CompTIA Security+ Practice Test (SY0-701)

Attribute-based access control is the correct answer because it is a method that defines an access control paradigm whereby access rights are granted to users through the use of policies that combine different attributes. These attributes can be associated with the user, the resource being accessed, the current time, and even the current environmental conditions. This is different from role-based access control that focuses solely on the roles that users have, discretionary access control which allows owners to define access, and mandatory access control which enforces access based on a centralized policy.

The primary role of monitoring in relation to indicators within a security infrastructure is to identify unusual patterns or behavior that may signify a security incident. While it might also help in enforcing policy by triggering alerts when anomalies are detected, and can be instrumental in retrospective analysis after an incident, its essential function centers on the prompt detection of potentially malicious activity. Understanding the nuances of monitoring's main role is important in distinguishing it from ancillary benefits such as policy enforcement or post-incident analysis.

By reporting the suspicious email to the organization’s security team, the employee is following the proper protocol for dealing with potential file-based threats. This allows the security team to investigate and respond to the threat effectively, possibly preventing a security breach. Opening or ignoring the attachment could lead to system compromise, and contacting the manager directly may not stop the potential threat in time if the file is indeed malicious.

Implementing a password manager application allows users to securely store and manage complex and unique passwords for all their accounts. This encourages the use of strong, unique passwords without the burden of memorization. Enforcing strict password policies may lead to password reuse or users writing down passwords. Single sign-on (SSO) reduces the number of passwords but does not promote unique passwords for each service. Implementing biometric authentication enhances security but doesn't address the management of multiple complex passwords.

A large amount of failed login attempts followed by a successful login from the same IP address is a strong indicator of a brute force attack, where an attacker systematically tries different passwords or passphrases with the hope of eventually guessing correctly. The other options, although plausible under different circumstances, do not align as closely with the specific pattern of login attempts described in the question.

Digital signatures use asymmetric encryption to associate a sender's identity with a document uniquely. This provides non-repudiation by ensuring that the sender cannot deny authoring the document, and the recipient can verify its authenticity. Strong authentication verifies user identities but does not prevent users from denying their actions. Hashing ensures data integrity but does not link actions to specific users. Encryption protects data confidentiality but does not provide proof of the sender's identity.

Tokenization is the appropriate method to secure sensitive data at rest, especially for financial transaction data which can contain credit card numbers or personal identification information. By replacing sensitive data with non-sensitive placeholders, tokenization allows the company to handle payment information without exposing actual sensitive data, thus maintaining compliance with industry regulations like PCI DSS. On the other hand, masking and obfuscation may hide data but still could leave it vulnerable to unauthorized access, and hashing, while useful for integrity checks, is not reversible and thus not suitable for data that needs to be retrieved in its original form.

Uninstalling software applications that are not essential to a system's primary functions directly benefits security by reducing the number of potential attack vectors available to a threat actor. Every piece of software can introduce vulnerabilities, and non-essential applications may not be maintained with the same rigor as critical ones, leading to increased security risks. By minimizing the number of installed programs, the scope for vulnerabilities is narrowed, bolstering the system's resilience to cyber threats.

In a watering hole attack the attacker infects a website that is known to be commonly used by an organisation or industry. For example a specific industry news site to attack a business in that industry or the entire industry in general. With the knowledge that users frequent the website the attackers are able to target them with malware and if the attack is successful to install malicious software.

Performing a vendor risk assessment is crucial as it helps an organization to identify, evaluate, and mitigate the risks associated with a potential vendor. The assessment can reveal security practices and compliance with industry standards, helping the organization understand the level of risk it may assume if entering into an agreement with the vendor. Orders such as 'Right-to-Audit Clause' and 'Due Diligence' are more focused on ongoing monitoring or the preparation for the audit process itself, though they are related to the broader scope of risk management. A 'Business Impact Analysis' is generally used for internal purposes to assess the impact of disruptions on the business and is less about evaluating third-party vendors.

An Information Security Policy (ISP) is the foundational, high-level document in a security governance structure. It outlines an organization's overall security posture, objectives, and responsibilities. The ISP serves as the authority that mandates the creation and implementation of other, more specific policies, standards, and plans, including the Incident Response Plan and Disaster Recovery Plan. The other options are all specific plans or policies that are typically created under the guidance and authority of the main Information Security Policy.

The most effective control to protect the confidentiality of data at rest, such as proprietary formulas on a server, is encryption. Even if an attacker or unauthorized user gains access to the file system, the encrypted data will remain unreadable without the proper decryption key. While physical security, access control lists (ACLs), and network segmentation are important layers of defense, they do not protect the data itself if those layers are breached. Encryption directly protects the data from unauthorized disclosure.

The Policy Engine is the decision-making component of a Zero Trust architecture. It receives contextual information about the subject, device, and requested resource, compares that information to enterprise security policies, and returns an allow, deny, or revoke decision. Enforcement of the decision is performed by the Policy Administrator and the Policy Enforcement Point, not by the Policy Engine itself. The distractors describe logging, authentication services, and routing functions that are unrelated to the Policy Engine's role.

A packet capture involves collecting all the packets that pass through a certain point on a network. It allows security professionals to see the data being transmitted over the network, which can be valuable for analyzing traffic, troubleshooting network problems, or investigating security incidents. Examining packet contents helps to identify malicious activities, policy violations, or unauthorized data exfiltration. It's a detailed form of network monitoring used to closely inspect network traffic.

Establishing specific deadlines for the restoration of vital services is the cornerstone of an effective contingency plan, ensuring that the most critical operations are available again to meet business needs and customer expectations. While a meticulous resource inventory is useful for resource management and recovery, and defining storage and retrieval processes preserves data integrity, neither sets the timeline for restoring business services. Regulation adherence is also a consideration in planning but does not determine the urgency with which services must be reactivated.