CompTIA Security+ Practice Test (SY0-701)

Attribute-based access control is the correct answer because it is a method that defines an access control paradigm whereby access rights are granted to users through the use of policies that combine different attributes. These attributes can be associated with the user, the resource being accessed, the current time, and even the current environmental conditions. This is different from role-based access control that focuses solely on the roles that users have, discretionary access control which allows owners to define access, and mandatory access control which enforces access based on a centralized policy.

A salt in cryptography refers to a randomly generated value that is added to the password before hashing. The salt is not intended to remain secret; its primary purpose is to be unique for each user's password. This uniqueness prevents attackers from using precomputed tables (such as rainbow tables) to reverse hash values into passwords. It also ensures that even if two users have the same password, their hashed values will be distinct.

A serverless architecture refers to a cloud computing model in which the cloud provider automatically provisions, scales, and manages the infrastructure required to run code. Developers can write and deploy code without worrying about the underlying infrastructure. Traditional cloud services typically require users to manage and scale virtual machine instances, whereas microservices are a design approach to build a single application as a suite of small services, and containers provide a standard way to package code and its dependencies.

Corrective controls are implemented to minimize the extent of damage caused by a security incident after it has taken place. These controls focus on containing the incident, recovering from it, and preventing similar incidents from occurring in the future. Examples of corrective controls include incident response plans, backup systems, and disaster recovery procedures. Preventive controls aim to prevent incidents from happening in the first place, while detective controls identify and respond to ongoing incidents. Compensating controls serve as a substitute for primary controls when they are not feasible or practical to implement.

Corporate owned, personally enabled (COPE) is a deployment model where a company provides devices to their employees. The employee is then able to use the device for company and personal use. This approach helps to protect company data/resources while also providing the employee with the benefit of a device for personal use.

The primary function of a hashing algorithm is to take an input (or 'message') and return a fixed-size string of bytes. The output, known as the hash, is typically a digest that represents the original data in a unique way. If the input changes by even a small amount, the hash will change significantly, known as the avalanche effect. The key aspect of a hash function is that it is a one-way function – data can be turned into a hash, but the hash cannot be turned back into the original data, ensuring data integrity. Hashes are broadly used to verify data integrity because they can reveal if data has been altered. This is crucial in many applications, such as verifying the integrity of downloaded files or the storage of passwords.

Placing NIDS sensors in tap/monitor mode would allow the organization to detect unauthorized activities by mirroring the traffic that flows through the network, without injecting any additional latency or load on the primary network path. This strategy helps ensure network performance is not significantly impacted while maintaining an effective security posture. In contrast, inline mode can introduce latency since traffic must flow through the sensor, and promiscuous mode lacks the capability of real-time traffic replication typical of a tap/monitor setup.

A worm is a type of malware that infects systems by replicating itself and passing from vulnerable system to vulnerable system. It differs from a virus in that it does not need to be executed to infect a system.

Nation-state actors are government-sponsored entities with substantial resources, funding, and high levels of sophistication. They are capable of developing zero-day exploits and custom malware to carry out prolonged cyber-espionage campaigns against critical infrastructure. Their motivations often include espionage, data exfiltration, and gaining strategic advantages over other nations. Other threat actors like organized crime groups or hacktivists typically lack the necessary resources or motivations to conduct such complex and targeted attacks on this scale.

The architect is focusing on ease of deployment, which measures how simple and quick it is to move a system or application into production. Designs that emphasize this attribute rely on automated build pipelines, standardized images, and clear documentation, reducing the risk of human error during releases. Availability gauges whether the service is up and reachable, resilience deals with withstanding and recovering from faults, and scalability concerns the ability to handle increased load. None of those directly capture the simplicity and speed of pushing code into production.

Secure baselines are standard sets of configurations that apply security controls to systems. They provide a reference point for ensuring that systems are configured with an approved set of settings for security purposes. By establishing a secure baseline, an organization can maintain a consistent security posture across all its systems, making it easier to manage and secure them effectively.

The correct answer is credential replay. A credential replay attack occurs when an attacker captures valid credentials (like a username and password) and reuses, or "replays," them to gain unauthorized access to a system. The phishing attack described in the scenario is a common method for obtaining credentials for this purpose. Session hijacking involves stealing an active session token, not static credentials. Cross-site scripting (XSS) is an injection attack that targets other users of a vulnerable website. DNS poisoning is an attack that can redirect users to a malicious site but is not the attack performed with the stolen credentials.

Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.

Recording the source IP address is vital for tracking the origin of network traffic and identifying potential unauthorized access attempts. Knowing where the traffic originates helps determine whether the attempts come from within the organization or from external sources. Without this information, it would be challenging to locate the source of the security threat and take appropriate actions. Timestamps alone are insufficient because they do not reveal the origin. Usernames are important for application or authentication logs but are not typically present in raw network traffic logs. The total amount of data transferred may indicate exfiltration but is less specific to detecting access attempts.

Endpoint protection software's role as a system hardening technique is to enhance the security of individual devices within a network by providing a combination of various security measures against threats such as malware, exploits, and unauthorized access attempts. It typically includes functionalities like antivirus, antimalware, and personal firewalls. The correct answer encapsulates these capabilities. The incorrect answers either misrepresent the scope of endpoint protection or attribute unrelated functions to it.

Establishing a facility that is fully prepared and available on-demand, equipped with the necessary resources and operational capability to assume control immediately, is essential for ensuring that there is no perceptible downtime for essential services during a disaster. This aligns with the leadership's priority for maintaining uninterrupted operations. While the other options can contribute to a robust business continuity strategy, they do not directly provide the seamless operational capabilities desired. Aggressive metrics for service recovery time and critical data restoration planning do not secure immediate operational capability and a control center mainly improves coordination, not service continuity.

Asymmetric key cryptography, also known as public-key cryptography, is the correct answer because it uses a pair of keys for encryption and decryption-a public key and a private key. Symmetric key cryptography uses a single, shared key for both encryption and decryption. Hashing creates a fixed-size, non-reversible output and is used for integrity, not for encrypting and decrypting data. A block cipher is an algorithm that encrypts data in fixed-size blocks; it describes the method of encryption rather than the key management scheme and is commonly used in symmetric encryption.

The team is most likely implementing technical controls in the form of email security technologies, such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These technologies help to verify sender identities and assess the trustworthiness of the emails, acting as preventive controls to stop phishing attempts before they reach the employees.

Role based access control (RBAC) is an access control scheme that controls access and permissions by assigning them based on roles. Individuals are assigned roles which grants them the permissions and access assigned to that role(s).

Due diligence is the correct answer because it encompasses a comprehensive appraisal of a business, its assets, capabilities, and financial performance before the company enters into an agreement or contract. It is a preventative measure essential for assessing different angles of potential risk, including operational, financial, legal, and compliance aspects. Vendor selection, while important, comes after due diligence has been performed. Right-to-audit clauses and vendor monitoring are parts of the ongoing management and oversight post-engagement, not pre-engagement processes.