CompTIA Security+ Practice Test (SY0-701)

Periodically restoring data from backup media in a test (or otherwise nonproduction) environment proves that the data can actually be recovered and that the organization's procedures meet recovery-time and recovery-point objectives. Encrypting archives, storing tapes off-site, and scheduling differential backups all improve aspects of confidentiality, availability, or frequency, but none of them confirms that the data can be restored successfully.

End-to-end encryption is necessary for safeguarding data transmitted over an unsecured network. Among the available methods, Internet Protocol Security ensures both the encryption of data and strong key management capabilities through its embedded protocols. Protocols like HTTPS are typically limited to web traffic encryption, rather than a comprehensive solution for all office communications. Methods relying on outdated protocols or suited for specific services fail to meet the security and key management requirements for sensitive data in wide-area corporate environments.

An air-gapped environment is a security measure in which a computer or network is physically isolated from all external networks. With no wired or wireless interfaces connected to outside systems, data cannot enter or leave electronically, creating a strong barrier against remote attacks. Serverless, microservices, and virtualized environments may still rely on network connectivity, so they do not provide the same level of isolation.

A security audit examines logs, configurations, and practices after activities have occurred. Its purpose is to uncover inappropriate actions, policy violations, or anomalies so the organization can investigate and respond. Because it detects events rather than preventing or discouraging them, it falls into the detective control category. Deterrent controls (such as warning signs or visible cameras) strive to discourage wrongdoing, preventive controls block actions outright, and corrective controls minimize damage after an incident.

The correct answer is 'Conducting a security review of the vendor and their products', because ensuring the security of computing resources begins with a thorough evaluation of the vendors and their offerings. This evaluation should cover the vendor's security policies, compliance with relevant standards, and the security features of the products they are providing. Reviewing vendor security practices mitigates the risk of introducing vulnerabilities into the network through third-party products or services. 'Checking compatibility with current systems' is also a step in the process, but it does not directly strengthen security. 'Choosing products with the newest features' or 'Negotiating the lowest cost for products' may be important from a functionality or budget perspective, but they do not necessarily reflect the security posture of the products or the vendor.

Configuring separate VLANs and matching IP subnets on the existing switch infrastructure isolates traffic at Layers 2-3 using software-defined settings. This is a logical segmentation method because it relies on switch port configuration and IP addressing, not on additional physical hardware or cabling. Installing air-gapped systems, dedicating separate switches/cabling, or running a stand-alone dark-fiber link all require new physical infrastructure and therefore constitute physical segmentation.

The best solution is to use a failover cluster combined with a load balancer. A failover cluster, a type of high-availability cluster, ensures service continuity by having redundant servers ready to take over if one fails. A load balancer distributes incoming traffic across the active servers in the cluster, which improves performance and responsiveness. While often used together, virtualization alone on a single server still represents a single point of failure. RAID provides storage redundancy but does not ensure service availability or distribute traffic. SD-WAN is a networking solution for managing WAN connections and is not the primary tool for application-level high availability.

A system image is a copy of the entire state of a system. That image can be used as a way to restore the system it came from to that exact state or it can be copied onto other similar system to bring them all to a uniform state.

The General Data Protection Regulation (GDPR) is a comprehensive data privacy framework that imposes strict rules on data protection and privacy for individuals within the European Union. As it is one of the strictest privacy and security laws in the world, adopting GDPR-compliant policies will likely ensure compliance with a wide range of international data protection standards. The regulation requires businesses to protect the personal data and privacy of EU citizens. Additionally, because the GDPR has extraterritorial applicability, meaning it applies to organizations outside the EU that process data of EU residents, adhering to its standards can help a multinational corporation align with global data protection regulations. The other options are either national and not globally focused (like the Federal Information Security Management Act), industry-specific (such as acts related to shipping port security), or limited in scope with regards to data protection (for example, the United Nations Convention on Contracts for the International Sale of Goods).

