CompTIA Security+ Practice Test (SY0-701)

A collision attack specifically targets the collision resistance property of a hash function: it tries to generate two distinct inputs that yield the same hash value. Discovering two different files with an identical digest is the textbook symptom of such an attack.

Why the others are wrong:

• Birthday attack: Although it exploits the birthday paradox to find a collision faster, it does not fit the scenario where a collision has already been observed.
• Downgrade attack: Forces parties to use a weaker algorithm or protocol version; it does not involve identical hashes for different inputs.
• Replay attack: Captures and reuses valid authentication data but does not manipulate hash functions or create identical digests.

Surveillance cameras are a common physical control used to provide visibility into the security of premises, allowing the detection of unauthorized or unusual activity without engaging in physical confrontations. They act as both a deterrent and a means to gather evidence. Bollards are designed to stop vehicles, not for surveillance purposes. Keypad door locks are access controls but do not necessarily provide visibility or detection of unauthorized entry. A mantrap controls access to secure areas but generally does not provide visibility of the area beyond its confines.

'Security token' is the correct answer because it is a physical device that the user possesses and uses to gain access to an information system or secure area. In the context of multifactor authentication, 'something you have' refers to a physical object the user must possess, such as a smart card, a hardware token, or a phone with an OTP app. The incorrect options 'Fingerprint' and 'Password' are 'something you are' and 'something you know' factors, respectively, which do not fit the 'something you have' category. 'Voice recognition' is part of biometric authentication, which also falls under 'something you are' since it uses your unique biological characteristics for identification.

Implementing the Online Certificate Status Protocol (OCSP) allows clients to check the validity of certificates in real-time by querying the certificate authority's OCSP responder. This provides immediate feedback on whether a certificate is valid or has been revoked. A Certificate Revocation List (CRL) is a list of revoked certificates that clients can download, but it is updated periodically and may not reflect the most recent revocations, leading to potential delays in detection. Self-signed certificates are not issued by a trusted certificate authority and do not facilitate real-time validation by clients. A Certificate Signing Request (CSR) is a request sent to a certificate authority to obtain a new certificate and is unrelated to checking the validity of existing certificates.

RSA uses mathematically linked public and private keys to encrypt or sign data, making it an asymmetric algorithm. The other listed algorithms-AES, Blowfish, and RC4-are all symmetric ciphers that rely on the same shared key for both encryption and decryption.

Patches are essential for correcting security vulnerabilities and other bugs within systems and software. Timely application of patches is necessary to protect against exploitation by cyber threats, which can compromise the integrity, availability, and confidentiality of organizational data and resources. Organizations need to maintain awareness of patch releases and implement them to mitigate vulnerabilities as soon as possible.

Implementing DLP systems enables the organization to prevent certain types of sensitive data from being sent outside the corporate network, which directly addresses the concern of accidental data leakage mentioned in the scenario. While training on policy and the review of existing procedures may help reduce incidents, they are reactive measures that don't offer the technological prevention that DLP systems do. Role-based access controls are essential for limiting data access but would not necessarily prevent data from being sent to unauthorized recipients.

Disabling unnecessary services on a new employee's account ensures that they only have access to the resources required for their role. It is a best practice in the principle of least privilege, reducing the attack surface by limiting possible entry points for threats. Enabling additional privileges, granting administrative access, or disabling unrelated features does not address the specific need to restrict access to network resources for the new employee.

To calculate MTBF, divide the total operational time by the total number of failures. The total operational time over the 2-year period is 17,520 hours, and there were 4+2=6 outages. Therefore, the MTBF is 17,520 hours / 6 outages = 2,920 hours. Accurate calculation of MTBF is essential for gauging the reliability of equipment and scheduling maintenance to minimize downtime.

Allocating time-restricted access tokens ensures that the auditors have temporary access to the necessary resources, and these tokens automatically expire after the designated period, aligning with the security policy of minimum necessary privileges and immediate expiration post-audit. API keys or permanent account credentials do not offer the same level of temporary access and can potentially remain active beyond the requirement, posing a security risk. Shared credentials are inherently insecure as they do not provide individual accountability and can be easily misused.

A Non-Disclosure Agreement (NDA) is specifically designed to legally bind parties to keep shared sensitive information confidential. While other agreements like Service-Level Agreements (SLA), Master Service Agreements (MSA), and Memorandums of Understanding (MOU) address different aspects of vendor relationships, the NDA focuses on confidentiality.

Information security policies are most essential for establishing a security governance framework that aligns with business objectives and risk management strategies. They set the overall direction and implement controls across the organization in line with its risk appetite, compliance requirements, and business goals, and they provide a formal framework for staff to understand their responsibilities.

A configuration audit specifically assesses configurations against established security baselines and policies, ensuring that systems are compliant with the required security settings. This would detect deviations in access control policies and configurations from the standard across servers. A performance audit, while it assesses the efficiency and effectiveness of an organization's processes, would not focus solely on security settings and policies. A financial audit is concerned with the financial accounts and transactions of an organization, and while an operational audit evaluates the operational aspects of an organization, it does not concentrate on access control policies and system configurations to the extent necessary for the given task.

A warm site is a type of disaster recovery site that has the necessary hardware and connectivity in place but doesn't have client data continuously updated. This means that, in the event of a disruption, a warm site may require some time to restore recent backups and configure systems to become fully operational. It offers a middle ground between the immediate availability of a hot site and the lack of infrastructure of a cold site.

802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. By using 802.1X, network access can be controlled at the port level and, with the proper backend support through RADIUS or a similar authentication server, VLANs can be assigned dynamically based on user identity, which is the requirement in this scenario.