CompTIA Security+ Practice Test (SY0-701)

A tabletop exercise is a discussion-based activity where members of an organization, including IT and management teams, analyze and resolve hypothetical situations. This type of training is valuable as it allows team members to think through the policies, procedures, and roles they would play during a real event without the pressure of an actual emergency. Such exercises are critical for improving an organization's incident response and establishing a culture of security awareness. They differ from simulations, which are hands-on practices that often involve the actual use of technology to respond to a mock incident, and from fire drills, which are physical evacuation practices.

The malware found is a Keylogger. It records the input typed by the user and in this case recorded user account credentials (username and password). Situations like this are common when companies allow Bring Your Own Device (BYOD) as network administrators have very limited control over devices not owned by the company.

Implementing an automated testing and deployment process for software fixes ensures that updates are applied promptly after being validated, reducing the window of exposure to known vulnerabilities while minimizing disruptions to operations. Scheduling annual security assessments is important but too infrequent to address vulnerabilities in a timely manner. Discontinuing the use of software that requires frequent updates is impractical and may hinder business functions. Restricting user permissions enhances security but does not directly address the prompt application of fixes to known vulnerabilities.

Immediately disabling the former employee's logical accounts (usernames, passwords, tokens) and collecting their physical access devices (badges, keys) eliminates the opportunity for the individual-or anyone who might obtain those credentials-to access company resources. Delaying revocation, leaving badges in circulation, or waiting for a periodic review extends the attack window and violates best-practice guidance in NIST SP 800-53 PS-4 and ISO 27001 Annex A 9.2.6.

The consideration of 'Cost' in high availability systems refers to the overall expenses associated with ensuring that services and systems are continuously operational. This includes the initial financial investment for equipment, software, redundancy mechanisms, as well as ongoing operational costs such as maintenance, upgrades, and utility expenses. It's essential to balance these costs against the benefits of increased availability and the potential impact of downtime on the business.

The most compelling reason to choose an agentless monitoring approach is that it provides compatibility across a variety of systems, which is particularly important in an environment that contains both newer and older systems. Agentless solutions generally rely on standards-based protocols present in many operating systems, allowing them to integrate smoothly with older legacy systems which might not support newer agent-based tools. While other answers may present valid points for using agentless solutions, they do not focus on the specific need for compatibility with older systems. Answers mentioning minimization of network traffic or inherent security are less specific to the given scenario, and while reduced maintenance is advantageous, it is not the primary concern in a mixed system environment.

Governance committees (often called security or cybersecurity steering committees) exist to set the information-security strategy, approve or endorse policies, and provide ongoing oversight and guidance to ensure the program aligns with business objectives and risk appetite. They do not perform hands-on technical work such as configuring devices, staffing the SOC, or running vulnerability scans; those tasks belong to operational teams.

Issuing temporary access badges to the contractors acts as a compensating control, substituting for the primary control of smart cards. The temporary badges could use a barcode, or have a picture and name of the individual that can be verified by security personnel. This allows secure access while maintaining security protocols. Other options either do not address the immediate need or compromise security standards.

Because the company processes personal data of EU residents, California residents, and Brazilian employees, it falls under the extraterritorial scopes of the GDPR, CCPA/CPRA, and Brazil's LGPD. Building one privacy framework that satisfies the strictest overlapping requirements (for example, GDPR's consent rules, LGPD's data-subject rights, and CCPA opt-out mechanisms) and applying it globally reduces complexity and the risk of missing a jurisdiction-specific obligation. Limiting compliance to U.S. federal laws ignores extraterritorial statutes; maintaining separate policies for each location is error-prone and resource-intensive; relying solely on consent pop-ups fails to address breach-notification, security, and data-subject access requirements.

A system that has the ability to not only monitor network activities for malicious actions but also take proactive measures to interrupt or stop these activities serves as a protective mechanism against threats. This is the essential function of an Intrusion Prevention System, which is what separates it from similar systems that only detect and alert but do not take preventative actions.

The correct answer is 'Shared Responsibility Model.' This model is essential in cloud computing as it clearly outlines what security controls are the responsibility of the cloud service provider and what controls are the responsibility of the customer. Understanding this division is key to maintaining security in a cloud environment.

This scenario illustrates a race condition, where the attacker exploits the timing discrepancy between checking the account balance and processing the withdrawal. By initiating multiple withdrawals in quick succession, the attacker takes advantage of the window where the balance hasn't been updated yet.

An Acceptable Use Policy (AUP) defines what users are and are not allowed to do with the organization's IT assets. This is crucial for maintaining the integrity and security of an organization's infrastructure.

The correct procedure is to submit the patch to the organization's formal change management process. This ensures the change is properly documented, tested, approved, and scheduled for deployment in a controlled manner, minimizing the risk of introducing new issues or causing an outage. Deploying directly to production is risky and bypasses critical security checks. While the issue is a vulnerability, initiating a full incident response plan is typically reserved for active breaches or more critical threats, not for the standard deployment of a patch for a minor flaw. Starting a completely new SDLC is unnecessary overhead for a patch, as patching is part of the maintenance phase of the existing lifecycle and is governed by change control.

Process hollowing starts a legitimate process (for example, explorer.exe) in a suspended state, removes (unmaps) the original code from its address space, writes the attacker's payload into the now-empty memory region, adjusts the thread context to point to the malicious entry point, and then resumes the thread. Because the process appears to be a normal signed executable, many security tools that only inspect new process creation events can be bypassed. DLL injection (choice B) and IAT hooking (choice C) modify a running process in different ways, while in-memory obfuscation (choice D) changes how code is stored, not where it runs.