CompTIA Security+ Practice Test (SY0-701)

Implementing a firewall is the most effective solution in this scenario. A firewall acts as a barrier between the internal network and external sources, controlling incoming and outgoing network traffic based on predefined security rules. It blocks unauthorized access attempts from external entities while allowing legitimate outbound communication required by employees. An intrusion detection system monitors network activities for suspicious behavior and generates alerts but does not prevent access. Encryption secures data but does not control network access. Physical access controls protect the physical hardware and premises but do not safeguard the network from external cyber threats.

A facial recognition system used to grant or deny entry is a preventive control. Preventive controls are designed to stop a security incident from happening. In this scenario, the system actively prevents unauthorized individuals from accessing the data center. Deterrent controls aim to discourage attackers (e.g., a warning sign), detective controls identify incidents after they occur (e.g., a log review), and corrective controls limit the damage after an incident (e.g., restoring from a backup).

Zero Trust requires every access request to be evaluated in real time against multiple signals. Analyzing the developer's recent behavior for anomalies helps confirm that the request matches normal usage patterns and is not coming from a hijacked account. Device posture checks, formal change-ticket approvals, and rigid office-hours windows can all strengthen security, but they do not directly validate that the current request is legitimate in the way behavior analytics does.

Setting up a system that monitors, detects, and blocks potentially unauthorized data transmissions can dramatically lower the likelihood of sensitive information being leaked or transferred outside the company by an insider with legitimate access. While biometric authentication adds a layer of security, it does not prevent data exfiltration by authenticated users. Disabling unused service ports and enforcing strong encryption enhance security but are not the most direct or effective controls for preventing the deliberate transfer of sensitive data by authorized insiders.

Version control is primarily used to manage and control different versions of software, configurations, and other artifacts. It allows for tracking changes, reverting to previous versions if needed, and maintaining a clear audit trail of modifications. While version control can help with documentation, collaboration, and identifying issues, its main purpose is to effectively manage and control versions of various assets.

The correct answer is 'Conducting regular training sessions on operational security,' because it reinforces the importance of keeping workstations secure to all employees, including highlighting the risks associated with leaving workstations unlocked. 'Installing a firewall' wouldn't address the specific behavior of the employee. 'Requiring biometric authentication' might secure the workstation initially, but if it remains unlocked, the threat persists. 'Limiting physical access to the office' would not address the specific issue of workstations being left unlocked by employees already inside the secure area.

Providing comprehensive security awareness training to employees educates them about potential threats, company security policies, and safe practices. This managerial control directly addresses the issue of human error by enhancing employee awareness and reducing the likelihood of security incidents caused by inadvertent actions. Installing firewalls and implementing multi-factor authentication are technical controls that protect systems but do not influence employee behavior. Using surveillance cameras is a physical control that monitors activities but does not prevent unintentional security breaches by uninformed staff.

A jump server, also known as a jump host or bastion host, is a hardened server that acts as a secure intermediary and single point of entry for administrators to connect to other devices in a separate security zone. This approach centralizes access control and monitoring.

A proxy server primarily acts as an intermediary for user requests to other servers (like web servers), but it is not specifically designed for administrative access sessions. A load balancer distributes incoming traffic across multiple servers to improve availability and performance but does not serve as a secure administrative gateway. A VPN concentrator is used to establish secure, encrypted tunnels for remote access, but it typically provides broader network-level access rather than the specific, audited host-to-host administrative access that a jump server provides.

The best solution is to use a failover cluster combined with a load balancer. A failover cluster, a type of high-availability cluster, ensures service continuity by having redundant servers ready to take over if one fails. A load balancer distributes incoming traffic across the active servers in the cluster, which improves performance and responsiveness. While often used together, virtualization alone on a single server still represents a single point of failure. RAID provides storage redundancy but does not ensure service availability or distribute traffic. SD-WAN is a networking solution for managing WAN connections and is not the primary tool for application-level high availability.

Using the cloud provider's managed Key Management Service (KMS) with server-side encryption meets both goals. KMS stores keys in validated HSMs and automates creation, rotation, and retirement while enforcing granular access controls and audit logging, so encrypted backups can be restored whenever needed without manual key handling. Whole-disk encryption secures only the local volume and generally relies on per-host keys rather than centralized administration. Manually encrypting data with AES-256 satisfies strength requirements but scales poorly and is prone to human error. Field-level encryption protects only selected columns, leaving the rest of the backup unencrypted and non-compliant.