A 'something you know' factor is an authentication method based on information that is memorized and provided by the user. A passphrase is a multi-word form of a password and falls under this category. In contrast, a biometric pattern, such as a retina scan, is 'something you are,' and a USB security key is 'something you have.' GPS location data would be categorized under 'somewhere you are,' as it provides information on the user's geographical location.

The correct answer is that the Zero Trust Model assumes that no user, device, or network traffic should be trusted by default, even if it originates from within the network perimeter. This is the fundamental principle of the Zero Trust approach, which shifts away from the traditional "trust but verify" model to a "never trust, always verify" mindset. The other answers, while related to security concepts, do not accurately capture the essence of the Zero Trust Model. Least privilege access and multi-factor authentication are important security practices, but they are not the core defining characteristics of the Zero Trust approach.

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept, what happens to the data at the end of the retention period (archive or destroy) and other factors concerning the retention of the data.

Implementing geofencing within the data management policies is the most effective way to ensure that data does not leave the European Union, as it provides controls that can enforce the physical boundaries set by the regulations. Geofencing uses GPS or RFID-enabled software to trigger a pre-programmed action when a mobile device enters or exits a virtual boundary set up around a geographical location, in this case, the EU. Other options like redundant data storage or encryption do not inherently restrict the transfer of data across geographical lines. Data loss prevention focuses on monitoring and protecting data in use, in motion, and at rest, but does not pertain specifically to geographical restrictions.

An inline device is deployed directly on the network path; all traffic must pass through it. This is ideal for scenarios where traffic analysis and blocking potential threats is necessary. Furthermore, since the device must not be bypassed even if it fails, an inline device must be used instead of a tap or monitor mode, which allows traffic to bypass the device if it fails or is not active.

Smishing combines SMS text messaging with phishing tactics. Attackers craft convincing text messages that appear to come from trusted sources, enticing users to click links or download malicious apps. This can lead to credential theft, malware installation, or other compromises on the victim's smartphone. Whaling targets high-value executives via phishing emails, pretexting invents a scenario to obtain information, and baiting offers something enticing to trick the user, so none of those describe SMS-based attacks.

Business continuity procedures are designed to ensure that an organization can maintain essential functions during, and after, a disaster or major disruption. Their main focus is not solely on IT infrastructure, data protection, or compliance with industry regulations, although these may be components of a business continuity plan. It's important for a business to have a clear strategy that includes processes and procedures to mitigate downtime and ensure operational resilience.

A salt in cryptography refers to a randomly generated value that is added to the password before hashing. The salt is not intended to remain secret; its primary purpose is to be unique for each user's password. This uniqueness prevents attackers from using precomputed tables (such as rainbow tables) to reverse hash values into passwords. It also ensures that even if two users have the same password, their hashed values will be distinct.

The organization is intending to set up a key escrow system. A key escrow refers to a secure process where a third party holds a copy of the encryption key, which can be used to access encrypted data if the user's private key is lost or becomes inaccessible. Using a certificate authority explicitly for encryption does not imply that key escrow services are provided; a certificate authority usually authenticates identities and issues digital certificates. Designating a key recovery agent does not necessarily indicate the use of a key escrow system, as this role is meant for retrieving keys from the escrow but is not the service itself. Full-disk encryption is unrelated to key management or recovery, as it pertains to protecting data at rest and does not encompass storing or handling keys.

Conducting an impact analysis ensures that any potential consequences of a planned change-such as a major network upgrade-are identified and mitigated ahead of time. By analyzing the impact, the organization can recognize security risks, adjust controls, and prepare countermeasures before deployment. While the other choices are valid components of change management, they do not specifically focus on assessing security implications.

The correct answer is 'Insider threat' because the employee who is part of the organization, had access to sensitive data and abused that access to provide information to a competitor, typically for personal gain or due to a grievance. 'Nation-state' would not usually target a company for product designs unless it has national security implications. An 'Unskilled attacker' is less likely to have specific internal knowledge about the organization's confidential projects. 'Organized crime' groups generally target financial gain through more direct means such as extortion or large scale data breaches for credit card information.