CompTIA Security+ Practice Test (SY0-701)

Attestation is primarily conducted to provide assurance that security controls are in place and operating effectively as per the established policies and standards. It's an acknowledgement or certification by a party, often an external auditor, that the entity being reviewed has met specific criteria set forth by regulations, industry standards, or company policies. It is not simply about detecting security breaches or forecasting future threats; rather, it is a formal statement that certain conditions have been met. As for 'providing a detailed analysis of potential risks,' this is more aligned with risk assessment activities whereas attestation is the affirmation of previously identified controls and compliance statuses.

A brute force attack involves trying random passwords on user accounts in an attempt to gain access. If accounts are set up to auto lock after a certain number of failed login attempts this can be a sign of an attacker's attempt to brute force accounts.

The correct answer is 'Phishing campaigns' because they involve the use of communications, typically emails, that attempt to fraudulently obtain sensitive information by impersonating a trusted organization or individual. 'Spear phishing' is a more targeted version of phishing, and while it is related, the question is asking about the broader term. 'Vishing' refers to voice call scams, and 'Tailgating' is a physical security breach method, which does not fit the context of identifying fraudulent emails.

Reviewing and verifying the security posture of the server firmware is the most effective step to ensure the new devices comply with security best practices before they are integrated into the company's network. Firmware can often be a target for supply chain attacks and may contain vulnerabilities that need to be addressed. While conducting penetration testing is valuable, it is not the first step in ensuring the security of new hardware. Similarly, vulnerability scanning is important but would follow the initial step of reviewing the firmware. Enabling full disk encryption is a good security practice for data protection but would not necessarily address potential supply chain vulnerabilities present in firmware or hardware configuration.

Operating system-specific security logs are designed to record events that are significant to the security of the operating system. They can provide detailed information about the activities on a server, such at login attempts, access to protected objects, and changes to security policies. These logs are more likely to give an accurate picture of the scope of a suspected breach compared to the other options, which may provide too broad or peripheral view, or lack the level of detail necessary for an analysis of server activities.

Tokenization is the best answer because it substitutes the sensitive data with non-sensitive equivalents, known as tokens, which have no exploitable value. This allows the company to process transactions without exposing actual credit card data, significantly reducing the risk of breaches while still enabling business functionality.

Asset tracking is essential because it helps an organization maintain an up-to-date inventory of all its assets. This inventory provides the foundation for security monitoring by ensuring that all assets are known, managed, and under the control of IT. It facilitates rapid response to incidents by allowing security personnel to quickly identify which assets may be affected. Without proper asset tracking, organizations may overlook critical assets, leaving them vulnerable to security threats or inefficient in responding to incidents.

Full-Disk Encryption (FDE) is the method designed to encrypt the entire disk drive, ensuring that all data on the drive is protected against unauthorized access and is unreadable without the correct decryption key. This is crucial for minimizing risks such as data theft, especially if the physical servers are compromised. Implementing file-level encryption could leave system files or temporary files unencrypted, which might still contain sensitive information. Database encryption could protect the contents of the database, but would not protect against threats at the file system or OS level. Encrypting email communications would not protect data at rest on the servers.

A firewall filters or blocks network traffic according to predefined rules, helping to prevent unauthorized access over the network. It does not transform the actual data on the server. If an attacker bypasses the firewall-through stolen credentials, an insider threat, or physical access-the files remain readable unless they are encrypted. Encrypting the disk, volume, or files converts them into ciphertext that is unintelligible without the decryption key, preserving confidentiality even if the storage media is stolen or the system is compromised. Therefore, encryption-not the firewall-provides protection for data at rest.

A packet capture involves collecting all the packets that pass through a certain point on a network. It allows security professionals to see the data being transmitted over the network, which can be valuable for analyzing traffic, troubleshooting network problems, or investigating security incidents. Examining packet contents helps to identify malicious activities, policy violations, or unauthorized data exfiltration. It's a detailed form of network monitoring used to closely inspect network traffic.

Fail-closed (sometimes called fail-secure) means that when a security control becomes unavailable, it blocks or denies traffic instead of allowing it to pass unchecked. Configuring the IPS to fail-closed therefore prevents uninspected packets from traversing the network during an outage. Fail-open does the opposite-it allows all traffic for the sake of availability. Fail-safe focuses on protecting other components, often by bypassing the device rather than dropping traffic, and failover relies on redundant equipment rather than a traffic-blocking posture.

Single sign-on (SSO) relies on a centralized identity provider. After the initial logon, the provider issues tokens that all integrated applications accept, so one compromised credential can unlock everything the user can reach. VPNs, network segmentation, and discretionary access control models do not inherently grant blanket access with one password.

Using a version control system is the best method for managing and controlling application versions as it allows teams to track changes, revert to previous versions, and maintain a history of modifications. This system enables quick reversion to a known good state in case the new update causes issues. Manual backups could also allow reversion but lack the history tracking and might not be as current. An automated patch management tool is more for ensuring systems are up-to-date and is not designed primarily for version tracking or quick reversion. The disaster recovery plan focuses on recovering from catastrophic events and is not typically used for routine version management.

The primary purpose of masking sensitive data is to prevent unauthorized users from viewing its actual content while still allowing the data to be usable for certain operations or processes. This is accomplished by hiding the original data with modified content (such as replacing or scrambling data), which is reversible only when necessary and appropriate. Other methods like encryption and hashing are designed for different security controls: encryption secures data by making it unreadable without the correct key and is meant to be reversible, whereas hashing is used to verify data integrity and is not reversible.

A brute force attack is a trial-and-error method used to decode encrypted data such as passwords. This type of attack systematically checks all possible combinations to discover the correct one, which can eventually allow an attacker to gain unauthorized access. This definition aligns with the description of a brute force attack.