analyze, and learn from attacker activity without exposing production assets. A honeynet is a larger collection of multiple honeypots that emulates an entire network. A honeyfile is a single decoy document placed to detect unauthorized access, and a honeytoken is a small piece of fake data (such as bogus credentials) embedded in real systems for the same purpose. These alternatives are also forms of deception, but none of them is a single decoy system.

In a watering hole attack the attacker infects a website that is known to be commonly used by an organisation or industry. For example a specific industry news site to attack a business in that industry or the entire industry in general. With the knowledge that users frequent the website the attackers are able to target them with malware and if the attack is successful to install malicious software.

Asymmetric key cryptography, also known as public-key cryptography, is the correct answer because it uses a pair of keys for encryption and decryption-a public key and a private key. Symmetric key cryptography uses a single, shared key for both encryption and decryption. Hashing creates a fixed-size, non-reversible output and is used for integrity, not for encrypting and decrypting data. A block cipher is an algorithm that encrypts data in fixed-size blocks; it describes the method of encryption rather than the key management scheme and is commonly used in symmetric encryption.

A content filter is a security control used to block or restrict access to certain websites and/or emails based on their content. This is frequently used by companies to protect the network from malicious sites, prevent phishing attempts, and enforce acceptable use policies by blocking access to unauthorized content. While a DLP system also inspects content, its primary focus is preventing data exfiltration, not blocking inbound access. IDS is a detection-only control, and while an IPS can block traffic, it is primarily focused on blocking malicious activity and exploits, whereas a content filter is policy-based for blocking specific categories of content.

A hot site is a fully equipped backup facility that is operational and ready to activate immediately after a disaster. It maintains up-to-date copies of data, hardware, and software, allowing an organization to resume normal operations rapidly. Warm sites are partially equipped and require additional time to become fully functional, while cold sites have only the basic infrastructure and need significant time to set up equipment and restore data.

The Owner of the data is responsible for making decisions about the data, establishing control mechanisms, and determining data classification levels. They are accountable for ensuring that the data is properly protected and used in compliance with legal and organizational requirements. The Processor is responsible for processing data on behalf of the Controller as per their instructions. The Custodian (also known as the Steward) is responsible for maintaining and protecting the data assets on a day-to-day basis. The Controller determines the purposes for which and the means by which personal data is processed but may not own the data or the process.