CompTIA Security+ Practice Test (SY0-701)

Dynamic analysis involves examining the behavior of an application at runtime. It is more practical and comprehensive for understanding how an application behaves with various inputs in real-time, which is essential for discovering a wide range of potential security issues, including the ones that only arise when a program interacts with an operating system or other applications.

A soft authentication token is a software-based mechanism-usually an app installed on a user's smartphone, tablet, or computer-that generates one-time authentication codes. Because it exists purely in software on a device the user already owns, it contrasts with hard tokens (physical devices), biometrics (inherent user traits), and digital certificates (used mainly to establish secure sessions rather than generate one-time codes).

802.1X authentication provides a method for network devices to authenticate users or devices before allowing them access to the network, which can be effective against unauthorized devices but doesn't address address flooding attacks. Switch port security is indeed the right feature for limiting access to a switch port to a specific number of known devices, thereby preventing both unauthorized network access and mitigating address flooding attacks, which occur when a network device is overwhelmed with data from multiple unknown devices. While a captive portal can restrict access through a web page, it does not inherently prevent device-level access attacks, and DHCP snooping is a security feature that monitors and filters DHCP traffic, which is unrelated to direct switch port security measures.

The concept of 'Threat Scope Reduction' involves implementing measures to minimize the number of potential threats to an information system. This could mean reducing the attack surface by closing unnecessary ports, limiting the functionality and access rights to only what is strictly needed, and segmenting the network to limit potential lateral movement by an attacker. The idea is to reduce the number of vectors or paths an attacker can exploit, thus minimizing the overall potential for a security breach.

Managerial security controls include policies and procedures used in the management of security controls and programs.

Wireless networks are particularly susceptible to eavesdropping because the data is transmitted over radio waves, which can be intercepted by unauthorized individuals if the network is not secured. Encryption ensures that even if data is intercepted, it cannot be understood without the correct decryption key. Wired networks, while they can also be vulnerable to other forms of interception, do not broadcast data through the air and therefore are generally not susceptible to eavesdropping in the same way as wireless networks. Bluetooth networks also use radio waves but on a more limited range and are typically used for connecting devices over short distances, while NFC is used for very short range communication such as contactless payments.

Changing the default credentials of a new device is critical to securing it from unauthorized access, as default usernames and passwords are often well-known and easily guessable, making devices with unchanged credentials an easy target for attackers. Updating the device's firmware is important, but it would still be susceptible to attack if the default credentials are left unchanged. While monitoring network traffic and conducting regular security audits are important security practices, they would not prevent an attacker from exploiting default credentials.

A hot site is a fully equipped and continuously synchronized duplicate of the primary environment. Because systems and data are already online and up-to-date, operations can shift to the hot site almost instantly, resulting in minimal downtime. Warm sites have some equipment in place but require additional configuration and data restoration, so recovery takes longer. Cold sites provide only basic facilities with no preinstalled systems, leading to the slowest recovery. Offsite tape backups offer data protection but no ready-to-run infrastructure at all.

The best initial approach when performing penetration testing in an environment with no prior knowledge of the organization's security posture is to refer to the Rules of Engagement. These rules define the scope, boundaries, and methods approved for the testing, ensure legal and ethical compliance, and minimize the risk of unintended disruptions to business operations. Simply starting with passive or active reconnaissance without established engagement parameters could lead to legal issues, overstepping authorized boundaries, and potentially causing unintended harm to the target environment. Properly outlined Rules of Engagement ensure that the penetration test is performed ethically, legally, and within the parameters agreed upon by all parties involved.

Managerial controls, such as security policies and risk management, provide the framework and guidelines for implementing technical controls. Technical controls, like firewalls and encryption, are the tools used to enforce the policies and procedures established by managerial controls. Managerial controls do not replace the need for technical controls, but rather work in conjunction with them to create a comprehensive security strategy. While managerial controls can help prevent incidents, they are not solely responsible for incident prevention, as that requires a combination of various control types.

This scenario is a classic example of disinformation, which is the deliberate creation and distribution of false or misleading information with the intent to deceive and mislead audiences. The objective is often to influence public opinion or obscure the truth. Disinformation is different from misinformation, which is the sharing of false information without the intent to deceive, often due to a lack of knowledge or understanding. Other options like 'Phishing' and 'Hacking' involve direct technical attacks or deception to extract sensitive information, which is not the case here, and 'Whaling' is a specific type of directed phishing targeting high-profile individuals.

Updating the Information Security Policies to include state-specific compliance requirements ensures that the organization adheres to local data privacy laws. This adjustment aligns the company's policies with the legal obligations of the new region, mitigating the risk of non-compliance.

Attestation involves creating a secure baseline of system components which are then compared against current system measurements to verify integrity. The verification step compares the current state against a set of known good values (trusted baseline) that could include measurements from binary files, configuration settings, or patches. Remote attestation extends this concept by allowing a system to report its state to a remote verifier. Hashing system files at startup and sending them to a central server compares current file states against known good hashes, but it is not specifically considered remote attestation which implies a challenge-response mechanism between a local and remote entity. Remote wiping a device and BIOS password protection are security controls to prevent unauthorized access and do not attest to the current state of the system's hardware or software.

Employing a biometric authentication system increases security by requiring personal physical attributes, making it significantly more resistant to systematic guessing and unauthorized entry compared to numerical access codes. Updating numerical access codes intermittently can temporarily prevent unauthorized access but does not inherently improve resistance against a focused attack. An audible alert after a set number of failed attempts might deter but not prevent an intruder who can still continue to attempt access. Video surveillance, although useful for monitoring and recording, does not in itself prevent unauthorized access.

Storing information with a 'Restricted' classification in a secure, access-controlled environment ensures that only authorized personnel with the necessary clearance or permissions have access to that data. Keep in mind the question is regarding physical access to the data. While encryption, logging, and secure disposal are important for the overall security posture, they do not inherently restrict access to the data to the appropriate individuals.