CompTIA Security+ Practice Test (SY0-701)

A Software-Defined Wide Area Network (SD-WAN) provides centralized management, enabling organizations to apply security policies and updates uniformly across the network with ease. This centralized approach not only simplifies the administration of the network but also ensures consistent security measures are in place throughout, addressing the organization's need for improved security management. While the option of improved performance through optimized routing is a benefit of SD-WAN, it is not inherently a security benefit. Reduction in operational costs mainly pertains to financial aspects rather than direct security enhancements. Similarly, the ability to dynamically change network paths is a performance-related benefit, but it's not the primary security advantage that SD-WAN offers.

Establishing a comprehensive data governance framework that is built to comply with the highest standard among international data protection regulations ensures that the organization operates above the baseline requirements of all jurisdictions it operates in. This approach is usually more efficient than attempting to comply with each set of local regulations separately and minimizes the risk of non-compliance. Marking the setup of an external compliance team as the correct answer would be inappropriate because it does not necessarily ensure compliance with global data protection standards. Creating a data retention policy focusing on the least restrictive standards does not ensure compliance with more stringent regulations in other jurisdictions. Lastly, leaving the compliance decision to local IT departments may result in a fragmented and inconsistent approach to data protection that could lead to non-compliance.

In a tabletop exercise the key staff of an organization gather and discuss their actions during an incident (security incident, disaster, etc.). The staff is sometimes organized into blue and red teams (attackers and defenders). The exercise is used to train staff, promote collaboration and identify any weak spots in existing procedures and plans.

To estimate the yearly financial impact of the security breaches, the security manager needs to consider both the frequency of the incidents and the cost of each incident. This is known as Annualized Loss Expectancy, which is the product of the yearly occurrence rate and the cost of a single incident. Since the data breaches happen twice per year, the frequency (occurrence rate) is 2. Multiplying this by the cost for a single data breach ($50,000) gives an estimated annual impact of 2 * $50,000 = $100,000. Similarly named metrics or partially correct values would not account for both the incidence frequency and individual incident cost correctly.

Salting involves adding random data, known as a 'salt', to an input before hashing it. This process prevents against identical inputs producing the same hash (reducing the risks from rainbow table attacks) and improves password security by ensuring that even identical user passwords will result in different hashes.

A penetration test conducted by a Red team is done without the knowledge of the team in charge of defending against intrusions. This allows for the testing of defenses in a more real world like scenario.

Phishing simulations are a practical method of testing employees' abilities to recognize and respond to social engineering attacks. This type of simulation provides actionable insights by creating realistic scenarios similar to actual phishing attempts, without the associated risk. This helps measure the effectiveness of the training and identifies areas where additional training may be necessary. Answer options like 'Unannounced network scans' and 'Publishing quarterly newsletters' are less direct and less effective methods of assessing the specific understanding of recognizing social engineering attacks. Although helpful in a broader security context, they do not directly test the application of the training content. 'Including a quiz at the end of the training session' can validate immediate retention but does not measure long-term understanding or practical application in an actual work environment.

For existing systems the best option to add additional hardware based encryption functionalities is using a Hardware Security Module (HSM). HSM's are usually stand alone devices that can be used by other systems or expansion cards that can be added. Trusted Platform Module could provide similar functionalities but are permanently embedded into a system, so to use a TPM the systems falling under this new policy would need to be replaced with new hardware that has a TPM.

This scenario is a classic example of disinformation, which is the deliberate creation and distribution of false or misleading information with the intent to deceive and mislead audiences. The objective is often to influence public opinion or obscure the truth. Disinformation is different from misinformation, which is the sharing of false information without the intent to deceive, often due to a lack of knowledge or understanding. Other options like 'Phishing' and 'Hacking' involve direct technical attacks or deception to extract sensitive information, which is not the case here, and 'Whaling' is a specific type of directed phishing targeting high-profile individuals.

Using a version control system is the best method for managing and controlling application versions as it allows teams to track changes, revert to previous versions, and maintain a history of modifications. This system enables quick reversion to a known good state in case the new update causes issues. Manual backups could also allow reversion but lack the history tracking and might not be as current. An automated patch management tool is more for ensuring systems are up-to-date and is not designed primarily for version tracking or quick reversion. The disaster recovery plan focuses on recovering from catastrophic events and is not typically used for routine version management.

