CompTIA Security+ Practice Test (SY0-701)

Both the visible signs and the plainly mounted cameras are intended to influence human behavior by making would-be intruders think twice before acting. They raise the perceived risk of being identified and caught, thereby discouraging an attack. Because their primary purpose is psychological discouragement rather than physical prevention, detection, or post-incident recovery, they are classified as deterrent controls. Detective controls (such as audit logs) identify events that have already occurred, preventive controls (such as door locks) stop access outright, and corrective controls (such as restoring from backups) limit damage after an incident.

Multiple active sessions from widely separated locations suggest that the same credentials are being used by more than one party at the same time. This indicator, known as concurrent session usage (or impossible travel), often points to stolen or shared credentials and should trigger an investigation or automatic mitigation steps such as step-up authentication or forced log-out. The other choices describe different attack types or symptoms that do not match simultaneous, geographically disparate logins.

The Rules of Engagement document is critical in penetration testing as it outlines the scope, methods, timeline, and contact points, and it defines what activities are permitted during the test. This mitigates the risk of unauthorized or unintended actions that could cause harm to the organization or lead to legal complications. While service agreements, memorandums, and work statements have their respective places in the formalization of services, they do not provide the detailed rules and limitations required for a penetration test.

A self-encrypting drive (SED) contains dedicated hardware in its controller that automatically encrypts every bit of data written to the disk and decrypts it transparently when read. Because the cryptographic operations occur on the drive itself rather than through the host CPU or software, the entire contents-including the operating system, applications, and user files-remain fully encrypted at rest. The other options do not provide built-in, hardware-level full-disk encryption.

In systems and data governance, the owner is the individual or entity that has formal, management-approved responsibility for an asset throughout its life cycle. That responsibility includes ensuring the asset is properly developed, maintained, secured, and used, and that appropriate access controls and other safeguards remain in place. Custodians interact with the data day to day, processors handle data on behalf of a controller or owner, and audit teams merely verify compliance; none of those groups carry the full life-cycle accountability that defines ownership.

A questionnaire can still be an effective assessment tool without a formal cross-reference to a framework-provided the questions elicit adequate evidence about the controls that matter for the vendor's specific risk profile. Mapping to a framework is helpful for consistency and coverage, but it is not an absolute requirement; effectiveness depends on how well the questionnaire addresses the organization's risk tolerance, regulatory drivers, and the vendor's service scope. Framework alignment simply offers one proven method to reach that goal.

Video surveillance is primarily used to monitor and record activity for later review. It can act as both a deterrent and a tool for forensic analysis after a security incident. Bollards are used as a barrier to protect against vehicle ramming attacks. An access control vestibule is a security feature that controls two or more interlocking doors. Lighting is used to enhance visibility and deter unauthorized access, but does not record activity.

The correct answer is 'Authentication' because the implemented access code from a hardware token is an additional authentication factor that must be presented along with the username and password. This is known as multi-factor authentication (MFA), which significantly increases the security by requiring multiple forms of verification before granting access.

The incorrect choices are: 'Authorization' refers to granting or denying rights to a user, resource, or service once authentication has been successful. 'Accounting' involves tracking user activities and resource usage, which could be for billing or auditing purposes. 'Non-repudiation' ensures that a person or entity cannot deny sending a message or transaction, which is not directly enhanced by the addition of a hardware token.

A security key is a physical device that provides a second factor of authentication for a user accessing a service. As a "something you have" factor, it is a core component of multifactor authentication (MFA), which requires at least two verification factors to enhance account security. While physical tokens can include devices like key fobs or smart cards, modern security keys typically connect via USB, NFC, or Bluetooth and use advanced cryptographic protocols like FIDO2 to resist phishing attacks.

The methodical shift across a range of network addresses from which the login failures originate is a strong indicator of automation, commonly seen in attack patterns like credential stuffing. Attackers often use large sets of compromised username and password pairs against various user accounts to find matches. This pattern is less likely to be caused by user errors, which would typically not exhibit such precise changes in source locations, nor would they be expected to focus on high-privilege accounts specifically. Additionally, a configuration error or an issue with the authentication service would unlikely lead to systematic login attempts from changing network locations.

