CompTIA Security+ Practice Test (SY0-701)

Implementing biometric access control systems is considered the highest standard for securing areas because it relies on verifying unique individual traits such as fingerprints or iris patterns, which are extremely difficult to duplicate, offering a superior level of security over other forms of access control. On the other hand, using coded access cards can be more vulnerable as they can potentially be stolen or cloned. While installing surveillance cameras, known fully as closed-circuit television (CCTV), can be a strong deterrent and provides a way to monitor and record entrance to facilities, it does not inherently prevent access. Likewise, sign-in logs offer visibility into who enters a server room but rely on manual verification and do not provide the same high level of security validation as biometric systems.

Implementing an application allow list involves creating a list of approved software that is permitted to run on company systems, effectively preventing any non-approved software from executing. This method enhances security by ensuring that only trusted applications are allowed to operate, thus minimizing the likelihood of malicious software running on the network. Options suggesting users decide on the software or only listing unapproved software do not conform to the concept of an application allow list. Allowing any installed software to run would defeat the security benefits of an allow list.

A load balancer is used to distribute network or application traffic across multiple servers, which improves responsiveness and increases availability of applications. It is designed to prevent any one server from becoming overloaded with too much traffic, which can degrade performance or cause outages. Proxies may balance requests but are not primarily designed for load balancing, while an IPS/IDS focuses on monitoring and analyzing network traffic for any malicious activity. Jump servers are utilized to manage access to devices within a security zone.

Corrective controls are implemented to minimize the extent of damage caused by a security incident after it has taken place. These controls focus on containing the incident, recovering from it, and preventing similar incidents from occurring in the future. Examples of corrective controls include incident response plans, backup systems, and disaster recovery procedures. Preventive controls aim to prevent incidents from happening in the first place, while detective controls identify and respond to ongoing incidents. Compensating controls serve as a substitute for primary controls when they are not feasible or practical to implement.

Security Information and Event Management (SIEM) systems are used to centralize logging and alerting from various types of network devices. Common functionalities include data aggregation, alerting, forensic analysis and data retention/compliance. They are most commonly found in mid-size to larger networks where there are too many devices to monitor separately.

Confirmation is the correct term because it involves verifying whether a detected vulnerability by a scan or a security tool truly exists and is not a false positive. It's important for security professionals to accurately confirm vulnerabilities to prioritize remediation efforts and avoid wasting resources on issues that aren’t actual vulnerabilities. A false positive, on the other hand, would refer to erroneously identified issues that are not actual vulnerabilities, and reporting is related to the communication of findings, not the verification of them. Threat hunting is the proactive search for threats that are not detected by automated systems.

Phishing simulations are a practical method of testing employees' abilities to recognize and respond to social engineering attacks. This type of simulation provides actionable insights by creating realistic scenarios similar to actual phishing attempts, without the associated risk. This helps measure the effectiveness of the training and identifies areas where additional training may be necessary. Answer options like 'Unannounced network scans' and 'Publishing quarterly newsletters' are less direct and less effective methods of assessing the specific understanding of recognizing social engineering attacks. Although helpful in a broader security context, they do not directly test the application of the training content. 'Including a quiz at the end of the training session' can validate immediate retention but does not measure long-term understanding or practical application in an actual work environment.

Bollards are designed to stop vehicles from entering restricted or sensitive areas, providing a high level of security against vehicular threats. They are often used at the perimeter of sensitive buildings to prevent potential attacks from vehicles. Fencing can deter or delay intruders but is less effective at stopping vehicles. Access control vestibules are more about managing individual access and less about vehicular threats. Security guards can be effective but may not be able to physically stop a vehicle without additional barriers like bollards.

A Software-Defined Wide Area Network (SD-WAN) provides centralized management, enabling organizations to apply security policies and updates uniformly across the network with ease. This centralized approach not only simplifies the administration of the network but also ensures consistent security measures are in place throughout, addressing the organization's need for improved security management. While the option of improved performance through optimized routing is a benefit of SD-WAN, it is not inherently a security benefit. Reduction in operational costs mainly pertains to financial aspects rather than direct security enhancements. Similarly, the ability to dynamically change network paths is a performance-related benefit, but it's not the primary security advantage that SD-WAN offers.

Application whitelisting allows only pre-approved applications to run on a system, effectively preventing the execution of any software, including potentially unwanted programs, that is not explicitly authorized. This proactive security measure ensures a higher degree of control over the applications that can be executed, significantly reducing the attack surface. Other options, such as permission elevation prompts and resource allocation, do not prevent the execution of unauthorized applications; instead, they manage how applications run and what permissions they have.

Implementing network segmentation would be the most effective at mitigating the risk as it restricts the traffic between the IoT devices and the rest of the network, reducing the potential attack surface and the chance of an attacker reaching sensitive data if the IoT devices are compromised. While full disk encryption is important for data at rest, it doesn't address the transmission or collection of data. Enabling a host-based firewall on IoT devices may not be feasible due to their limited computing resources and wouldn't protect against attacks exploiting the IoT network itself. Requiring multi-factor authentication (MFA) improves the security of user accounts, but it does not specifically address the issue of securing sensitive data collected by IoT devices from network-based threats.

Examining the vendor's component sourcing and manufacturing processes for security vulnerabilities is essential in a supply chain analysis. This helps identify risks such as counterfeit parts, tampered hardware, or insecure manufacturing practices that could compromise the organization's security. Investigating trade compliance focuses on legal and regulatory adherence, not specific security risks in the supply chain. Arranging a product demonstration assesses functionality but does not reveal underlying security issues. Verifying compatibility ensures the hardware works with existing systems but does not address potential security vulnerabilities introduced by the new hardware.

“Something you are” is some physical characteristic of the user. This can be a fingerprint, eye iris, voice, etc. These characteristics are referred to as biometrics.

Federated identity management allows a user's identity, authenticated in one security domain, to be accepted in other security domains. It often employs protocols like SAML and OpenID, enabling Single Sign-On (SSO) capabilities across different organizations or services. Discretionary Access Control (DAC) gives the owner of the resource the control to decide who has access. Mandatory Access Control (MAC) is a model where access is granted based on information clearance and classifications, and is not about passing user information across security domains. Role-Based Access Control (RBAC) assigns permissions to roles instead of individual users, which isn't specifically designed for sharing authentication and authorization data across different domains.

The correct answer is 'Nation-state'. Nation-state actors possess high levels of sophistication, resources, and funding, and their motivations often include espionage, political gain, and disrupting the critical infrastructure of other nations. Attacks on power grids and water facilities are characteristic of cyber warfare campaigns intended to cause significant societal and economic harm.

• Organized crime is primarily motivated by financial gain and is more likely to use ransomware or steal data for extortion rather than cause widespread service disruption for its own sake.
• A hacktivist is typically motivated by political or social beliefs and usually conducts less sophisticated attacks like website defacement or DDoS attacks against specific organizations, lacking the resources for a large-scale infrastructure attack.
• An insider threat acts from within an organization, and while potentially disruptive, is less likely to orchestrate a widespread, coordinated attack on national critical infrastructure.