CompTIA Security+ Practice Test (SY0-701)

Availability refers to the concept that systems, functions, or data should be accessible when required by the user. High availability systems are designed to be operational and available for use a very high percentage of the time, often through redundant or fault-tolerant components. An 'Air-gapped network' refers to a security measure to physically isolate a computer or network from other networks, including the internet, which doesn't directly pertain to its ability to be available. 'Ease of recovery' is associated with the ability to restore system capabilities or access to data after a disruption, not the continuous availability. 'Real-time processing' refers to the capability of systems to process data as it comes in without delay, which is not exclusively about the system’s ability to be continuously operational and available.

A deterrent control is a control that simply deters from taking an action. The control in no way prevents the action from being taken but is only there to persuade not to. The other choices are other types of controls that serve other purposes.

The IT staff member in this scenario is fulfilling the role of a Data Custodian. Data Custodians are responsible for the technical management and operations of data assets, ensuring that data is properly backed up, secured, and maintained. They implement the policies and controls specified by Data Owners but do not set or decide on those policies themselves.

A Data Owner is typically a senior individual who has authority over and accountability for a specific set of data, making decisions about data classification, access permissions, and policy decisions.

A Data Controller is an entity or individual that determines the purposes and means of processing personal data, often in the context of privacy laws, which is not directly relevant to the described duties.

A Data Processor is an entity that processes data on behalf of a Data Controller, but again, this role is more about processing activities rather than managing and maintaining data assets.

Establishing a facility that is fully prepared and available on-demand, equipped with the necessary resources and operational capability to assume control immediately, is essential for ensuring that there is no perceptible downtime for essential services during a disaster. This aligns with the leadership's priority for maintaining uninterrupted operations. While the other options can contribute to a robust business continuity strategy, they do not directly provide the seamless operational capabilities desired. Aggressive metrics for service recovery time and critical data restoration planning do not secure immediate operational capability and a control center mainly improves coordination, not service continuity.

Hashing is the most appropriate method for storing passwords securely. It converts the password into a fixed-size string of characters that is difficult to reverse-engineer. In the event of a data breach, hashed passwords are not readily usable by attackers, unlike if they were stored in plaintext. Hashing is a one-way function, which is why it is suitable for password storage, as the original password cannot be easily retrieved from the hash during the authentication process or if the hash is compromised.

An Intrusion Detection System (IDS) is the correct answer because it is specifically designed for the passive monitoring of network traffic and alerting when suspicious activities or known threats are detected. Unlike an Intrusion Prevention System (IPS), an IDS does not actively block potential threats; it instead focuses on the detection aspect and relies on others to respond to the threats it identifies. A Firewall controls incoming and outgoing network traffic based on an applied rule set and is not designed solely for the detection of threats. A Load balancer distributes network or application traffic across a number of servers to optimize resource use, maximize throughput, reduce response time, and avoid overload on any one server.

Nation-state actors are the most likely perpetrators of attacks on critical national infrastructure, such as a power grid, where the primary motive is disruption rather than direct financial gain. Their goals are often political, military, or strategic. Organized crime is primarily motivated by financial profit and is less likely to conduct an attack without a clear monetization strategy. While a hacktivist might also have political motivations to disrupt services, they typically lack the high level of resources and sophistication required to successfully attack national critical infrastructure. An insider threat could potentially cause significant disruption, but an attack on a national scale is more characteristic of a well-funded, external actor like a nation-state.

The correct answer is 'Use the Trusted Platform Module (TPM) on the laptops.' A TPM is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. The keys stored in the TPM are used for different security applications, such as disk encryption, which is critical for securing sensitive data on employee laptops. Moreover, the TPM can provide platform integrity verification, enhancing the overall security posture. While an HSM and Secure Enclave can offer secure storage for keys and perform cryptographic operations, they are typically external devices or isolated areas within a CPU, not embedded solutions specifically tailored for endpoint devices like laptops. A Key Management System is more of an overarching system to manage cryptographic keys throughout their lifecycle and does not provide the hardware-level storage necessary for this scenario.

After completing a gap analysis, best practice is to develop a structured remediation plan that prioritizes and assigns actions to close the identified gaps. Implementing individual technologies, rewriting policies, or launching broad training programs before establishing such a plan can waste resources and may not fully resolve the deficiencies discovered.

The Zero Trust Model (ZTM) never assumes trust and always requires verification for anyone trying to access resources, making decisions based on multiple contextual factors such as user location, device security posture, and data sensitivity. This dynamic approach is in contrast to more static models such as Discretionary Access Control (DAC) or Role-Based Access Control (RBAC), which grant access based on predefined policies that do not change in real-time. Mandatory Access Control (MAC) enforces access policies based on classification levels but does not adapt to context after initial access is granted.

The primary function of a hashing algorithm is to take an input (or 'message') and return a fixed-size string of bytes. The output, known as the hash, is typically a digest that represents the original data in a unique way. If the input changes by even a small amount, the hash will change significantly, known as the avalanche effect. The key aspect of a hash function is that it is a one-way function – data can be turned into a hash, but the hash cannot be turned back into the original data, ensuring data integrity. Hashes are broadly used to verify data integrity because they can reveal if data has been altered. This is crucial in many applications, such as verifying the integrity of downloaded files or the storage of passwords.

Security Information and Event Management (SIEM) is the solution that aggregates data from different sources across an organization's network to provide real-time analysis of security alerts generated by applications and network hardware. It helps in identifying suspicious activities that could indicate a security incident and assists with incident response, making it a critical security tool within an organization.

Geographic restrictions are security measures that control where digital information is stored and accessed, ensuring that an organization complies with laws that dictate where data must reside, such as laws that aim to protect personal information by keeping it within certain borders.

The most prudent immediate action is to quarantine the message to prevent any potential harm while maintaining its integrity for further investigation. Initiating a review process entails examining headers, sender information, and URLs using automated or manual procedures without activating any potentially malicious elements. Initiating a company-wide alert may cause unnecessary panic before the threat is confirmed, replying to the sender could lead to further compromise, and shutting down network services is premature and disruptive without evidence of a widespread issue.

Compensating controls are used as a substitute for primary controls when the primary control is not feasible or practical to implement. They provide an alternative way to mitigate risks and achieve the same level of security. For example, if a company cannot afford to implement a firewall (a preventive control), they may use a virtual private network (VPN) as a compensating control to protect their network traffic.