CompTIA Security+ Practice Test (SY0-701)

Only Twofish is a symmetric-key block cipher that uses the same key for encryption and decryption. Diffie-Hellman, RSA, and DSA all rely on public-key (asymmetric) cryptography and therefore do not meet the requirement of being symmetric.

An Identity and Access Management (IAM) solution is the most appropriate because it enables centralized management of user identities and automates provisioning and de-provisioning across multiple systems. This saves time, minimizes human error, and enforces consistent access policies, thereby improving both operational efficiency and security.

Default passwords are often publicly known and can be easily discovered by attackers through manuals or online databases, leaving devices and systems vulnerable to unauthorized access. Changing default passwords to unique, strong passwords is essential for securing the device against unauthorized access or control. Using default passwords does not provide adequate security because they can be quickly exploited by threat actors who have knowledge of these defaults.

This scenario describes a phishing attack, which is a form of social engineering where attackers masquerade as a trustworthy entity in an email to distribute malicious links or gather sensitive information like login credentials. The described situation fits the classic pattern of a phishing attempt through email, exploiting the credibility of 'system maintenance' to deceive employees into providing their information. It is not a vishing attack because that involves using phone calls to obtain confidential information. Smishing attacks involve the use of SMS texts, not emails. While typosquatting could be used in conjunction with phishing, it specifically involves registering domains that are slight misspellings of legitimate company domains and there is no mention of this detail in the scenario.

Surveillance cameras provide continuous visual coverage, enabling staff to detect and verify unauthorized activity from a safe location while also recording evidence. They serve as both a deterrent and a detective control. Bollards are intended to stop or slow vehicles but do not provide visual monitoring. Keypad door locks regulate entry but offer no real-time visibility into an attempted breach. A mantrap limits access to one person at a time but typically lacks external video coverage of wider areas, so it does not satisfy the requirement for remote visibility.

An anomaly-based Network Intrusion Detection System (NIDS) detects unusual network traffic after first being 'trained' on normal network traffic. Theses systems use data mining and artificial intelligence to classify traffic as normal or anomaly/potentially malicious.

User provisioning automates the creation of user accounts and the assignment of appropriate access rights, effectively streamlining the onboarding process. While ticket creation can help manage access requests, it does not automate the provisioning itself. Continuous integration and testing are related to software development practices, and security groups organize users but do not automate access provisioning.

Applying all vendor-supplied security updates and critical patches ensures that known vulnerabilities in the operating system and installed applications are remediated before the systems are exposed to users or the internet. Enabling guest accounts, opening all outbound firewall ports, or using the same local administrator password across machines would each increase the attack surface and therefore do not constitute proper hardening.

The first and most effective action to address the issue is to modify the permissions on the files to ensure that only the development team has access. This alteration directly addresses the problem identified during the audit by enforcing proper access controls, thereby preventing unauthorized access to sensitive information. Disabling the shared network drive would remove access for the authorized development team and is not a precise method of access control. Performing a user account review may surface additional issues but will not rectify the immediate concern of unauthorized access to the proprietary source code. Monitoring the file access patterns is a reactive approach and would not prevent further unauthorized access.

The correct answer is that the policy serves as a managerial control that guides the implementation of the technical control (encryption). Managerial controls, such as policies and procedures, establish the security requirements and framework for an organization. Technical controls are the specific hardware or software mechanisms, like encryption, used to enforce those policies. The other options are incorrect because the roles are not reversed, the encryption is not a compensating control in this context, and the controls belong to different categories (managerial and technical), not both operational.

Input validation is the process of ensuring that a program operates on clean, correct, and useful data. It uses rules to check for data correctness, meaningfulness, and security before the data is processed by the application. This technique is a primary defense against a wide range of data manipulation attacks, such as SQL injection, buffer overflows, and cross-site scripting (XSS), which often originate from user-submitted data. The other options are also important for application security but serve different functions. Static code analysis finds vulnerabilities in source code before runtime, secure cookie implementation protects session data, and the principle of least privilege limits the potential damage from an exploit rather than preventing the initial input-based attack.

