CompTIA Security+ Practice Test (SY0-701)

Tokenization is the optimal method because it allows specific sensitive data elements, such as credit card numbers, to be replaced with non-sensitive equivalents, referred to as tokens. These tokens can be used in various operational processes without exposing the actual sensitive data. This is particularly useful for customer data analysis, as the analysis can often be performed with the non-sensitive token rather than needing the actual credit card number. Encryption, while it also obscures the original data, would not be as convenient because data analysis would typically require decryption. Masking affects the utility of the data for analysis because it often involves altering part of the data permanently. Lastly, hashing is incorrect because it is non-reversible and thus unsuitable for scenarios where the original data might need to be accessed again.

MTBF stands for Mean Time Between Failures. It is the average operational time between one repairable failure and the next. Because it represents the expected interval of proper operation, a higher MTBF indicates a more reliable system that is likely to remain running longer before another failure occurs. MTBF calculations exclude the downtime needed for repairs and are based on historical or test data collected during normal operation.

The correct answer is 'Incremental backups every 2 hours with daily full backups'. This approach efficiently balances the need to maintain recent data save points to minimize loss in the event of a system failure while utilizing resources effectively. Incremental backups save changes since the last full or incremental backup, reducing the volume of data that needs to be copied and the time required for each subsequent backup. Daily full backups ensure that there is always a recent complete copy of data to restore from, while the frequent incremental backups capture the ongoing changes.

Inherent risk is the term used to describe the level of risk involved with using a process/operation before the company does anything to reduce/mitigate the risk.

End-to-end encryption is necessary for safeguarding data transmitted over an unsecured network. Among the available methods, Internet Protocol Security ensures both the encryption of data and strong key management capabilities through its embedded protocols. Protocols like HTTPS are typically limited to web traffic encryption, rather than a comprehensive solution for all office communications. Methods relying on outdated protocols or suited for specific services fail to meet the security and key management requirements for sensitive data in wide-area corporate environments.

A vendor assessment, particularly a due diligence review, is the most appropriate type of assessment when evaluating a company during an acquisition. This review ensures that the company to be acquired is compliant with necessary security standards and that there are no hidden security liabilities. Penetration testing focuses on finding vulnerabilities in systems and networks and may not cover the broad scope of security measures in place. Self-assessments are internal evaluations and might not provide an objective view needed during an acquisition. Risk analysis is part of the overall risk management process but does not serve as a comprehensive review of a company's security measures during an acquisition scenario.

Because the attempts originate from a country where the organization has no presence, the actor is almost certainly operating outside the corporate network. This matches the definition of an external threat actor-someone with no authorized access who must break in from the outside. Insider threats and shadow IT both originate from within the organization, and an unskilled attacker on the internal network would still be an internal actor, even if inexperienced. Therefore, the most likely actor is external.

The system in question centralizes the collection and analysis of log data in order to identify and alert on potentially malicious activity, classifying it as a detective control rather than a preventive one. Preventive controls aim to prevent security incidents from occurring in the first place, while detective controls are used to find and respond to incidents that are in progress or have already occurred.

Any organization that operates, processes data, or otherwise conducts business within a country is subject to that nation's information-security and privacy laws, even if the company is foreign-owned or headquartered elsewhere. This concept-often referred to as data sovereignty-means compliance is mandatory in each jurisdiction where operations occur; failure can lead to fines, sanctions, or loss of the right to do business. The other options are incorrect because host-nation laws are not optional, cannot be ignored in favor of home-country rules, and apply to activities such as cloud or remote processing, not only to data stored physically on local servers.

The best solution for generating insights into network traffic patterns is NetFlow, because it collects detailed information about the data flows within the network, including source, destination, and volume of data, which is key for detecting irregular large data transfers occurring after standard operational hours. Simple Network Management Protocol (SNMP) traps are typically used for real-time event notification and not for in-depth traffic analysis. A Security Information and Event Management (SIEM) solution centralizes security alerts and logs but does not inherently provide the detailed network flow analysis characteristic of NetFlow. While antivirus software protects against malware, it does not offer network traffic pattern analysis and therefore would not be an effective tool for this particular requirement.

