CompTIA Security+ Practice Test (SY0-701)

The central tenet of Zero Trust is 'never trust, always verify'. Unlike traditional security models that operate on the assumption that everything inside the network perimeter is safe, the Zero Trust model treats all traffic as untrusted, requiring continuous verification of each request, regardless of whether it originates from inside or outside the organization's network. The other options listed, while relevant to security, do not embody the foundational guideline of the Zero Trust model. 'Restricting user privileges' is a part of the principle of least privilege, 'encrypting data at rest' is a data security measure, and 'implementing implicit trust zones' goes against the Zero Trust model which doesn't use implicit trust.

Incident response is the correct answer because it is an operational control that focuses on identifying, containing, and recovering from security incidents. Change management is incorrect because it deals with managing changes to systems and applications, not specifically security incidents. Access controls are preventive measures that limit access to resources, but do not directly address incident handling.

This scenario describes a detective control. Detective controls are designed to find and alert on security incidents after they have already occurred or as they are happening. Intrusion detection systems (IDS) and log analysis tools fit this description perfectly as they monitor for and report on suspicious activity, rather than stopping it outright.

• Preventive controls aim to stop an incident before it happens (e.g., a firewall blocking a malicious IP address).
• Corrective controls are used to limit the damage and restore systems after an incident has been detected (e.g., restoring from a backup after a ransomware attack).
• Deterrent controls are meant to discourage potential attackers (e.g., warning banners).

The primary role of a generator in the security architecture of a data center is to provide backup power in the event that the main power supply fails. This ensures that critical systems remain operational during power outages, thus maintaining high availability and preventing potential security breaches that could occur due to system downtime.

Managerial controls are designed to establish security policies, procedures, and guidelines within an organization. They help in the strategic alignment of security practices with business operations and in ensuring that organizational security objectives are met. They are essential for the governance of security within the company.

Technical controls, on the other hand, involve the use of technology to enforce security measures, such as firewalls and encryption. Operational controls are more about implementing and maintaining day-to-day security tasks. Physical controls include tangible measures like locks, biometrics, and surveillance systems.

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept, what happens to the data at the end of the retention period (archive or destroy) and other factors concerning the retention of the data.

Employing a biometric authentication system increases security by requiring personal physical attributes, making it significantly more resistant to systematic guessing and unauthorized entry compared to numerical access codes. Updating numerical access codes intermittently can temporarily prevent unauthorized access but does not inherently improve resistance against a focused attack. An audible alert after a set number of failed attempts might deter but not prevent an intruder who can still continue to attempt access. Video surveillance, although useful for monitoring and recording, does not in itself prevent unauthorized access.

Corrective controls are implemented to minimize the extent of damage caused by a security incident after it has taken place. These controls focus on containing the incident, recovering from it, and preventing similar incidents from occurring in the future. Examples of corrective controls include incident response plans, backup systems, and disaster recovery procedures. Preventive controls aim to prevent incidents from happening in the first place, while detective controls identify and respond to ongoing incidents. Compensating controls serve as a substitute for primary controls when they are not feasible or practical to implement.

The correct answer is "Centralizing control over who can connect to and use network services" because RADIUS is designed to supply centralized authentication, authorization, and accounting (AAA) for users seeking access to network resources. "Facilitating the handshaking process in a TLS session" is incorrect because that task is handled by the TLS protocol during secure communications setup. "Distributing IP addresses to client devices" is a function of the Dynamic Host Configuration Protocol (DHCP), not RADIUS. "Load balancing traffic between servers" is handled by dedicated load-balancing solutions rather than by RADIUS.

When considering a database that contains sensitive information, securing 'Data at rest' is essential. Encrypting data at rest means protecting the data while it is stored and not being processed or moved. This helps prevent unauthorized access to the data if the physical security of the storage medium is compromised. While data in transit and data in use are valid data states, they refer respectively to when data is moving through the network and being processed in memory, not when it is stored. Encrypted storage, on the other hand, is a broad term that includes data at rest but does not pinpoint the state itself.

A Trojan is the correct answer because it disguises itself as legitimate software to carry out unauthorized actions, such as data exfiltration. Viruses attach to files and spread, worms replicate over networks, and ransomware encrypts data for ransom, none of which specifically disguise as legitimate programs to execute covert actions.

A hot site is a fully operational offsite data center equipped with hardware and software, configured to quickly assume operational responsibilities from a primary site in case of a disaster. This is the best option for business continuity as it enables rapid resumption of critical functions. A cold site, while being the least expensive, offers only space and utilities, requiring additional time to become operational. A warm site provides some pre-installed equipment but would still require additional time and effort to be fully operational. Therefore, a hot site offers the highest level of readiness for immediate disaster recovery.

A self-signed certificate is the most appropriate choice for this scenario. Since the server is for internal testing only, public trust from a third-party CA is not required. A self-signed certificate provides the necessary encryption for HTTPS traffic within this closed environment without incurring costs or requiring an external validation process. Wildcard, Extended Validation (EV), and Domain Validation (DV) certificates are all types issued by a trusted third-party CA and are intended for use on public-facing servers where establishing trust for external users is essential.

A system that offers real-time analysis and automated response to security alerts from applications and network hardware is crucial for organizations looking to monitor their IT infrastructure effectively and streamline their incident response processes. While antivirus software is essential for scanning and removing known malware, it does not offer the capability of central event log aggregation or incident response. A system for preventing data mishandling focuses on the secure handling and transfer of sensitive information but does not encompass broad monitoring or automated incident response. Although enhanced firewall rules strengthen the network perimeter defense, they do not provide holistic security event management or the capability to automate responses to anomalies detected across the network.

The Data Owner is responsible for managing and mitigating risks related to their data. They have the authority and accountability for the data, making them the appropriate risk owners.