CompTIA Security+ Practice Test (SY0-701)

Data that isn’t active and is on a storage media is considered data at rest.

Group Policy is used to control the working environment of user and computer accounts. It provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment. By using Group Policy, administrators can specify settings for groups of users and computers, ensuring consistency and compliance with security policies. Other options, while related to domain environments, do not accurately describe the primary function of Group Policy.

Phishing simulations are a practical method of testing employees' abilities to recognize and respond to social engineering attacks. This type of simulation provides actionable insights by creating realistic scenarios similar to actual phishing attempts, without the associated risk. This helps measure the effectiveness of the training and identifies areas where additional training may be necessary. Answer options like 'Unannounced network scans' and 'Publishing quarterly newsletters' are less direct and less effective methods of assessing the specific understanding of recognizing social engineering attacks. Although helpful in a broader security context, they do not directly test the application of the training content. 'Including a quiz at the end of the training session' can validate immediate retention but does not measure long-term understanding or practical application in an actual work environment.

Ransomware is characterized by its ability to encrypt files on infected systems and subsequently demand payment for a decryption key, often leading to monetary loss for affected users and organizations. Worms are typically standalone malware that replicate themselves to spread to other computers, without the need for user interaction, but do not demand ransom for recovery. Trojans are malicious programs that disguise themselves as legitimate software but do not have the self-replicating ability of worms or the specific extortion function of ransomware. Viruses, like worms, can self-replicate and spread, but they usually require some form of user action to initiate and may or may not include ransomware characteristics. The correct answer is ransomware because it best fits the criteria of encrypting files and demanding payment.

The correct answer highlights the primary risk of deploying patches without prior evaluation. Untested patches can introduce new bugs, create software or hardware incompatibilities, and cause system instability, which may lead to significant operational disruptions and downtime. While other concerns like bandwidth consumption, patch documentation, and occasional vendor recalls are valid, the direct risk of causing system failures is the most critical reason for testing patches in a non-production environment before a full rollout.

Onboarding is the process that typically initiates the creation of user accounts and assignment of access rights, as it refers to the steps taken to integrate a new employee into an organization, which includes providing them with the necessary credentials and access to fulfill their roles. Offboarding is the process of removing access rights and accounts when an employee leaves the company, which is the opposite action of onboarding. Maintenance refers to ongoing system upkeep and does not directly relate to the initial account creation. Role changes may involve modification of access rights but are not responsible for the initiation of account creation.

The Zero Trust Model (ZTM) never assumes trust and always requires verification for anyone trying to access resources, making decisions based on multiple contextual factors such as user location, device security posture, and data sensitivity. This dynamic approach is in contrast to more static models such as Discretionary Access Control (DAC) or Role-Based Access Control (RBAC), which grant access based on predefined policies that do not change in real-time. Mandatory Access Control (MAC) enforces access policies based on classification levels but does not adapt to context after initial access is granted.

Mantraps are designed to prevent tailgating by ensuring that only one person can enter or exit an area after authentication. They are typically structured as two sets of interlocking doors that only allow one door to be open at once, thus preventing an unauthorized person from following an authorized person into a secure area. Turnstiles, while useful for controlling flow, can still be susceptible to tailgating, especially if they are not full-height. Biometric systems strengthen the authentication process but do not, on their own, prevent tailgating. Surveillance cameras can record attempts at tailgating but do not actively prevent the act.

Implementing role-based access control (RBAC) allows the organization to assign permissions to users based on their job responsibilities. This ensures that employees have access only to the resources necessary for their tasks, reducing unauthorized access to sensitive files. Encrypting files protects data confidentiality but doesn't prevent authorized users from accessing data beyond their responsibilities. Enforcing multi-factor authentication strengthens login security but doesn't control access permissions. Applying network segmentation divides the network but doesn't directly manage user access to specific files.

The primary goal of uniform configuration standards is to establish a consistent security posture and operational behavior among the company's numerous devices and systems. This not only reduces the potential for errors but also simplifies administration and strengthens the organization's defense against common threats. Consistency makes it easier to manage updates, apply security policies, and ensure compliance with both internal guidelines and external regulations.

An electronic signature platform enables efficient distribution and provides a clear, auditable trail proving that all employees have read and acknowledged the information security policy. This system also ensures that the acknowledgment is securely recorded and easy to retrieve, which is important for compliance and verification purposes. Offering an informational session is a good practice for explaining the policy, but on its own, it doesn't ensure individual acknowledgment. Having employees verbally acknowledge does not offer a verifiable record for auditing purposes. Posting the policy on the company website makes it accessible, but does not guarantee reading or acknowledgment by employees.

The initial focus in the event of a security breach should be to limit the damage and prevent further compromise. This is achieved by containing the threat, thereby stopping the incident from affecting additional resources. While documenting the events and notifying appropriate parties are also important, these actions occur after the immediate threat has been controlled to prevent exacerbation of the situation. Analyzing logs is part of the subsequent investigation and not the immediate concern when a breach is in progress.

Password expiration is a security measure used to limit the amount of time a password is valid. Requiring users to update their passwords regularly helps to mitigate the risks of older passwords being compromised over time. If an attacker obtains a password, a shorter expiration time can reduce the time window they have for unauthorized access before the password is changed.

An organization needs to comply with local and regional regulations to ensure that they are not violating any laws that may be specific to the jurisdictions they operate in. Not understanding these local nuances could lead to legal issues, such as fines or sanctions. For example, certain regions may have specific requirements for data protection that differ from national laws, such as stricter privacy regulations that mandate data residency within the region. National and global standards, while essential, may not cover all aspects of the local regulatory environment, and universal standards do not typically exist for cybersecurity, hence the specificity of the correct answer.

Attribution in cybersecurity is notoriously difficult because attackers can intentionally plant misleading evidence. Linguistic and cultural artifacts-such as comments, debug paths, or variable names written in a specific language-may be genuine, but they can also be inserted deliberately as false flags to divert suspicion toward another actor or nation-state. Without corroborating technical indicators, intelligence, or context, such markers are suggestive at best and never conclusive proof of government-sponsored espionage.