Vulnerability classification is the process of systematically categorizing security weaknesses based on their nature, such as the type of flaw (e.g., buffer overflow, misconfiguration) or the affected system. This allows an organization to group similar issues, assign them to the correct teams, and develop a prioritized and organized approach to remediation. Vulnerability scoring, like CVSS, assigns a severity score but does not categorize the vulnerability type. Vulnerability enumeration, like CVE, involves identifying and listing individual vulnerabilities.

The correct answer is port 443. Hypertext Transfer Protocol Secure (HTTPS) is the standard protocol for secure web communication and uses TCP port 443 by default. Port 80 is used for unencrypted HTTP traffic. Port 143 is the default for Internet Message Access Protocol (IMAP), which is used for email retrieval. Port 3389 is used for Remote Desktop Protocol (RDP).

The initial focus in the event of a security breach should be to limit the damage and prevent further compromise. This is achieved by containing the threat, thereby stopping the incident from affecting additional resources. While documenting the events and notifying appropriate parties are also important, these actions occur after the immediate threat has been controlled to prevent exacerbation of the situation. Analyzing logs is part of the subsequent investigation and not the immediate concern when a breach is in progress.

Because the company processes personal data of EU residents, California residents, and Brazilian employees, it falls under the extraterritorial scopes of the GDPR, CCPA/CPRA, and Brazil's LGPD. Building one privacy framework that satisfies the strictest overlapping requirements (for example, GDPR's consent rules, LGPD's data-subject rights, and CCPA opt-out mechanisms) and applying it globally reduces complexity and the risk of missing a jurisdiction-specific obligation. Limiting compliance to U.S. federal laws ignores extraterritorial statutes; maintaining separate policies for each location is error-prone and resource-intensive; relying solely on consent pop-ups fails to address breach-notification, security, and data-subject access requirements.

The correct set of permissions adheres to the principle of least privilege. The accounting department's requirement to 'add and edit files' is best met with the 'Write' permission. The auditing and sales departments' requirement to 'review the contents' is met with the 'Read' permission. Using 'Read & execute' would be excessive for the auditing and sales teams as there is no requirement to run programs from the share. Granting 'Modify' or 'Full control' to the accounting department would also violate least privilege, as these permissions include rights (like deletion or changing permissions) that were not specified in the requirements.

Regularly updating an organization's computing resource inventory is essential for identifying and managing vulnerabilities, as well as ensuring the security posture is up-to-date. Failure to maintain an updated inventory increases the risk of incidents because unmanaged, unknown, or unpatched resources can become vectors for security breaches. It is less about physical tracking or license compliance, and more about understanding what needs to be protected and ensuring appropriate security measures are in place.

Corrective controls are implemented to reduce the impact and fix issues after a security incident has occurred. In this scenario, restoring the files from a backup is a corrective action because it remediates the damage caused by the ransomware attack. Preventive controls, like firewalls or antivirus software, are designed to stop an incident from happening. Detective controls, such as system logs or intrusion detection systems, are used to identify that an incident is occurring or has occurred. Compensating controls are alternative measures used when a primary control is not feasible.

Automated compliance tools are the best method for continuous monitoring as they can scan configurations and activities in real-time, providing immediate alerts on non-compliance. This allows for rapid remediation. Quarterly manual audits are periodic, not continuous, and can miss issues that arise between checks. While essential, compliance training is a preventative measure that builds awareness rather than a monitoring function. A feedback channel is a useful process for policy improvement but does not actively monitor the infrastructure for compliance.

Efficiency/time saving is a primary benefit of automation because it allows for quicker execution of repetitive tasks, reduces the potential for human error, and frees up personnel to focus on more complex tasks that cannot be automated. In contrast, complexity, cost reduction, and risk spread by automation are effects or considerations that can be associated with automation, but they are not universally accepted as primary benefits. Complexity actually refers to the potential increase in system complexity due to automation. Cost can sometimes be reduced by automation due to labor savings, but this isn't a guaranteed benefit because initial setup and maintenance can be costly. Risk spread is not a term commonly associated with the benefits of automation in secure operations.