The correct step after discovering a non-compliance issue in an internal audit is to report the issue to the appropriate department or individual responsible for compliance. This initiates the process of addressing the non-compliance, which may include a review of the issue, adjusting the non-compliant system, or implementing additional controls to ensure that it meets the organization's encryption standards. It is central to the concept of internal compliance reporting that such issues are promptly and effectively communicated to enable swift corrective action.

Exposure Factor is the percentage of the asset's value that is estimated to be lost due to a security incident. It represents the magnitude of the impact should a security breach occur in terms of the asset's value. In this scenario, identifying the percentage of the $2 million in assets that would potentially be lost during a network compromise is a direct application of the 'Exposure Factor' concept.

Secure Shell (SSH) establishes an encrypted session-typically over TCP port 22-that protects login credentials and all commands exchanged between the client and the server. Telnet, HTTP, and SNMPv1 transmit data in plaintext, making them vulnerable to interception and man-in-the-middle attacks. For that reason, SSH is the industry-standard choice for secure remote administration.

Hot sites are fully equipped data centers that can take over functionality from the primary site immediately or within a minimal time frame after a disaster. This allows for continuity of operations and a swift return to normal activities, which is crucial for maintaining mission-critical processes during an unplanned interruption. Cold sites, while less expensive, require more time to set up and are not ideal for immediate failover. Warm sites offer a middle ground but still involve a delay in resumption compared to hot sites. While backups are important, they are typically used to restore data and do not by themselves ensure operational continuity.

'Right to Be Forgotten' is a privacy principle that allows individuals to request the deletion of their personal data from an organization's records.This relates to the control individuals have over their personal data and the obligations of the data controller.

The Owner of the data is responsible for making decisions about the data, establishing control mechanisms, and determining data classification levels. They are accountable for ensuring that the data is properly protected and used in compliance with legal and organizational requirements. The Processor is responsible for processing data on behalf of the Controller as per their instructions. The Custodian (also known as the Steward) is responsible for maintaining and protecting the data assets on a day-to-day basis. The Controller determines the purposes for which and the means by which personal data is processed but may not own the data or the process.

A Blackmail motivation typically involves the threat of revealing sensitive information unless a demand (often for payment) is met, which aligns with the modus operandi of organized crime groups. Organized crime syndicates are known for seeking financial gain through coercion and intimidation, making them the most likely to engage in blackmail. Nation-state actors, while possessing the capability for such actions, are usually driven by espionage or political objectives. Unskilled attackers often lack the expertise to obtain and leverage sensitive information effectively, and hacktivists are generally motivated by political or social objectives, not financial gain through extortion.

Financial gain is the likely motivation because the attacker can use or sell the stolen credit card information for monetary profit. Espionage involves obtaining confidential information for strategic advantage, typically in a political or corporate context, which is not indicated here. Revenge would suggest the attacker has a personal vendetta against the company, but there is no such indication. Data exfiltration refers to the unauthorized transfer of data, but in this context, it's the means rather than the motivation.

The primary purpose of implementing automation in vulnerability management is to increase efficiency and consistency in identifying and responding to security vulnerabilities. Automated tools can consistently monitor systems for known vulnerabilities, help in scheduling scans, and manage patch deployment without the need for manual intervention. While automation certainly helps in maintaining minimum security baselines and reduces the chances of user error, its main role in the context of vulnerability management is to streamline the detection and remediation of vulnerabilities within a system.

Syslog is a vendor-neutral standard for message logging. It includes a standard format for log messages and a network protocol for sending that data to a central logging server. It is widely used by network devices like routers, switches, and firewalls, and on Unix and Linux operating systems. The other options are incorrect. A Security Information and Event Management (SIEM) system collects and analyzes logs but is not the logging standard itself. Simple Network Management Protocol (SNMP) is a protocol for network management, not a logging standard. 'Event manager' refers to proprietary systems like the Windows Event Viewer, not a vendor-neutral standard.