A hot site is a fully operational offsite data center equipped with hardware and software, configured to quickly assume operational responsibilities from a primary site in case of a disaster. This is the best option for business continuity as it enables rapid resumption of critical functions. A cold site, while being the least expensive, offers only space and utilities, requiring additional time to become operational. A warm site provides some pre-installed equipment but would still require additional time and effort to be fully operational. Therefore, a hot site offers the highest level of readiness for immediate disaster recovery.

Implementing network segmentation and limiting the legacy system's connectivity to essential services is the correct answer. This approach reduces the risk of attacks from both internal and external threat vectors, as it would prevent the potentially compromised system from affecting unrelated parts of the network. While increasing security monitoring is a useful tactic, it does not directly mitigate the exposure of the legacy system to threats. Conducting regular security audits on the system is a good practice, but it does not provide real-time protection against threats. Encouraging the use of strong passwords is important but does not address the specific risks associated with an unsupported operating system.

Full-disk (device) encryption protects data at rest by rendering the entire storage medium unreadable without proper authentication. If a device is lost or stolen, attackers cannot access corporate information without the decryption key. Disabling NFC, restricting device use to a geographic area, or lengthening the screen-lock timeout do not provide the same level of protection for locally stored data.

The organization is implementing deterrent controls, which are designed to discourage potential attackers by making them aware of the security measures in place. Visible security cameras and warning signs serve as psychological deterrents, reducing the likelihood of an attack. Preventive controls aim to stop incidents from occurring by blocking unauthorized actions, such as through access controls or firewalls. Detective controls identify and alert to incidents after they have occurred, like intrusion detection systems. Corrective controls focus on limiting damage after an incident, such as restoring systems from backups.

The Recovery Time Objective (RTO) specifies the target amount of time a service provider aims to restore a business process after a disruption and is therefore the primary focus when ensuring timely restoration of services as per the service-level agreement (SLA). Mean Time to Repair (MTTR) refers to the average time to repair a broken component, which, although important, is not specific to service-level targets for business processes. Annualized Loss Expectancy (ALE) is used in risk assessment and financial impact analysis, not in SLAs. Reconnaissance is related to information gathering, typical in security assessments like penetration testing, and is unrelated to SLAs.

The pattern described suggests a reconnaissance action, possibly an attacker performing a directory traversal to uncover hidden files, directories, or exploit potential vulnerabilities. Normal browsing behavior usually involves fewer requests and focuses on typical, user-facing paths. Client-side scripting refers to scripts running in a user's browser, generally not visible on server logs. A misconfigured scheduled task might repeatedly access the same path, not different uncommon ones.

The Rules of Engagement (ROE) document is essential for outlining the specific parameters of how a penetration test will be carried out, including the testing scope, methods, timelines, communication protocols, and restrictions. It sets the stage for both legal protection and confirming that the security firm operates within the agreed limits. The Acceptable Use Policy is related to the proper usage of company resources by employees and does not guide the conduct of a security firm during a penetration test. An Interconnection Security Agreement dictates the requirements for connecting systems and data sharing but is not specific to the conduct of a penetration test.

Compensating controls are security measures that are put in place to mitigate the risk associated with identified vulnerabilities that cannot be immediately resolved. They serve as alternatives to the direct remediation of security weaknesses, often due to technical, business, or financial constraints. Implementing compensating controls allows an organization to continue operations securely by reducing the potential impact of the vulnerability until it can be properly addressed. Encryption is not inherently a compensating control but might be part of one, depending upon the context. Threat intelligence and Penetration testing are methods for identifying vulnerabilities, not compensating for them.

A Distributed Denial-of-Service (DDoS) attack is a cyber-attack in which multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers, causing a drastic spike in resource consumption. This can overwhelm the system, leading to slowdowns or complete denial of service. In contrast, phishing and social engineering attacks primarily focus on deception to gain information, and they do not typically result in excessive resource consumption. Email spam may consume resources, but it is typically not as impactful as a coordinated DDoS attack that targets and exhausts system resources.

A time-based one-time password (TOTP) is an auto-generated, one-time password used in two-factor authentication. The password is for a single use and is valid for only a limited amount of time. This differs from an HMAC-based one-time password (HOTP), where passwords are valid until they are used.