CompTIA Security+ Practice Test (SY0-701)

An Acceptable Use Policy establishes what users are permitted and prohibited from doing when using organizational information systems and resources. While it may reference penalties for violations, its core function is to define acceptable and unacceptable behavior, thereby reducing security and legal risk.

A hot site is a fully operational offsite data center equipped with hardware and software, configured to quickly assume operational responsibilities from a primary site in case of a disaster. This is the best option for business continuity as it enables rapid resumption of critical functions. A cold site, while being the least expensive, offers only space and utilities, requiring additional time to become operational. A warm site provides some pre-installed equipment but would still require additional time and effort to be fully operational. Therefore, a hot site offers the highest level of readiness for immediate disaster recovery.

When a system is configured to be fail-closed, also known as fail-secure, it defaults to a secure state upon failure. In this state, it will deny access or block all traffic to prevent potential security breaches. This contrasts with a fail-open system, which would allow traffic to pass through, prioritizing availability over security.

The correct answer is 'Techniques and protocols for data encryption in transit and at rest'. When assessing a cloud service provider, confirming their data encryption methodologies is vital for ensuring data confidentiality and integrity. A cloud provider’s encryption practices, including the algorithms used, key management, and whether encryption is applied in transit and at rest, are crucial pieces of information for evaluating their security posture. 'Disaster recovery time objectives' are important but focus primarily on availability rather than confidentiality and integrity. 'Yearly employee turnover rates' may impact overall operational stability but does not have a direct correlation with data protection practices. 'Percentage of IT budget allocated to R&D' provides insight into the provider's investment in innovation, but it does not give a direct measure of how they handle and protect your data.

A possession factor is an authentication method based on something the user physically possesses. A hardware authentication token is a small physical device that can generate a secure login code or house digital certificates and is carried by the user to provide a possession factor for authentication. Eye color is a trait, not something possessed. A password is something the user knows, and a mobile app authorization request, while delivered to a device the user possesses, by itself is not considered a possession factor until accepted and is not inherently a physical item.

The primary goal of uniform configuration standards is to establish a consistent security posture and operational behavior among the company's numerous devices and systems. This not only reduces the potential for errors but also simplifies administration and strengthens the organization's defense against common threats. Consistency makes it easier to manage updates, apply security policies, and ensure compliance with both internal guidelines and external regulations.

While all listed aspects are important in their own right, clearly defined security requirements are the most critical to protect sensitive data. These requirements set the minimum security standards that the business partner must adhere to, directly impacting the safeguarding of data involved in the partnership. Elements such as review cycles and party definitions are also important, but their impact on data protection is more indirect compared to the explicit security requirements.

A 'One-Time' risk assessment is a standalone evaluation conducted to assess the risks associated with a specific event or change, such as the introduction of a new business initiative. It helps in identifying potential risks before proceeding with the project and is not part of the regular, scheduled assessments. This type of assessment is critical for making informed decisions about one-off projects or changes that are not part of the routine operational activities. 'Ad Hoc', 'Recurring', and 'Continuous' assessments are incorrect because they respectively describe assessments that are unscheduled and irregular, regularly scheduled, and ongoing monitoring.

The correct answer is a system that provides centralized event and log data analysis. This tool is specifically designed for collecting, storing, and analyzing log files from various systems within an organization, providing the ability to correlate events and detect incidents more accurately. While threat intelligence platforms provide valuable information from external sources about potential threats, they do not correlate internal event data. Network sniffers are used primarily for capturing and analyzing network packets, not for event correlation. Lastly, compliance reporting tools are designed to assist with the generation of reports to demonstrate adherence to regulations, rather than providing real-time event correlation and analysis.

Regularly updating an organization's computing resource inventory is essential for identifying and managing vulnerabilities, as well as ensuring the security posture is up-to-date. Failure to maintain an updated inventory increases the risk of incidents because unmanaged, unknown, or unpatched resources can become vectors for security breaches. It is less about physical tracking or license compliance, and more about understanding what needs to be protected and ensuring appropriate security measures are in place.

The correct response, 'Full-disk encryption,' ensures that all the data stored on the physical disk is secured, including the system and boot partitions, providing a high level of protection if the disk is moved or stolen. This is in contrast to 'Volume encryption,' which might only secure data on certain logical volumes and not necessarily the whole disk. 'File-level encryption' only applies to individual files, allowing for specific files to be encrypted within a system. 'Container encryption' is not a standard term within the scope of this context and can cause confusion with other types of encryptions mentioned.

Policies that outline employee responsibilities and expected behaviors are examples of directive controls. Directive controls are designed to guide or instruct individuals or systems to ensure compliance with security requirements. They establish guidelines and expectations to influence behavior. Detective controls are intended to identify and detect unwanted events or incidents after they occur. Corrective controls focus on minimizing the impact of a security incident after it has occurred. Preventive controls aim to stop unwanted events from happening in the first place.

A hot site is a fully equipped backup facility that is operational and ready to activate immediately after a disaster. It maintains up-to-date copies of data, hardware, and software, allowing an organization to resume normal operations rapidly. Warm sites are partially equipped and require additional time to become fully functional, while cold sites have only the basic infrastructure and need significant time to set up equipment and restore data.

Regular compliance audits are the best approach to ensure that an organization is meeting international data protection regulations. Audits provide an objective examination and provide insights into compliance status while identifying areas for improvement.

Reverting to a snapshot is the fastest way to restore a virtual machine to its state at a specific point in time, such as right before a patch or update. Snapshots capture the entire state of the VM, allowing for a near-instantaneous rollback. While restoring from a full or incremental backup would also work, these processes are significantly slower and more resource-intensive, making them less ideal for this scenario.

Regulated data is subject to statutes or industry frameworks that prescribe how it must be secured (for example, HIPAA, FERPA, GDPR, or PCI-DSS). Because non-compliance can trigger fines and legal liability, organizations must implement controls such as encryption, strict access control, and auditing. Other data types like trade secrets or intellectual property may be highly valuable but are not dictated by external regulations in the same way.

This scenario describes a detective control. Detective controls are designed to find and alert on security incidents after they have already occurred or as they are happening. Intrusion detection systems (IDS) and log analysis tools fit this description perfectly as they monitor for and report on suspicious activity, rather than stopping it outright.

• Preventive controls aim to stop an incident before it happens (e.g., a firewall blocking a malicious IP address).
• Corrective controls are used to limit the damage and restore systems after an incident has been detected (e.g., restoring from a backup after a ransomware attack).
• Deterrent controls are meant to discourage potential attackers (e.g., warning banners).

Least privilege requires each user to have no more permissions than are strictly necessary. Removing the ability to create or delete shares-or any other rights not tied to invoice processing-satisfies the principle. Granting full administrative rights, adding MFA, or limiting login hours may improve security in other ways but do not reduce the scope of existing permissions to the absolute minimum.

Complexity in security operations pertains to the intricacy of systems, processes, and technologies that could potentially increase their vulnerability to attacks. More complex systems are harder to manage and secure, because the likelihood of misconfiguration and undiscovered vulnerabilities increases. Simplifying systems can lead to more robust and easier to manage security postures.

MD5 (Message Digest 5) creates a 128 bit fixed output. SHA1 creates 160 bit outputs, SHA2 creates 256 bit outputs and RIP128 is a thing we made up that sounds pretty cool.