CompTIA Security+ Practice Test (SY0-701)

With asymmetric encryption, the sender uses the recipient's public key to encrypt the data. Only the holder of the mathematically related private key can decrypt that ciphertext, so confidentiality is preserved even if the encrypted traffic is intercepted. In contrast, symmetric encryption relies on a single shared secret key (Answer 1), digital signatures created with a sender's private key provide integrity and authentication-not confidentiality (Answer 3), and striping data across drives (Answer 4) is a storage redundancy technique unrelated to encryption.

Deterrent controls are designed to discourage potential attackers. Warning signs are a classic example as they inform individuals of the consequences of trespassing, aiming to deter the action. This is not a preventive control, as it does not physically stop an intruder (e.g., a fence or a lock). It is not a corrective control, which is used after an incident to limit damage (e.g., restoring from backups). It is also not a compensating control, which serves as an alternative when a primary control is not feasible.

The correct answer is the Service-Level Agreement. A Service-Level Agreement is a formal document that outlines the expected level of service provided by a vendor, including measurable performance metrics like uptime and response times. Memoranda of Agreement and Memoranda of Understanding typically document more general cooperation or mutual intent between parties without delving into specific service metrics. A Master Service Agreement establishes a contractual framework that might not detail service metrics, which are often found in subsequent work orders or statements of work. A Non-Disclosure Agreement is focused on confidentiality of information and does not relate to service performance criteria. A Business Partners Agreement is similar in some respects but is not primarily concerned with specific service delivery metrics like response times or system availability.

Least privilege requires each user to have no more permissions than are strictly necessary. Removing the ability to create or delete shares-or any other rights not tied to invoice processing-satisfies the principle. Granting full administrative rights, adding MFA, or limiting login hours may improve security in other ways but do not reduce the scope of existing permissions to the absolute minimum.

Web browsers establish encrypted sessions with external web servers using the HTTPS protocol, which by default uses TCP port 443. Allowing outbound (and corresponding return) traffic on this port restores secure web access. Ports 80 and 8080 carry unencrypted HTTP, while 3389 is used for Remote Desktop, so opening those would not solve the problem.

A Web application firewall (WAF) provides specialized protection to web applications by filtering and monitoring HTTP traffic and can specifically target and mitigate threats like SQL injection and cross-site scripting. While network-based, host-based, and cloud-based firewalls can offer protection at different levels, a WAF is specifically designed to secure web applications against these types of web-based threats. A Unified Threat Management (UTM) device provides broad network security solutions but is not specialized in web application security like a WAF is.

The correct answer is to subscribe to and analyze threat intelligence feeds. Threat intelligence feeds provide up-to-date information on emerging threats, new attack vectors, malware, and adversary tactics, techniques, and procedures (TTPs). This allows security professionals to proactively adjust defenses against new threats. While the other options are valid security practices, they are not the most effective for identifying emerging threats. Regular vulnerability scanning is crucial for finding known vulnerabilities in the current environment but is reactive to what is already known. Enforcing stronger password policies is a fundamental security control but does not provide insight into new attack methods. Annual penetration testing validates existing defenses against known attack types but is a point-in-time assessment and less effective for continuous monitoring of new, evolving threats.

A worm is a type of malware that replicates itself in order to spread to other computers, often over a network. It can consume system resources which can lead to denial of service. Unlike a virus, it does not need to attach itself to an existing program and often exploits vulnerabilities in network services to spread. Ransomware, while it may spread across networks, is primarily known for encrypting files and demanding a ransom; it is not characterized by its ability to replicate on its own. Spyware is designed to gather information without consent and does not typically replicate itself. A rootkit is designed to provide unauthorized access to a computer system and conceal its presence, not to propagate across networks.

As you are scanning the live/production system a non-intrusive scan is best. Non-intrusive means security issues will be identified but not exploited as to not negatively impact the system. The issue with this is some vulnerabilities cannot be found without trying an exploit (e.g. a SQL injection to delete data can't be tested without actually deleting data). Due to this the scenario described in the question is not ideal and it's possible vulnerabilities that exist will not be found.

