CompTIA Security+ Practice Test (SY0-701)

Digital signatures use asymmetric encryption to associate a sender's identity with a document uniquely. This provides non-repudiation by ensuring that the sender cannot deny authoring the document, and the recipient can verify its authenticity. Strong authentication verifies user identities but does not prevent users from denying their actions. Hashing ensures data integrity but does not link actions to specific users. Encryption protects data confidentiality but does not provide proof of the sender's identity.

The principle of least privilege is a security concept where a user is given the minimum levels of access, or permissions, needed to perform his or her job functions. This principle limits the access rights for users to the bare minimum necessary to perform their work. This helps to reduce the attack surface and minimize the potential for misuse of high-level access rights. The other options are incorrect because 'Complete autonomy' refers to having total independent control which does not limit permissions, 'Access all areas' typically implies no restriction on access permissions, and 'Permission auditing' is a process of reviewing permissions, not assigning them.

A Security Information and Event Management (SIEM) system is the most appropriate solution. SIEM platforms are specifically designed to aggregate log data from diverse sources, normalize it, and use correlation rules to identify security threats and generate alerts in real-time. Patch management agents are used for deploying software updates, a network traffic analyzer focuses on packet-level data rather than system or application logs, and while a next-generation firewall is an important source of logs, it does not aggregate and correlate logs from other systems across the enterprise.

The correct answer is Attack surface. The attack surface encompasses all possible points where an attacker could attempt to access or extract data from a system. By identifying and minimizing the attack surface, organizations can reduce the risk of security breaches.

• Security perimeter refers to the boundary that separates the protected environment from the outside world.
• Defense in depth is a layered security approach that implements multiple security measures.
• Risk exposure pertains to the potential loss resulting from threats exploiting vulnerabilities, not the vulnerabilities themselves.

Enabling WPA3 on wireless access points ensures that the wireless communication is encrypted, providing confidentiality and integrity for the data transmitted over the air. WPA3 is currently the strongest form of wireless security generally available, which protects against unauthorized access and eavesdropping.

Risk threshold sets the measurable boundary between acceptable and unacceptable risk. When exposure rises above this threshold, the organization must treat, transfer, avoid, or otherwise address the risk.

• Risk appetite is the broad, overall level of risk an organization is willing to pursue or retain.
• Risk tolerance defines the amount of variation from objectives that can be absorbed for individual risks.
• A key risk indicator (KRI) is a metric that signals increasing or decreasing risk but does not set the boundary itself.

A self-encrypting drive (SED) contains dedicated hardware in its controller that automatically encrypts every bit of data written to the disk and decrypts it transparently when read. Because the cryptographic operations occur on the drive itself rather than through the host CPU or software, the entire contents-including the operating system, applications, and user files-remain fully encrypted at rest. The other options do not provide built-in, hardware-level full-disk encryption.

The Rules of Engagement (ROE) document is essential for outlining the specific parameters of a penetration test. It details the scope (what will and will not be tested), the methods to be used, testing timelines, communication protocols, and other constraints to ensure the test is conducted safely and legally. An Acceptable Use Policy (AUP) governs how an organization's employees may use its IT resources and is not intended for external vendors conducting security tests. An Interconnection Security Agreement (ISA) is a document that defines the security requirements for connecting the IT systems of two different organizations on an ongoing basis. A Master Service Agreement (MSA) is a high-level contract that establishes the general terms for a long-term business relationship with a vendor, while the specifics of a single project like a penetration test are detailed in a Statement of Work (SOW), and the testing conduct itself is governed by the ROE.

Maintaining an accurate and regularly updated inventory list helps an organization track its assets and detect unauthorized devices quickly. In the event of a security breach, knowing exactly what hardware and software assets exist, as well as who is using them, allows for faster identification of potentially compromised systems. Such a list would also be invaluable during incident response to ensure that responders can quickly assess the full scope of an incident.

Account lockout policies are specifically designed to prevent brute force attacks by locking an account after a certain number of failed login attempts. This directly mitigates the risk by stopping the attacker from continuously trying different password combinations. Using longer passwords increases the difficulty of success for an attacker but does not block continuous attempts. Frequent password changes can be counterproductive as they might lead to weaker password choices by users. Monitoring for failed logins is a reactive measure which helps in identifying that a brute force attack may be occurring but does not prevent it.

