CompTIA Security+ Practice Test (SY0-701)

An independent third-party audit is the correct response because it involves an external entity reviewing the organization's compliance with required standards, regulations, and controls, thereby providing an unbiased assessment of the company's security posture. This type of audit is specifically useful for meeting regulatory compliance that mandates external validation of security practices. A right-to-audit clause is commonly included in contracts and would allow the company to audit third-parties, but is not the appropriate tool for an external review of the company itself. Internal compliance reporting, while necessary, does not fulfill the requirement for an independent review. Similarly, self-assessments are conducted internally and lack the independent aspect required by the regulation.

This security measure is insufficient because client-side restrictions, such as using a drop-down menu, can be bypassed. An attacker can use a tool like a web proxy to intercept the HTTP request after it is sent from the browser and modify the value for the 'country' parameter to a malicious SQL string before it reaches the server. Therefore, all input must be validated and sanitized on the server-side, and parameterized queries should be used to prevent SQL injection.

Intrusion Detection Systems (IDS) are designed to monitor network and system activities for malicious activity or policy violations. A well-configured IDS can detect numerous types of malicious network traffic and computer usage that often go unnoticed by a firewall, which makes it an excellent choice for identifying unauthorized accesses or anomalies. Anti-virus software, while useful for detecting and removing malware, does not generally monitor network traffic for anomalies. Firewalls are preventive controls that block unauthorized access based on predefined rules but do not perform post-passage anomaly detection. Security training is essential for personnel but does not continuously monitor network traffic.

An 'Ad Hoc' risk assessment is performed as required, without a regular schedule, often in response to significant changes or new threats to an organization's environment. It contrasts with recurring or continuous assessments that happen at regular intervals or constantly, respectively. A 'Qualitative' risk assessment refers to the process that prioritizes risks based on their severity and impact, rather than their frequency or timing.

With asymmetric encryption, the sender uses the recipient's public key to encrypt the data. Only the holder of the mathematically related private key can decrypt that ciphertext, so confidentiality is preserved even if the encrypted traffic is intercepted. In contrast, symmetric encryption relies on a single shared secret key (Answer 1), digital signatures created with a sender's private key provide integrity and authentication-not confidentiality (Answer 3), and striping data across drives (Answer 4) is a storage redundancy technique unrelated to encryption.

Security cameras are a form of deterrent control designed to discourage unauthorized individuals from attempting to access a secure area. Their presence is often enough to dissuade potential attackers as it increases the likelihood of being caught and recorded, which can lead to identification and potential prosecution. In contrast, badge readers and mantraps, while part of physical security measures, are types of preventive controls that actively prevent unauthorized access. Security awareness posters do not directly discourage trespassers from entering secured premises, as they are more focused on educating authorized personnel on maintaining security practices.

The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.

Version control is primarily used to manage and control different versions of software, configurations, and other artifacts. It allows for tracking changes, reverting to previous versions if needed, and maintaining a clear audit trail of modifications. While version control can help with documentation, collaboration, and identifying issues, its main purpose is to effectively manage and control versions of various assets.

A possession factor is an authentication method based on something the user physically possesses. A hardware authentication token is a small physical device that can generate a secure login code or house digital certificates and is carried by the user to provide a possession factor for authentication. Eye color is a trait, not something possessed. A password is something the user knows, and a mobile app authorization request, while delivered to a device the user possesses, by itself is not considered a possession factor until accepted and is not inherently a physical item.

The term 'Likelihood' refers to the probability that a given threat could potentially exploit a specific vulnerability within an organization's security framework. Understanding and determining the likelihood is crucial in risk management as it helps prioritize risks and informs decision making regarding the implementation of controls.

Requiring new hires to complete security awareness training before any network credentials are issued ensures they understand organizational policies and their responsibilities. Granting only the minimum role-based access they need after training limits potential damage if an account is compromised. Additional privileges can then be added as employees demonstrate continued compliance, reflecting the principle of least privilege. Approaches that grant full access before training or postpone training increase the window of exposure and contradict accepted best practices.

