CompTIA Security+ Practice Test (SY0-701)

Changing default credentials is an essential security measure to prevent unauthorized access, as many attack vectors involve using known defaults to gain control over systems. Attackers often rely on databases of default usernames and passwords-such as those exploited by the Mirai botnet-to compromise devices that have not had their credentials changed from the manufacturer's defaults. Regularly updating device passwords to complex, unique values greatly reduces this risk. Conducting a vulnerability scan or updating firmware, while important, would not address the immediate exposure created by default credentials. Disabling remote management could limit some attack vectors but still leaves the device vulnerable if the credentials remain unchanged.

Efficiency/time saving is a primary benefit of automation because it allows for quicker execution of repetitive tasks, reduces the potential for human error, and frees up personnel to focus on more complex tasks that cannot be automated. In contrast, complexity, cost reduction, and risk spread by automation are effects or considerations that can be associated with automation, but they are not universally accepted as primary benefits. Complexity actually refers to the potential increase in system complexity due to automation. Cost can sometimes be reduced by automation due to labor savings, but this isn't a guaranteed benefit because initial setup and maintenance can be costly. Risk spread is not a term commonly associated with the benefits of automation in secure operations.

A security steering committee provides cross-functional governance that aligns security policy, risk management, and regulatory requirements with overall business objectives. Unlike an IT department that focuses on day-to-day technical operations, the committee brings together executives, legal, HR, and other stakeholders to set strategy, allocate resources, and resolve enterprise-wide security issues. The other options incorrectly assert that the committee removes executive oversight, eliminates risk-management needs, or limits business input-none of which are goals of effective governance.

A serverless architecture refers to a cloud computing model in which the cloud provider automatically provisions, scales, and manages the infrastructure required to run code. Developers can write and deploy code without worrying about the underlying infrastructure. Traditional cloud services typically require users to manage and scale virtual machine instances, whereas microservices are a design approach to build a single application as a suite of small services, and containers provide a standard way to package code and its dependencies.

Salting is the correct answer because it involves adding random data (salt) to a message before hashing. This makes the resulting hash value unique, even for identical messages, which helps prevent rainbow table attacks. Rainbow tables are precomputed tables of hash values that can be used to quickly reverse hashes and obtain the original message. By adding a unique salt to each message before hashing, the resulting hash values will be different, rendering rainbow tables ineffective.

Performing passive DNS analysis is a passive reconnaissance method used to gather historical DNS data for a domain without directly interacting with the target's systems. This technique helps in mapping the target's infrastructure without triggering alerts. In contrast, a full network scan and running an automated website crawler are forms of active reconnaissance, as they involve sending packets and requests directly to the target's network and can be detected. Similarly, making social engineering calls is an active method that involves direct interaction with the company's employees.

Deploying a DNS or domain-filtering service stops browsers from resolving the hostnames of known malicious or suspicious sites, so users never reach the credential-harvesting page. While strong password policies, DLP, and MFA are valuable security measures, they do not directly prevent a user's web request from reaching a phishing site. DNS/domain filtering therefore provides the most effective and immediate protection in this scenario.

Automated compliance-monitoring tools can continuously collect evidence, check configurations, and raise alerts more quickly than manual methods. However, they still require human review to interpret nuanced legal requirements, investigate false positives or negatives, and decide on appropriate remediation. NIST SP 800-137 notes that efficient monitoring cannot rely solely on manual or automated methods; both are necessary to achieve comprehensive coverage and sound risk decisions.

Infrared is the only option that uses light as a communication medium. 802.11 (the standard for WLAN), Near Field Communication (NFC) & Bluetooth all use Radio Frequencies. Infrared is best for the type of device in the question as it requires line of sight to operate. When LOS is broken the device will register a person in the entrance.

Containment is the appropriate initial step following detection in an incident response process when the incident has already occurred and there's a need to prevent further damage or unauthorized activity. In this scenario, containing the threat by stopping the service account's actions is the priority to prevent further unauthorized activities, such as data exfiltration or lateral movement within the network. Preparation' is the process of getting ready for an incident before it occurs. 'Eradication' is performed after containment and involves removing the components of the incident, such as unauthorized software. 'Recovery' is the process of restoring systems to normal operation after the threat has been eradicated.

