CompTIA Security+ Practice Test (SY0-701)

Static Application Security Testing (SAST) is the correct technique because it analyzes an application's source code or binaries for security vulnerabilities without running the program. This allows developers to find and fix issues like SQL injection and buffer overflows early in the SDLC, which is the core principle of 'shift-left' security. Dynamic Application Security Testing (DAST) analyzes applications in their running state, while fuzzing involves providing invalid or unexpected data to a running application to see if it crashes. A web application firewall (WAF) is a network security control that protects web applications from attacks at the network edge; it does not analyze source code.

The correct measure when repurposing storage devices that previously contained sensitive data is to conduct a secure erasure process that adheres to industry standards (e.g., NIST SP 800-88), ensuring that the data recovery is not possible without extraordinary measures. Degaussing is also a method to sanitize data, but it's suitable for magnetic drives only and might not be practicable for solid-state drives (SSDs). Reformatting the drive is not secure enough, as most standard formatting procedures leave data recoverable. Running a standard antivirus scan, although important for detecting and removing malware, does not address the need to prevent data recovery from the storage device.

Pre-installed software that is not necessary for the user's activities-commonly called bloatware-can pose a security risk if it contains unpatched vulnerabilities. Because this software is often unmanaged, it can increase the device's attack surface. Attackers may exploit flaws in the unused software or its background services even if employees never actively launch the applications. Therefore, the main concern is the presence of potentially vulnerable code, not how frequently employees use the software.

Updating the Information Security Policies to include state-specific compliance requirements ensures that the organization adheres to local data privacy laws. This adjustment aligns the company's policies with the legal obligations of the new region, mitigating the risk of non-compliance.

Implementing network segmentation and limiting the legacy system's connectivity to essential services is the correct answer. This approach reduces the risk of attacks from both internal and external threat vectors, as it would prevent the potentially compromised system from affecting unrelated parts of the network. While increasing security monitoring is a useful tactic, it does not directly mitigate the exposure of the legacy system to threats. Conducting regular security audits on the system is a good practice, but it does not provide real-time protection against threats. Encouraging the use of strong passwords is important but does not address the specific risks associated with an unsupported operating system.

Data at rest is the term for data that is not actively moving from device to device or network to network. This includes data stored on media such as hard drives, SSDs, and backup tapes. Data in transit is data actively moving across a network. Data in use refers to data that is currently being processed by a CPU or is in memory.

A fingerprint scan is the best example of the 'Something you are' factor because it utilizes a unique physical characteristic of the user, which is considered a biometric method. These types of methods are based on the individual's unique biological traits and are therefore difficult to replicate or share, enhancing security. A hardware token and an access badge are examples of 'Something you have,' while a PIN and a password are examples of 'Something you know.' Voice recognition could be considered a 'Something you are' factor, but biometric methods like fingerprint scans have wider acceptance and typically provide stronger security due to decreased error rates and lower chances of mimicry.

Dynamic analysis involves examining the behavior of an application at runtime. It is more practical and comprehensive for understanding how an application behaves with various inputs in real-time, which is essential for discovering a wide range of potential security issues, including the ones that only arise when a program interacts with an operating system or other applications.

The most likely explanation for missing log entries is that they were deliberately deleted or altered to conceal unauthorized activities or a security breach. Attackers often cover their tracks by manipulating logs after gaining access to a system to avoid detection. This is a tactic used in post-exploitation to maintain stealth and prolong unauthorized access.

Regularly reviewing and updating policies and controls is the correct answer because it allows an organization to address new threats and changes in the operational environment. It ensures that the policies and controls continue to be relevant and effective. While employee training, installing antivirus software, and limiting user privileges are important security practices, they do not directly ensure that policies and controls are kept up-to-date with the current threat landscape.

Storing data within a country’s own data center or approved hosting service ensures data does not leave that territory, meeting legal compliance. Methods such as strong passcodes do not guarantee data remains in a location. Encryption is valuable for confidentiality but does not constrain the physical location of data. Replicating data globally may violate those region-specific obligations.

The correct answer is 'Activating the business continuity plan which includes failing over to the off-site data center.' This is because a well-prepared business continuity plan accounts for geographical risks such as natural disasters, and the existence of an off-site data center implies that the company has planned for replication and failover processes which can be activated when the primary site is non-operational. In contrast, relying solely on onsite backups will not suffice because the compromised infrastructure and ongoing power outage hinder the company's ability to restore systems locally. Incremental backups without replication would not address the immediate need to maintain operations since the data and systems are still within the affected area. Similarly, awaiting the restoration of the primary data center is not a viable strategy as it does not address the need for immediate business continuity.

Data owners are usually individuals in senior management and have overall responsibility for the data within their area of the organization. The data owner for HR data would typically be senior staff within the HR department.

Version control is primarily used to manage and control different versions of software, configurations, and other artifacts. It allows for tracking changes, reverting to previous versions if needed, and maintaining a clear audit trail of modifications. While version control can help with documentation, collaboration, and identifying issues, its main purpose is to effectively manage and control versions of various assets.

A downgrade attack is when an attacker forces a system to revert to a lesser, often outdated and less secure protocol, making the communication more susceptible to compromise. This differs from other attacks that do not aim to change the security protocol level but rather exploit existing vulnerabilities or capture data.