Layer 2 addresses-also called physical or MAC addresses-identify the network interface of a device. MAC address filtering restricts wireless access to devices whose MAC addresses appear on an allow-list (or blocks those on a deny-list). Although this control can deter casual or accidental connections, it is easily bypassed through MAC-address spoofing, so it should never be the sole means of protecting a network.

Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.

Adding fingerprint scanning as an additional factor is the MOST secure option among the choices given. It provides a high level of accuracy and is less subject to duplication or impersonation compared to other methods such as voice recognition. While facial recognition is secure, it can sometimes be influenced by changes in appearance or spoofed with high-quality images. Voice recognition, while convenient, can be less secure due to background noise, voice imitation, and recording attacks. Installing key fob devices is not a form of biometric authentication, as it is something you have, not something you are.

The organization is implementing deterrent controls, which are designed to discourage potential attackers by making them aware of the security measures in place. Visible security cameras and warning signs serve as psychological deterrents, reducing the likelihood of an attack. Preventive controls aim to stop incidents from occurring by blocking unauthorized actions, such as through access controls or firewalls. Detective controls identify and alert to incidents after they have occurred, like intrusion detection systems. Corrective controls focus on limiting damage after an incident, such as restoring systems from backups.

To address the limitation of a system that only provides notifications when a potential breach occurs, implementing a solution that can take preventative action is necessary. An Intrusion Prevention System is designed to not only detect but to preventively respond to threats by blocking them, therefore enhancing the network's defensive capabilities. The options of bolstering data loss prevention (DLP) strategies, incorporating additional security information and event management (SIEM) features, and enhancing public key infrastructure (PKI) are all valuable in their respective contexts. However, none of these solutions are purposed to block malicious traffic in the way an Intrusion Prevention System would. DLP focuses on preventing data leaks, SIEM centralizes logging and provides threat detection, and PKI deals with encryption and authentication, not inline traffic analysis and intervention.

Implementing biometric access controls is the best solution because biometrics use unique physiological traits such as fingerprints, iris patterns, or facial features to authenticate individuals, providing a high level of security and reducing the risk of unauthorized access. Access badges with magnetic stripes can be lost, stolen, or shared, which compromises security. Surveillance cameras can deter and detect unauthorized access but do not prevent entry. Assigning security personnel to monitor entrances adds a human element, but individuals can still bypass security through deception or human error.

The correct answer is 'High impact' because the exploitation of a vulnerability concerning financial data can lead to substantial monetary loss, reputational damage, and legal consequences. It is considered a high-impact risk due to the sensitive nature of the data involved and the potential for significant detriment to the organization. 'Low impact' is incorrect because financial data is critical and the consequences of its unauthorized access are severe. 'Acceptable impact' is not a standard term used in risk analysis, and 'Insignificant impact' is incorrect as it underestimates the seriousness of risks to financial data which would almost never be classified as insignificant.

Endpoint antivirus (also called anti-malware) software continuously scans files and processes using signature, heuristic, and behavioral techniques to detect, block, quarantine, or remove malicious code. Full-disk encryption protects data at rest but does not actively identify malware. Continuous data-backup software focuses on availability, not threat detection. Performance-optimization utilities tune system resources and offer no direct protection against malicious software.

The primary function of a hashing algorithm is to take an input (or 'message') and return a fixed-size string of bytes. The output, known as the hash, is typically a digest that represents the original data in a unique way. If the input changes by even a small amount, the hash will change significantly, known as the avalanche effect. The key aspect of a hash function is that it is a one-way function – data can be turned into a hash, but the hash cannot be turned back into the original data, ensuring data integrity. Hashes are broadly used to verify data integrity because they can reveal if data has been altered. This is crucial in many applications, such as verifying the integrity of downloaded files or the storage of passwords.