Establishing a policy for regular updating of hardware inventory with age details is vital to track the lifecycle of the hardware and prepare for secure sanitization and disposal before it becomes a security risk. Asset tagging allows for easier tracking of the hardware's age, but does not automatically lead to decommissioning. Frequency of use or importance of data does not dictate when hardware should be decommissioned, as even rarely used or low data significance hardware can be a vulnerability if it becomes too old and unsupported.

A downgrade attack is when an attacker forces a system to revert to a lesser, often outdated and less secure protocol, making the communication more susceptible to compromise. This differs from other attacks that do not aim to change the security protocol level but rather exploit existing vulnerabilities or capture data.

A hot site is a fully equipped backup facility that is operational and ready to activate immediately after a disaster. It maintains up-to-date copies of data, hardware, and software, allowing an organization to resume normal operations rapidly. Warm sites are partially equipped and require additional time to become fully functional, while cold sites have only the basic infrastructure and need significant time to set up equipment and restore data.

Full disk encryption (FDE) is the correct choice as it provides comprehensive encryption of all data on the storage medium, ensuring that without the appropriate decryption key, no data can be read, regardless of the system state or whether the storage device is transferred to another machine. Encrypting individual files, while useful, does not offer the same level of protection if an attacker gains access to the underlying file system. Encrypting data using a VPN only secures data in transit, not at rest. SSL/TLS also protects data in transit and does not apply to data at rest.

Bug bounty programs invite external security researchers to test systems for rewards. This crowdsourced approach greatly expands the range of skills, tools, and perspectives applied to security testing, which helps uncover vulnerabilities that may slip past automated scanners, internal assessments, and periodic penetration tests. Increased transparency or compliance benefits can flow from a program, and zero-day exploits might be caught as a result, but those are secondary effects-not the fundamental purpose of adding the program to vulnerability identification.

The correct answer is 'Botnet' because it describes a network of compromised computers that are controlled remotely, typically without the owners' knowledge, to perform tasks such as cryptocurrency mining. A botnet infection matches the scenario described where multiple endpoints are being remotely controlled. A Ransomware infection would generally encrypt files and demand payment, which is not mentioned in the scenario. A Logic Bomb would execute malicious code based on certain conditions being met, which is not indicated in this scenario. A Worm would self-replicate to spread to other computers, but it does not inherently control multiple endpoints for a task like cryptocurrency mining.

The most appropriate type of legal contract to enforce confidentiality during preliminary negotiations is a Non-Disclosure Agreement. It legally binds the parties to keep certain shared information confidential, thereby protecting the company's proprietary information, such as trade secrets or strategic plans. While a Letter of Intent can demonstrate commitment to a deal, it does not typically bind parties to confidentiality. An Employment Agreement is used between an employer and employee and is not suitable for negotiations with a potential partner. A Master Services Agreement sets forth terms of a working relationship, typically finalized after trust has been established and does not necessarily ensure confidentiality at the initial stages of discussion.

Reviewing and adjusting the access control list (ACL) is the most appropriate step when users are denied access to network resources, assuming there is no outage or malfunction of the actual resource or network. An ACL may have been incorrectly configured or updated, causing access issues. Examining and rectifying the ACL can restore proper access to authorized users. Patching, while important for security, would not directly address the immediate issue of access if the server and network are confirmed to be operational. Likewise, monitoring does not resolve current access issues, although it may help identify them. Finally, decommissioning the server would be counterintuitive if there's a need for its services.

Tokenization transforms sensitive data into a token, which is a unique identifier that has no meaningful value outside of the tokenization system. Unlike encryption that can be reversed with the decryption key, tokenized data requires access to the original mapping in the tokenization system to convert it back, ensuring enhanced security by preventing reverse-engineering of the tokens if the database is compromised. In the case of protecting credit card information, tokenization is ideal because the tokens can be used for transactional processes without exposing actual credit card numbers.

A security questionnaire is a tool used in the vendor selection process to assess potential vendors' security measures. It standardizes the queries regarding their security controls and practices, ensuring that all vendors are evaluated using the same criteria. This consistency allows organizations to compare responses objectively and make informed decisions based on established security requirements.