CompTIA Security+ Practice Test (SY0-701)

Configuring the security appliance to fail-open ensures that in the event of a malfunction, network traffic continues to flow, maintaining availability for users. While this may temporarily reduce security by allowing potentially malicious traffic, it aligns with the policy priority of uninterrupted service. In contrast, fail-closed or fail-secure modes would block all traffic upon failure, prioritizing security over availability, which does not meet the organization's requirements. Fail-safe can be ambiguous but often implies defaulting to a secure state, similar to fail-closed. Therefore, choosing fail-open addresses the need for continuous availability despite equipment failures.

Accounting is the AAA component that records session details (e.g., start and stop times, data volume, commands issued). These logs provide an audit trail that can be reviewed to attribute actions to individual users and verify compliance. Authentication verifies identity, Authorization determines what an authenticated user is allowed to do, and Auditing is a broader review process rather than a core AAA element.

The correct option is 'Malicious update'. The most significant vulnerability in this design is that the lack of digital signature validation allows an attacker to introduce a malicious update. An attacker could use an on-path attack to provide a compromised firmware file. Because the device does not verify the file's authenticity and integrity, it will install the malicious firmware, potentially leading to a full system compromise. VM escape is a vulnerability specific to virtualized environments. A TOCTOU attack is a type of race condition. Directory traversal is an attack to access unauthorized files. None of these other options describe the primary flaw in the described firmware update process.

Role-based access control (RBAC) is effective for restricting access to data within an application based on a user's role within an organization. RBAC policies ensure that only authorized users are granted the permissions necessary to access, modify, or interact with sensitive data, thus maintaining the principle of least privilege. It simplifies management and helps in effectively enforcing enterprise security policies.

While mandatory access control (MAC) and discretionary access control (DAC) are valid access control models, MAC is more commonly used in environments requiring high security and enforces access based on classified levels, which may be overly complex for a web application in a business setting. DAC, on the other hand, is based on the discretion of the owner, which could lead to a lack of consistent policy enforcement.

Username and password authentication, although necessary for verifying identity, does not inherently restrict actions based on user roles, hence it would not be effective on its own in this scenario for controlling permissions.

The best action is to verify the identity of the caller through a callback to a known, official phone number for the telecommunications provider before discussing sensitive information. This is because providing such details over the phone without verification can lead to potential security breaches. Unverified calls, especially those requesting sensitive information, are likely to be vishing attacks where attackers attempt to extract critical information by impersonating legitimate entities. Unlike the incorrect options, immediate verification is critical and proper protocol in such situations; informing a supervisor is also advisable but does not directly address the potential immediate threat. Sharing the requested information or placing the caller on a brief hold without attempting to verify their identity doesn't reduce the risk associated with the potential vishing attempt.

The correct answer is a Distributed Denial-of-Service (DDoS) attack. DDoS attacks aim to make an online service unavailable by overwhelming it with traffic from multiple sources, disrupting legitimate user access. Credential Replay involves reusing stolen credentials to gain unauthorized access, DNS Spoofing redirects traffic to malicious sites, and Wireless Eavesdropping intercepts wireless communications. None of these directly cause service unavailability through traffic overload.

A 'Cold' site is a backup site that has the necessary infrastructure to resume operations but does not have any active systems or data. It takes a more extended period to set up and become fully operational compared to 'Hot' or 'Warm' sites. This type of site is often used as a cost-effective disaster recovery solution where immediate resumption of operations is not critical.

The correct answer involves updating the Incident Response Plan with improvements identified during the review of a recent incident. This is the best choice because it directly applies feedback from actual incidents to enhance procedures and readiness for future events. Simply reviewing historical trends or concluding that the existing plan is sufficient does not provide the iterative improvement needed for effective incident response. Updating training materials without specific reference to the improvements identified may not address the issues encountered during the incident.

The crossover error rate (CER) is the point at which the false acceptance rate (FAR) and the false rejection rate (FRR) are equal. The lower the CER the more accurate the biometric system is.

A Data Loss Prevention (DLP) system is implemented within an organization to ensure that sensitive information does not exit the corporate network in an unauthorized manner. It monitors, detects, and blocks the flow of data to prevent data breaches. Whereas an Intrusion Prevention System (IPS) is primarily used to identify and prevent known threats from affecting a network, and a Firewall provides a barrier between trusted and untrusted networks. Antivirus software is used to prevent, detect, and remove malware.

Security groups in cloud computing act as a virtual firewall for your servers to control inbound and outbound traffic. They are used to define rules that allow or deny network traffic to resources based on IP address, port, and protocol. The correct answer represents the purpose of a security group, while the incorrect answers either describe other security concepts or configurations not directly related to security groups.

Load balancing distributes workload across multiple servers or resources, often to improve responsiveness and availability of applications or websites. This solution is appropriate when there is a need to manage dynamic, uneven loads, and provide redundancy in case one of the servers fails. Clustering, on the other hand, is often used for increasing the availability of services by linking multiple servers so that they behave like a single entity, but it's not primarily responsible for distributing workloads to manage variable traffic levels. Serverless computing abstracts the server layer completely and automatically scales to handle load, but for a web hosting company looking for balanced distribution across their own servers, load balancing is more appropriate. Containerization enables applications to run in isolated user spaces called containers, but it does not directly relate to distributing a workload.

While all listed aspects are important in their own right, clearly defined security requirements are the most critical to protect sensitive data. These requirements set the minimum security standards that the business partner must adhere to, directly impacting the safeguarding of data involved in the partnership. Elements such as review cycles and party definitions are also important, but their impact on data protection is more indirect compared to the explicit security requirements.

A system that has the ability to not only monitor network activities for malicious actions but also take proactive measures to interrupt or stop these activities serves as a protective mechanism against threats. This is the essential function of an Intrusion Prevention System, which is what separates it from similar systems that only detect and alert but do not take preventative actions.

Compensating controls are security measures that are put in place to mitigate the risk associated with identified vulnerabilities that cannot be immediately resolved. They serve as alternatives to the direct remediation of security weaknesses, often due to technical, business, or financial constraints. Implementing compensating controls allows an organization to continue operations securely by reducing the potential impact of the vulnerability until it can be properly addressed. Encryption is not inherently a compensating control but might be part of one, depending upon the context. Threat intelligence and Penetration testing are methods for identifying vulnerabilities, not compensating for them.