CompTIA Security+ Practice Test (SY0-701)

The principle of least privilege is about limiting user permissions to the most restrictive set necessary to perform job duties, thus mitigating the potential risk and impact of a security incident. Granting full rights regardless of role would violate this principle. Time-of-day restrictions are a form of access control but do not inherently limit the scope of access rights to essential tasks. Read-write access to all network devices would provide excessive privileges that are not aligned with the principle.

A Security Information and Event Management system collects and correlates events from different sources across the organization's infrastructure to identify aberrant activities that may signify security threats. The incorrect options do not primarily focus on aggregating and analyzing data from multiple resources to identify security incidents; Data Loss Prevention focuses on protecting sensitive data from leaks, Network Management uses SNMP traps mainly for network device management, and Intrusion Detection Systems monitor network traffic to identify potential malicious activity.

Periodically restoring data from backup media in a test (or otherwise nonproduction) environment proves that the data can actually be recovered and that the organization's procedures meet recovery-time and recovery-point objectives. Encrypting archives, storing tapes off-site, and scheduling differential backups all improve aspects of confidentiality, availability, or frequency, but none of them confirms that the data can be restored successfully.

Tokenization is the best answer because it substitutes the sensitive data with non-sensitive equivalents, known as tokens, which have no exploitable value. This allows the company to process transactions without exposing actual credit card data, significantly reducing the risk of breaches while still enabling business functionality.

Security cameras are a form of deterrent control designed to discourage unauthorized individuals from attempting to access a secure area. Their presence is often enough to dissuade potential attackers as it increases the likelihood of being caught and recorded, which can lead to identification and potential prosecution. In contrast, badge readers and mantraps, while part of physical security measures, are types of preventive controls that actively prevent unauthorized access. Security awareness posters do not directly discourage trespassers from entering secured premises, as they are more focused on educating authorized personnel on maintaining security practices.

A backout plan is essential in change management as it provides a predefined process to reverse changes and restore the system to its previous stable state if the new changes cause issues. This minimizes downtime and helps maintain system integrity. Other options, such as impact analysis, maintenance window, and change approval, are important but serve different purposes: impact analysis evaluates potential effects of the change; a maintenance window is the scheduled time for changes; and change approval is the authorization to proceed with changes.

A nation-state actor is often well-funded and supported by a government, engaging in cyber activities for purposes that include espionage, data exfiltration, or disruption for strategic advantage. This makes them a distinct and highly sophisticated threat. In contrast, an unskilled attacker does not have the same level of resources or complexity, hacktivists are primarily motivated by ideology, and insiders exist within the organization and may have personal motivations.

Placing a load balancer in front of a pool of identical web servers distributes each client request according to algorithms such as round-robin or least-connections. This evens out utilization, prevents any one server from being overwhelmed during traffic spikes, and automatically stops sending traffic to a failed node, eliminating that node as a single point of failure.

Clustering technologies focus on node redundancy and failover; in common active-passive clusters only one node actively serves traffic at a time, so they do not automatically spread day-to-day load. A reverse proxy can perform security, caching, and-depending on the product-may include load-balancing features, but the term alone does not guarantee request distribution. RAID protects disk storage and has no effect on HTTP traffic flow.

A Web Application Firewall (WAF) is designed to protect web applications from application-layer attacks such as SQL injection and cross-site scripting (XSS). It operates at Layer 7 (the Application layer) of the OSI model, where it can inspect the content of HTTP and HTTPS traffic. Traditional network firewalls operate at Layer 3 (Network) and Layer 4 (Transport), filtering traffic based on IP addresses and ports, and cannot inspect the application-specific data needed to stop these attacks. Layer 2 is the Data Link layer, which handles node-to-node data transfer using MAC addresses.

Scalability is the ability of a system to handle a growing amount of work by adding resources. It ensures that as demand increases, the system can scale up or out to maintain performance levels. Resilience refers to a system's ability to recover from failures, availability is about the system being accessible when needed, and redundancy involves duplicating components to prevent failure but does not directly address increasing demand.

The correct answer is 'Activating the business continuity plan which includes failing over to the off-site data center.' This is because a well-prepared business continuity plan accounts for geographical risks such as natural disasters, and the existence of an off-site data center implies that the company has planned for replication and failover processes which can be activated when the primary site is non-operational. In contrast, relying solely on onsite backups will not suffice because the compromised infrastructure and ongoing power outage hinder the company's ability to restore systems locally. Incremental backups without replication would not address the immediate need to maintain operations since the data and systems are still within the affected area. Similarly, awaiting the restoration of the primary data center is not a viable strategy as it does not address the need for immediate business continuity.

Wireless networks are particularly susceptible to eavesdropping because the data is transmitted over radio waves, which can be intercepted by unauthorized individuals if the network is not secured. Encryption ensures that even if data is intercepted, it cannot be understood without the correct decryption key. Wired networks, while they can also be vulnerable to other forms of interception, do not broadcast data through the air and therefore are generally not susceptible to eavesdropping in the same way as wireless networks. Bluetooth networks also use radio waves but on a more limited range and are typically used for connecting devices over short distances, while NFC is used for very short range communication such as contactless payments.

A Virtual Private Network (VPN) is the best solution as it creates an encrypted tunnel across the public internet, securing all data in transit between the remote employee and the corporate network. This ensures confidentiality and integrity regardless of the application being used. While enabling Transport Layer Security (TLS) on web services is important, it only protects web traffic (HTTP), not other protocols employees might use. Requiring multi-factor authentication (MFA) strengthens user authentication but does not encrypt the data after access is granted. A web application firewall (WAF) is designed to protect web applications from attacks like SQL injection and cross-site scripting, not to provide general-purpose encryption for data in transit.

Reviewing the list of running processes and installed programs on the system can help in identifying any unauthorized software, including keylogging applications, which may not be immediately visible to the end user. This method is effective in finding both known keyloggers and suspicious software that could potentially be keyloggers. Examining network traffic may not reveal keyloggers specifically, as they might only log keystrokes without sending them out immediately. Checking for unusual file permissions may indicate a security concern but does not directly pertain to identifying keylogging software. Ensuring operating system updates are current is a good security practice but on its own does not aid in detecting a keylogger already present on a workstation.

A responsible disclosure program is a structured approach that provides clear guidelines for external parties to report vulnerabilities. It typically includes timelines for the organization to respond and resolve the reported vulnerabilities, while also ensuring that the researchers refrain from public disclosure until the issue has been remediated. Bug bounty programs are a type of responsible disclosure program where security researchers are financially rewarded for discovering and responsibly disclosing software bugs. While pen tests are an internal method to uncover vulnerabilities, they do not involve the external security community reporting issues. Incident response teams handle security incidents not vulnerability disclosure, and change management pertains to procedures for systematic handling of all changes to a system and is unrelated to the external reporting of security vulnerabilities.