When a system is configured to be fail-closed, also known as fail-secure, it defaults to a secure state upon failure. In this state, it will deny access or block all traffic to prevent potential security breaches. This contrasts with a fail-open system, which would allow traffic to pass through, prioritizing availability over security.

Sanitization is the process of permanently and irreversibly removing or destroying data on a storage device to make it unrecoverable. This is the correct overarching process that applies to both HDDs and SSDs, using methods like overwriting for HDDs and Secure Erase commands for SSDs. Degaussing uses a powerful magnetic field to destroy data, but it is only effective on magnetic media like HDDs and is not effective on SSDs. Encryption renders data unreadable without the key, but it does not remove the data; a separate process called cryptographic erase (destroying the key) is a form of sanitization, but 'encryption' alone is not the answer. Formatting a drive typically only removes pointers to the data, leaving the actual data recoverable with forensic tools, and is not a secure method of disposal.

A Virtual Private Network (VPN) is the most suitable option for securely accessing the internal network because it creates an encrypted tunnel for data traffic between the remote user and the organization's network, protecting sensitive information while traversing public networks. Secure Sockets Layer (SSL) only encrypts data for specific sessions, which might not encompass all the sensitive traffic. Wi-Fi Protected Access 2 (WPA2) is a security protocol designed to secure wireless networks, not to protect data in transit over public networks between a remote user and an internal network. Lastly, Transport Layer Security (TLS) provides encryption for data-in-transit but typically secures data between web browsers and servers, rather than providing full network access like a VPN.

Passive reconnaissance involves collecting information without direct interaction with the target's systems, typically using publicly available resources. This method reduces the risk of detection compared to active reconnaissance, which involves direct engagement with the target.

A Non-Disclosure Agreement (NDA) is specifically designed to legally bind parties to keep shared sensitive information confidential. While other agreements like Service-Level Agreements (SLA), Master Service Agreements (MSA), and Memorandums of Understanding (MOU) address different aspects of vendor relationships, the NDA focuses on confidentiality.

Cross-site scripting (XSS) is the vulnerability exploited when attackers inject malicious code into a web application, which is then executed by other users' browsers. This happens when user input is not properly validated or encoded before being included in web pages. XSS can lead to theft of session tokens, personal data, and other malicious activities.

Cross-site request forgery (CSRF) involves tricking authenticated users into performing unwanted actions without their consent but does not involve injecting code into users' browsers. SQL injection targets the database by injecting malicious SQL queries, not code executed in users' browsers. Remote file inclusion allows an attacker to include a remote file on the web server, which is different from injecting code that runs in client browsers.

The correct answer is Full-Disk Encryption (FDE) because it encrypts the entire hard drive of the laptop, including the operating system, and ensures that all data on the device is protected. This is most effective for devices like laptops that can easily be stolen or misplaced, protecting against unauthorized access even if the laptop is turned off.

Partition encryption would only encrypt a specific partition of the hard drive, which means sensitive data stored outside of this partition would not be protected. File-level encryption would protect individual files, but it would not necessarily secure system files or temporary files that could contain sensitive data. Database encryption focuses on protecting data within a database and is not typically applied to the entire storage system of a laptop.

Applying updates, or 'patching', is essential because it resolves vulnerabilities that could be exploited by threat actors. Ignoring updates leaves systems susceptible to attacks that target these known weaknesses. Other options such as 'increasing system performance' or 'enhancing user interface' might be secondary benefits of some updates but are not the primary security purpose. 'Expanding compatibility' is usually not related to the security aspect of patching.

An Acceptable Use Policy establishes what users are permitted and prohibited from doing when using organizational information systems and resources. While it may reference penalties for violations, its core function is to define acceptable and unacceptable behavior, thereby reducing security and legal risk.

The correct answer is that a BCP's scope is to ensure all critical business functions can continue operating during and after a disruption. A Business Continuity Plan (BCP) is a comprehensive strategy that encompasses all aspects of a business to maintain critical functions. This is distinct from a Disaster Recovery Plan (DRP), which is a component of a BCP focused specifically on restoring IT systems and data. While communication strategies and relocation plans are important parts of a BCP, they are components within the broader objective of maintaining overall business operations.