CompTIA Security+ Practice Test (SY0-701)

The correct answer is 'Brute force attack'. This type of activity suggests an attempt to guess the password by systematically trying numerous possible combinations. A brute force attack often generates many failed login attempts in a short time frame, which would be recorded by an IDS. An IDS is designed to detect this kind of anomalous behavior and raise alerts accordingly. 'Port scanning' involves probing a server for open ports and does not necessarily result in multiple failed login attempts and would not typically generate an IDS alert for this behavior. 'DDoS attack' and 'Phishing attempt' are also incorrect because although they are security threats, they generally do not result in repeated failed logins on a server.

Resilience refers to the ability of a system to continue to operate properly in the face of adversity. This can include redundancy, fault tolerance, and robust design choices that allow a system to endure and recover from disruptions. Scalability refers to the capacity of a system to handle growth, while maintainability concerns the ease with which a system can be kept operational. Responsiveness measures how quickly a system reacts to input.

An owner is an individual or entity that has approved management responsibility for controlling the production, development, maintenance, use, and security of the assets. This includes ensuring appropriate access controls are in place and the integrity and security of the asset are maintained.

The installation of an unauthorized wireless router or access point is known as a Rogue Access Point or Rogue AP. A Rogue AP could be an attack or simply an employee breaking policy and setting up a wireless AP without permission. This is dangerous as the wireless device (without proper configuration) would allow outside devices onto the network and would be the equivalent of gaining physical access to the network.

Web browsers establish encrypted sessions with external web servers using the HTTPS protocol, which by default uses TCP port 443. Allowing outbound (and corresponding return) traffic on this port restores secure web access. Ports 80 and 8080 carry unencrypted HTTP, while 3389 is used for Remote Desktop, so opening those would not solve the problem.

A password policy is the set of rules used to define how users create and maintain their passwords within an organization. This policy establishes the minimum requirements for password complexity, such as the use of uppercase and lowercase letters, numbers, special characters, and the frequency at which passwords must be changed. This helps to prevent unauthorized access by ensuring that passwords are sufficiently complex and changed regularly. Other options do not directly apply to user credentials and their security requirements.

After completing a gap analysis, best practice is to develop a structured remediation plan that prioritizes and assigns actions to close the identified gaps. Implementing individual technologies, rewriting policies, or launching broad training programs before establishing such a plan can waste resources and may not fully resolve the deficiencies discovered.

Risk appetite is the overall amount of risk an organization is willing to accept to achieve its objectives. Risk tolerance is the specific, permissible deviation from the organization's risk appetite for a particular initiative or risk category. Risk identification is the process of finding and documenting risks, while a risk register is the document used to log and track these identified risks.

Using a version control system is the best method for managing and controlling application versions as it allows teams to track changes, revert to previous versions, and maintain a history of modifications. This system enables quick reversion to a known good state in case the new update causes issues. Manual backups could also allow reversion but lack the history tracking and might not be as current. An automated patch management tool is more for ensuring systems are up-to-date and is not designed primarily for version tracking or quick reversion. The disaster recovery plan focuses on recovering from catastrophic events and is not typically used for routine version management.

An air-gapped network is the best solution for ensuring high security and operational isolation as it is a physical isolation technique that completely separates the critical systems from unsecured networks, preventing any form of external access or data breach. Logical segmentation, while useful, doesn't offer physical isolation and can be bypassed if the network is compromised. A Virtual Private Network (VPN) provides secure remote access but does not address the requirement for physical isolation of the system. Using an Intrusion Prevention System (IPS) will add a layer of security but does not create isolated operational systems.

Cross-site Request Forgery (CSRF) vulnerabilities allow unauthorized commands to be transmitted from a user that the application trusts. The use of anti-CSRF tokens is the best mitigation technique because it ensures that the web application validates the user's intended actions by matching the token with the one it issued, therefore preventing CSRF attacks. Using input validation may prevent other types of attacks such as SQL Injection or XSS, but not CSRF. Implementing a content security policy can help mitigate XSS and clickjacking attacks, but not CSRF specifically. While parameterized queries are used to prevent SQL Injection, they do not protect against CSRF.

The best strategy is to assign access rights according to the functions necessary for each job role within the new platform. The analytics division should receive a viewing and reporting role to access and analyze data without the risk of altering it, enhancing data integrity. Conversely, the account management division should be given a more comprehensive role that encompasses the creation, viewing, updating, and deletion of client records, aligned with their day-to-day account maintenance and client interaction tasks. This access control mechanism follows the principle of 'least privilege,' granting users only the permissions necessary to perform their jobs, which is a fundamental aspect of secure role assignments. Using 'RBAC' without explaining its meaning or acronym form could lead to confusion for those unfamiliar with the term, highlighting the necessity for clarity in both teaching and testing environments.

The Recovery Point Objective (RPO) represents the maximum period of data that an organization can tolerate losing during a disaster event. A tighter RPO calls for more frequent backups, whereas a lenient RPO allows for less frequent backups. Understanding the RPO helps to determine the backup schedule that aligns with the business's data loss tolerance. On the contrary, Recovery Time Objective (RTO) focuses on the maximum amount of time an organization can tolerate to recover operations; meanwhile, Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE) pertain to financial impacts of data loss and do not directly dictate backup frequencies.

Integrity refers to the accuracy and reliability of data. When the IT administrator overwrote the configuration files, it led to incorrect data being presented, thus compromising data integrity. Confidentiality involves protecting information from unauthorized access, which is not the issue here. Availability ensures that systems and data are accessible when needed, but the systems are still operational. Authentication relates to verifying the identity of users or systems, which is not impacted in this scenario.

A credentialed vulnerability scan was done. While the other answers could also be correct (e.g. it could have been an intrusive and credentialed scan) but with the information given in the question you could not know this. When a credentialed scan is used the scanner has valid user credentials while in a non-credentialed attack they do not.