The best strategy is to assign access rights according to the functions necessary for each job role within the new platform. The analytics division should receive a viewing and reporting role to access and analyze data without the risk of altering it, enhancing data integrity. Conversely, the account management division should be given a more comprehensive role that encompasses the creation, viewing, updating, and deletion of client records, aligned with their day-to-day account maintenance and client interaction tasks. This access control mechanism follows the principle of 'least privilege,' granting users only the permissions necessary to perform their jobs, which is a fundamental aspect of secure role assignments. Using 'RBAC' without explaining its meaning or acronym form could lead to confusion for those unfamiliar with the term, highlighting the necessity for clarity in both teaching and testing environments.

While automation brings efficiency, consistency, and speed, it can also concentrate reliance on a single script, platform, or orchestration engine. If that component fails, the organization could lose critical security visibility and controls-a classic single point of failure. By contrast, improved reaction time, automatic enforcement of baselines, and standardized infrastructure configurations are typical benefits, not risks, of automation.

When hardware reaches end-of-life, the vendor stops releasing firmware or driver updates, including security patches. Any publicly known or newly discovered vulnerability therefore remains unpatched and can be exploited by threat actors, turning the outdated hardware into an easy entry point for attacks. Organizations must plan to replace or isolate such assets to maintain a secure posture.

A hot site is a fully equipped and operational duplicate of the primary site, often with real-time data synchronization, designed for immediate or near-immediate failover. This meets the requirement for the fastest possible recovery time, typically within minutes to hours. A warm site has hardware and connectivity but requires data to be restored from backups, leading to a recovery time of hours to days. A cold site is a basic facility with space, power, and cooling, but no pre-installed hardware, resulting in a recovery time of weeks or longer. 'Lukewarm site' is not a standard industry term for disaster recovery sites.

The correct answer is port 443. Hypertext Transfer Protocol Secure (HTTPS) is the standard protocol for secure web communication and uses TCP port 443 by default. Port 80 is used for unencrypted HTTP traffic. Port 143 is the default for Internet Message Access Protocol (IMAP), which is used for email retrieval. Port 3389 is used for Remote Desktop Protocol (RDP).

The primary goal of a tabletop exercise is to verify the effectiveness of an organization's incident response plan through a facilitated discussion on how to address and manage hypothetical security incidents. This non-technical assessment focuses on communication, coordination, and decision-making processes, distinguishing it from other forms of response drills that involve active technical engagement.

Establishing a comprehensive data governance framework that is built to comply with the highest standard among international data protection regulations ensures that the organization operates above the baseline requirements of all jurisdictions it operates in. This approach is usually more efficient than attempting to comply with each set of local regulations separately and minimizes the risk of non-compliance. Marking the setup of an external compliance team as the correct answer would be inappropriate because it does not necessarily ensure compliance with global data protection standards. Creating a data retention policy focusing on the least restrictive standards does not ensure compliance with more stringent regulations in other jurisdictions. Lastly, leaving the compliance decision to local IT departments may result in a fragmented and inconsistent approach to data protection that could lead to non-compliance.

The correct answer requires a physical object that the user must possess in order to authenticate, known as 'something you have'. Unlike knowledge-based factors ('something you know') like passwords, or inherence factors ('something you are') like biometrics, possession factors provide a tangible means of user authentication. This kind of factor can be easily demonstrated by presenting the object and, therefore, serves as a strong layer of security when used as part of multifactor authentication.

An anomaly-based Network Intrusion Detection System (NIDS) detects unusual network traffic after first being 'trained' on normal network traffic. Theses systems use data mining and artificial intelligence to classify traffic as normal or anomaly/potentially malicious.

Custodians, also known as stewards, are responsible for the day-to-day maintenance and implementation of the security controls over assets based on the policies and guidelines set forth by the organization. While an owner may define the policy for data protection, it is the custodian's role to enforce and implement these policies through technical means, such as configuring and applying encryption to sensitive data. The data owner is typically a senior-level executive who defines what level of protection is required for the data but does not directly manage the security mechanisms. The controller is responsible for making decisions about the processing of the data, and auditors are responsible for reviewing the adherence to policies and regulations, not implementing security measures.

Whaling is a type of phishing attack that targets high-level executives with the purpose of stealing sensitive information from a company. The term 'whaling' is used because it refers to going after the 'big fish' or high-value targets within an organization. Unlike typical phishing attacks, whaling emails are highly customized and often include specific details relevant to the target to make them appear more legitimate.