CompTIA Security+ Practice Test (SY0-701)

802.1X authentication provides a method for network devices to authenticate users or devices before allowing them access to the network, which can be effective against unauthorized devices but doesn't address address flooding attacks. Switch port security is indeed the right feature for limiting access to a switch port to a specific number of known devices, thereby preventing both unauthorized network access and mitigating address flooding attacks, which occur when a network device is overwhelmed with data from multiple unknown devices. While a captive portal can restrict access through a web page, it does not inherently prevent device-level access attacks, and DHCP snooping is a security feature that monitors and filters DHCP traffic, which is unrelated to direct switch port security measures.

By forcing a system to use a weaker encryption protocol with known vulnerabilities, an attacker is performing a downgrade attack. This attack leverages older, less secure versions of protocols or ciphers, making it easier to exploit the system. In contrast, a side-channel attack gathers information from the physical implementation of a cryptosystem, a birthday attack exploits the mathematics of hash functions to find collisions, and a replay attack involves reusing valid data transmissions to deceive a system or gain unauthorized access.

Attribute-based access control is the correct answer because it is a method that defines an access control paradigm whereby access rights are granted to users through the use of policies that combine different attributes. These attributes can be associated with the user, the resource being accessed, the current time, and even the current environmental conditions. This is different from role-based access control that focuses solely on the roles that users have, discretionary access control which allows owners to define access, and mandatory access control which enforces access based on a centralized policy.

Inspecting and logging web traffic allows the centralized proxy to monitor and record all incoming and outgoing web traffic. This inspection aids in identifying suspicious activities, ensuring adherence to organizational policies, and providing valuable information for audits or investigations. Restricting users from accessing the control panel does not primarily utilize the features of a centralized proxy. While tunneling through SSH can encrypt traffic, it would bypass the centralized proxy's filtering and monitoring capabilities. Configuring backups is necessary for data preservation but does not employ the centralized proxy's functions in traffic management.

Inherent risk is the term used to describe the level of risk involved with using a process/operation before the company does anything to reduce/mitigate the risk.

Questionnaires are used to collect specific information about the security practices and policies of third-party vendors to assess their risk level. They are a structured form of inquiry enabling the organization to gather necessary details systematically to inform their risk analysis and make informed decisions regarding the engagement with the vendor.

Enabling WPA3 on a wireless network provides robust security by using modern encryption methods and management of authentication protocols. This prevents unauthorized users from accessing the network without the correct credentials, thereby securing the wireless communication. WEP is an outdated and insecure encryption method that is easily breached by attackers. Hiding the SSID does not provide security, as the network can still be detected by attackers with the right tools. MAC filtering is not a robust security measure because MAC addresses can be easily spoofed.

Using a public Wi-Fi network exposes the workstation to several security risks, including the potential for man-in-the-middle attacks, unencrypted traffic being intercepted, and unauthorized access to the device. In a coffee shop scenario, these public networks rarely employ strong security protocols. While outdated operating systems and unauthorized software installations can pose threats, the lack of secure network communication is the primary and most direct risk in this situation.

Containerization provides a lightweight alternative to full virtualization by encapsulating an application in a container with its own operating environment. This isolation ensures that applications do not interfere with each other and can be managed independently, enhancing security by containing potential breaches within the isolated environment of the container.

The best security practice would be for the employee to validate the authenticity of the message by directly reaching out to the department responsible for technical issues using well-known and official communication channels, rather than through the communication initiated via the text message. This is because legitimate entities responsible for managing sensitive information typically do not solicit such information via SMS, as it is not a secure channel for transmitting sensitive data. Responding directly to the message could lead to a compromise of credentials.

Changing the default credentials is the best initial step for securing new devices. Attackers often use known default usernames and passwords to gain unauthorized access to new system installations. Resetting these credentials to unique and strong username/password combinations significantly reduces the risk of simple but effective attacks. Updating firmware, while important, is generally focused on addressing functional and security issues rather than preventing unauthorized access due to default credentials. Enforcing account lockout policies is more about responding to attack attempts rather than preemptively mitigating the risk. Scanning for vulnerabilities is an ongoing security practice but does not directly address the specific risk of default password use.

A snapshot is a point-in-time copy of a system's state or data that can be used for backup or recovery purposes. A snapshot is not a full backup; it is a quick method to capture the current state that usually uses copy-on-write technology to minimize storage requirements. Full backups, in contrast, capture all data at one point in time, while replication involves copying data to a secondary location in real-time or near-real-time. Incremental backups are a series of backups that save changes made since the last backup, which could be either another incremental or a full backup.

The Internet Protocol Security (IPSec) protocol suite is specifically designed to provide a robust suite of protocols that operate at the Internet Layer of the Internet Protocol Suite, allowing it to secure IP communications by authenticating and encrypting each IP packet in a communication session. It includes functionalities for automated key management, which makes it suitable for scenarios that require secure key exchange mechanisms. It is also capable of Network Address Translator (NAT) traversal, allowing devices behind NATs to use IPSec securely. Secure Sockets Layer/Transport Layer Security (SSL/TLS) usually secures transmissions at a higher layer than the Internet Layer and is commonly implemented for secure web browsing, not for securing all IP traffic. Layer Two Tunneling Protocol (L2TP) is a tunneling protocol that does not provide encryption or confidentiality by itself, which is why it is often combined with IPSec. Point-to-Point Tunneling Protocol (PPTP) has known vulnerabilities and does not offer the same level of security as IPSec.

An amplified DDoS attack exploits open public network services to enlarge the volume of traffic aimed at a victim. The attacker sends small requests with a spoofed source IP so that the much larger replies are redirected to the victim, dramatically increasing the total traffic without requiring a botnet. Reflected attacks also rely on spoofed IP addresses, but amplification is not necessarily their defining trait. A SYN flood overwhelms the target with half-open TCP handshakes and does not involve amplification, while a ping flood simply sends a high rate of ICMP Echo requests without using intermediary services for amplification.

The initial focus in the event of a security breach should be to limit the damage and prevent further compromise. This is achieved by containing the threat, thereby stopping the incident from affecting additional resources. While documenting the events and notifying appropriate parties are also important, these actions occur after the immediate threat has been controlled to prevent exacerbation of the situation. Analyzing logs is part of the subsequent investigation and not the immediate concern when a breach is in progress.