The correct answer is risk tolerance. Risk tolerance is the degree of risk or uncertainty an organization is willing to accept in pursuit of its objectives. When a company's strategic goals shift, as in this scenario from a conservative posture to an aggressive growth strategy, its willingness to take on risk (its risk tolerance) must be re-evaluated. The new fintech platform represents a higher-risk, higher-reward initiative, which necessitates a change in the company's established risk tolerance. The Recovery Point Objective (RPO) and Annualized Rate of Occurrence (ARO) are metrics used within risk management, but they do not represent the organization's overall willingness to accept risk. An Acceptable Use Policy (AUP) defines rules for technology use and would likely be updated, but the primary, high-level concept that needs reassessment due to a major strategic change is the overall risk tolerance.

The correct answer is Hacktivist. Hacktivists are often motivated by philosophical or political beliefs, which lead them to target organizations or governments that they perceive as acting against their values or agendas. The nature of these attacks, including website defacements and public message spreads, are typical of hacktivist groups that aim to broadcast a political message or to create awareness about their cause. The other options listed do not align as closely with the details given.

Configuring DLP policies to monitor and block sensitive information being sent through IM helps prevent data leaks. The IM system can be set up to detect and stop the transmission of predetermined sensitive information patterns. Use of encryption would make messages secure in transit but would not prevent employees from sharing sensitive information. Restricting file permissions is unrelated to IM conversations. Manually reviewing message logs is less efficient and might not effectively prevent leaks compared to automated DLP mechanisms.

The primary purpose of aggregating logs is to allow for the centralized analysis of multiple log entries from different systems. This eases the task of monitoring and correlating events, aiding in the detection of patterns that may indicate security incidents. Reviewing logs individually on each system is far less efficient and increases the likelihood of missing critical events.

Firewall logs typically contain information on both inbound and outbound traffic. This information is useful for detecting both types of intrusion attempts, as inbound logs could show unsolicited incoming connections that might be indicative of an attack or reconnaissance activity, while outbound logs can help in identifying potentially compromised systems reaching out to malicious hosts or command-and-control servers. The statement is false because firewall logs are not exclusively for outbound traffic and are indeed significant for detecting inbound threats as well.

The correct answer is "Centralizing control over who can connect to and use network services" because RADIUS is designed to supply centralized authentication, authorization, and accounting (AAA) for users seeking access to network resources. "Facilitating the handshaking process in a TLS session" is incorrect because that task is handled by the TLS protocol during secure communications setup. "Distributing IP addresses to client devices" is a function of the Dynamic Host Configuration Protocol (DHCP), not RADIUS. "Load balancing traffic between servers" is handled by dedicated load-balancing solutions rather than by RADIUS.

The attackers are driven by their ideological differences with the corporation's environmental practices. This is a case of philosophical or political beliefs motivating cyber attacks. They are not seeking financial gain, engaging in blackmail, or attempting to steal data.

An Uninterruptible Power Supply (UPS) is the correct solution because it provides immediate, temporary battery power the moment main power fails. This short-term power bridge is specifically designed to give systems enough time to perform a graceful shutdown or to keep them running until a longer-term power source, like a generator, can activate. A generator is designed for long-term outages but has a startup delay, making a UPS necessary to cover the initial gap. A redundant power supply protects against the failure of a single power supply unit within a device, not an external power outage. A surge protector only protects against voltage spikes and offers no backup power during an outage.

Using a standardized security configuration guide specifically designed for the intended system or platform is the best method to establish a secure baseline. These guides, often developed by experts and incorporating industry best practices, ensure that all devices start from a common, secure state before being introduced into the production environment. They typically include settings and configurations that have been widely recognized and vetted for their effectiveness in securing devices. While patching, encryption, and decommissioning play roles in the lifecycle of maintaining security for active devices, they are not methods used for establishing the baseline itself.

In a serverless architecture (often delivered as Function-as-a-Service), the cloud provider is responsible for provisioning, scaling, and managing the infrastructure needed to run the code. Developers supply only their functions, and resources are allocated automatically in response to events or load. In contrast, manually managing virtual machines requires users to size and patch instances themselves, microservices describe an application design pattern rather than a resource model, and containers package software but still need an orchestrator or servers to run.