CompTIA Security+ Practice Test (SY0-701)

The most comprehensive option for enhanced threat detection and system-wide incident response is Extended Detection and Response (XDR). XDR solutions expand on the functionality of Endpoint Detection and Response (EDR) by collecting and correlating data across various security layers such as, but not limited to, email, devices, servers, clouds, and networks. By providing this extensive visibility and correlation, XDR allows organizations to detect and respond to threats more efficiently than EDR, which focuses more narrowly on endpoint security. User and Entity Behavior Analytics (UEBA) is a security solution that focuses on understanding user behavior to detect anomalies that may indicate a threat, but does not offer the same breadth of correlation across environments. An Intrusion Prevention System (IPS) provides automatic protection against known threats by analyzing network traffic and blocking attacks in real-time, but like UEBA, it does not offer the comprehensive correlation capabilities of XDR.

Fail-closed mode is used in security devices to ensure that if the device fails, it does not allow any traffic through, thereby maintaining the security posture by default. This contrasts with fail-open mode, where the device would allow all traffic through in the event of a failure, potentially compromising security.

A backout plan is essential in change management as it provides a predefined process to reverse changes and restore the system to its previous stable state if the new changes cause issues. This minimizes downtime and helps maintain system integrity. Other options, such as impact analysis, maintenance window, and change approval, are important but serve different purposes: impact analysis evaluates potential effects of the change; a maintenance window is the scheduled time for changes; and change approval is the authorization to proceed with changes.

Updating the Acceptable Use Policy (AUP) is the appropriate action because the AUP specifically outlines the permissible and prohibited activities regarding the use of company resources, including internet access. Policies like Information Security Policies or Access Control Standards do not directly address acceptable usage behaviors.

The Data Owner is responsible for managing and mitigating risks related to their data. They have the authority and accountability for the data, making them the appropriate risk owners.

MTBF stands for Mean Time Between Failures. It is the average operational time between one repairable failure and the next. Because it represents the expected interval of proper operation, a higher MTBF indicates a more reliable system that is likely to remain running longer before another failure occurs. MTBF calculations exclude the downtime needed for repairs and are based on historical or test data collected during normal operation.

This type of malware is called Ransomware. It holds data or information ransom until a fee is paid after which point it will return the information or data (or so it says...). Based on the information available in the question this is the only conclusion we can make. It is possible as the CEO of the company they were targeted specifically via social media (spear phishing) but there isn't definitive evidence of this yet.

Vishing or Voice-Phishing is the use of a telephone or VoIP system to conduct a phishing attack.

Just-in-time permissions are used by privileged access management tools to provide administrative rights on a temporary basis, which are automatically revoked after a set time period or once the designated task has been completed. This reduces the risk of unauthorized access from stale accounts or the misuse of long-standing permissions.

A 'resource exhaustion' attack aims to consume network or system resources to the point where services become slow or completely unresponsive to legitimate users. The term implies the attacker's goal of using up all available resources, thus 'exhausting' them, which can degrade service performance or lead to a denial of service.

Implementing a password manager application allows users to securely store and manage complex and unique passwords for all their accounts. This encourages the use of strong, unique passwords without the burden of memorization. Enforcing strict password policies may lead to password reuse or users writing down passwords. Single sign-on (SSO) reduces the number of passwords but does not promote unique passwords for each service. Implementing biometric authentication enhances security but doesn't address the management of multiple complex passwords.

Establishing a facility that is fully prepared and available on-demand, equipped with the necessary resources and operational capability to assume control immediately, is essential for ensuring that there is no perceptible downtime for essential services during a disaster. This aligns with the leadership's priority for maintaining uninterrupted operations. While the other options can contribute to a robust business continuity strategy, they do not directly provide the seamless operational capabilities desired. Aggressive metrics for service recovery time and critical data restoration planning do not secure immediate operational capability and a control center mainly improves coordination, not service continuity.

Complete control over physical and logical security measures is a primary advantage of on-premises solutions. The organization retains full control over all aspects of security, including access controls, surveillance, and response protocols, which are essential for sensitive systems. Cloud services, while secure, involve sharing some control with third-party providers. 'Reduced physical access risk' implies an advantage, but it is an aspect of complete control rather than a primary advantage in itself. 'Increased scalability' and 'Lower initial capital expenditure' are typically advantages of cloud solutions, not on-prem solutions. Therefore, they are not correct in the context of advantages for maintaining critical systems on-premises.

Conducting real-world scenario-based training exercises is the best method to enhance situational awareness. Such exercises simulate potential security events in a controlled environment, allowing employees to recognize and react effectively to different types of threats. These exercises improve the ability to recognize anomalous behavior that could indicate a security incident, thereby enhancing overall situational awareness. While routine security meetings and documented examples of phishing attempts can contribute to situational awareness, they are not as effective as scenario-based exercises that provide hands-on experience. Automated alerts are essential for situational awareness, but they do not replace the need for training employees to identify and respond to threats without the aid of automated systems.

When an organization uses a managed service provider (MSP), it extends trust and often privileged access to a third party. This inherently expands the organization's attack surface, as any vulnerabilities in the MSP's environment, personnel, or its own supply chain can become a direct threat to the organization. Attackers frequently target MSPs as a way to compromise their multiple clients. While MSPs can bring specialized expertise, it is a misconception that they eliminate internal security responsibilities or are always more secure. The organization retains ultimate accountability for its security and must manage the risks introduced by the third-party relationship.