The risk register is not a static list created once and forgotten. It is a living document that should be reviewed at defined intervals (for example, during regular risk reviews, project milestones, or after significant environmental changes) even if no new risks have been detected. Regular updates allow the organization to record changes in likelihood or impact, document mitigation efforts, retire risks that are no longer relevant, and add emerging risks. Updating only when a new risk is discovered-or worse, after a risk materializes-fails to keep decision-makers informed of the current risk landscape.

Honeytokens are uniquely crafted bait elements embedded within data systems to detect unauthorized access. They can be any type of data, such as fake records or credentials, that appear legitimate but are monitored for interactions. When a honeytoken is accessed or used, it triggers an alert, allowing the security team to identify and respond to potential security breaches. While a honeyfile is a specific type of honeytoken in the form of a file, using honeytokens provides a broader approach, not limited to just files. Honeypots and honeynets involve setting up decoy systems or networks, which are more suited for detecting external attackers rather than monitoring interactions within data repositories.

Sanitization is the correct answer because it includes processes such as wiping, degaussing, or physically destroying storage media to prevent the reconstruction of data. Degaussing is not suitable for solid-state drives (SSDs), and a simple format is often incomplete as it may leave data recoverable with the right tools. Therefore, for secure decommissioning, sanitation procedures that are appropriate for the media type must be used.

This scenario describes a phishing attack, which is a form of social engineering where attackers masquerade as a trustworthy entity in an email to distribute malicious links or gather sensitive information like login credentials. The described situation fits the classic pattern of a phishing attempt through email, exploiting the credibility of 'system maintenance' to deceive employees into providing their information. It is not a vishing attack because that involves using phone calls to obtain confidential information. Smishing attacks involve the use of SMS texts, not emails. While typosquatting could be used in conjunction with phishing, it specifically involves registering domains that are slight misspellings of legitimate company domains and there is no mention of this detail in the scenario.

Load balancing is the appropriate solution for distributing incoming network traffic across multiple servers, which prevents any single server from becoming overwhelmed. This directly addresses the scenario where all traffic is hitting one server. Failover clustering is a high-availability technique where a redundant server takes over if the primary server fails, but it does not inherently distribute traffic across multiple active servers. Network segmentation is used to divide a network into smaller, isolated zones for security and traffic management, not for distributing load to servers. A software-defined wide area network (SD-WAN) is a technology for managing and optimizing WAN connections between sites, not for distributing application load within a data center.

Patch availability is important because patches are released to fix security vulnerabilities and bugs in software, improving the security posture of the system. According to CISA, attackers may target vulnerabilities for months or even years after updates are available, so installing patches as soon as possible is critical. Without timely patch deployment, systems can remain susceptible to exploits and attacks.

The correct answer is that the device becomes more susceptible to malware. Jailbreaking removes the operating system's built-in security features, such as sandboxing and code signing, which are designed to protect the device and its data. This allows unvetted applications from third-party sources to be installed, which can contain malware or exploit the elevated privileges gained through jailbreaking. While voiding the warranty is a likely consequence, it is a support issue, not the primary security risk. Jailbreaking can sometimes lead to system instability and crashes rather than a guaranteed performance enhancement. Furthermore, jailbreaking prevents the installation of official OS updates, which include critical security patches, making the device less secure over time.

Under the shared-responsibility model, duties move up the stack as you transition from IaaS to SaaS:

• IaaS: The customer controls and secures the guest OS and anything above it, including the application code.
• PaaS: The provider secures the underlying OS and runtime, but the customer still secures any applications they develop and deploy on the platform.
• SaaS: The provider operates and patches the application itself, while the customer focuses on data protection, identity, and configuration. Therefore, the most accurate statement is that responsibility varies by service model: the customer handles the application layer in IaaS and usually in PaaS, whereas the provider handles it in SaaS.

Systems that cannot be patched are at a higher risk of being exploited as they cannot receive updates to fix known vulnerabilities. This leaves these systems exposed to potential attacks that exploit these unpatched vulnerabilities. Keeping systems up-to-date with the latest patches is crucial in protecting against known threats. While answers involving obsolete technology or the cost of replacement might seem relevant, they do not directly address the primary security risk which is the susceptibility to exploitation.

A multinational enterprise must comply with the data-protection and information-security laws of every jurisdiction in which it operates or whose residents' data it processes. Regulations such as the EU GDPR expressly apply to organizations outside the EU if they offer goods or services to, or monitor the behavior of, people in the EU; similar extraterritorial or local rules exist in many other regions. Limiting compliance to the headquarters country, data-center location, or voluntary standards would leave the organization exposed to fines, legal action, and reputational damage.