CompTIA Security+ Practice Test (SY0-701)

The primary reason for establishing a secure baseline configuration is to ensure that all systems start from a known state of security, with a consistent set of configurations that address security concerns. This makes it easier to manage, automate, and enforce security settings across multiple systems, reducing the likelihood of misconfigurations that could lead to vulnerabilities.

The correct answer is 'Qualitative Risk Analysis.' Qualitative risk analysis evaluates and prioritizes risks using subjective measures, such as low, medium, and high, to describe the impact and likelihood of potential threats. This approach is useful for presenting an overview to stakeholders who prefer general magnitudes over detailed statistics. The incorrect answers involve either specific numerical values or do not align with the described scenario. 'Quantitative Risk Analysis' utilizes numerical values to quantify risk and is more complex and detailed than necessary for providing a general overview. 'Annualized Rate of Occurrence Analysis' focuses on the frequency of an event occurring over a year, which overly specifies the scenario at hand. 'Disaster Recovery Strategy' is a plan for resuming normal business operations after a disaster and is not a method for risk analysis.

Under the EU GDPR, Article 30 obligates controllers and processors to maintain detailed records of processing activities involving personal data. Failure to keep these records can lead to administrative fines of up to €10 million or 2 % of global annual turnover, whichever is higher. Therefore, the highest priority after the audit finding is to remedy the record-keeping gap and bring documentation into full compliance. While reviewing access controls, improving perimeter defenses, or holding training sessions may strengthen the overall security program, they do not directly address the specific violation that triggered the audit failure and potential fines.

Organizations need to account for the complete legal landscape that applies to their operations and data, including all relevant local, national, and international laws and regulations. Global requirements such as the EU GDPR have extraterritorial reach and can impose significant penalties-up to €20 million or 4 % of worldwide annual turnover-for non-compliance. Focusing only on local or national statutes, or exclusively on international treaties, would leave important obligations unmet and expose the organization to fines, sanctions, and reputational damage.

Encrypting data in transit is the most effective measure because it prevents unauthorized parties from intercepting and reading health information as it travels over the network. Data masking mainly protects data in storage or non-production environments, geographic restrictions primarily address legal or compliance boundaries, and multi-factor authentication verifies user identity but does not protect the content of data packets during transmission.

Asymmetric key cryptography, also known as public-key cryptography, is the correct answer because it uses a pair of keys for encryption and decryption-a public key and a private key. Symmetric key cryptography uses a single, shared key for both encryption and decryption. Hashing creates a fixed-size, non-reversible output and is used for integrity, not for encrypting and decrypting data. A block cipher is an algorithm that encrypts data in fixed-size blocks; it describes the method of encryption rather than the key management scheme and is commonly used in symmetric encryption.

Changing the default credentials of a router is the most effective first step in securing a router because factory-set usernames and passwords are often well-known and easily discoverable by malicious actors. Manufacturers often use the same default credentials across similar router models, which can be easily exploited if not changed. While other hardening steps like disabling unused ports and keeping firmware updated are important, an easily guessable default password presents the most immediate and critical vulnerability.

Alert tuning involves adjusting the configuration and parameters of a security device to more accurately reflect true threats and minimize false positives. By tuning the alerts, the organization can reduce the number of incorrect alerts, which allows the security team to focus on actual threats, thereby improving operational efficiency without lowering the security posture.

Integrity refers to the accuracy and reliability of data. When the IT administrator overwrote the configuration files, it led to incorrect data being presented, thus compromising data integrity. Confidentiality involves protecting information from unauthorized access, which is not the issue here. Availability ensures that systems and data are accessible when needed, but the systems are still operational. Authentication relates to verifying the identity of users or systems, which is not impacted in this scenario.

An exemption is appropriately granted when adherence to a specific security policy or control would not be feasible, such as when it would interfere with operational requirements or when the associated cost far outweighs the benefit. It is not a means to avoid implementing security measures altogether but a considered decision that requires approval by the appropriate level of management. The approval process must include an understanding of the potential risks and agreement that such risks are acceptable. This distinguishes exemptions from other risk strategies, like mitigation where risks are reduced, or transference where risks are shared.

The correct choice is a Next-Generation Firewall (NGFW). NGFWs are advanced firewalls that operate up to Layer 7 (the application layer) of the OSI model. Unlike traditional firewalls that are limited to inspecting traffic based on ports and IP addresses (Layers 3 and 4), NGFWs can perform deep packet inspection (DPI) to identify the specific applications in use and enforce security policies on them. They also integrate other security features like an intrusion prevention system (IPS) to block application-layer attacks. Stateless and stateful firewalls are older technologies that lack this deep application awareness. A circuit-level gateway operates at the session layer (Layer 5) and does not inspect application content.

The best immediate action is to isolate the workstation from the network but keep it powered on. Isolating the system prevents the potential malware from spreading to other devices on the network (lateral movement) or communicating with external command-and-control servers. Keeping the system powered on is crucial because shutting it down would erase volatile memory (RAM), which contains valuable forensic evidence like running processes, active network connections, and other in-memory artifacts that are essential for analyzing the attack. Powering off the system immediately would destroy this evidence. Running a scan before isolation could allow the malware to spread further. Re-imaging the system is a remediation step that should only occur after a thorough investigation is complete.

Complete control over physical and logical security measures is a primary advantage of on-premises solutions. The organization retains full control over all aspects of security, including access controls, surveillance, and response protocols, which are essential for sensitive systems. Cloud services, while secure, involve sharing some control with third-party providers. 'Reduced physical access risk' implies an advantage, but it is an aspect of complete control rather than a primary advantage in itself. 'Increased scalability' and 'Lower initial capital expenditure' are typically advantages of cloud solutions, not on-prem solutions. Therefore, they are not correct in the context of advantages for maintaining critical systems on-premises.

Implementing network segmentation would be the most effective at mitigating the risk as it restricts the traffic between the IoT devices and the rest of the network, reducing the potential attack surface and the chance of an attacker reaching sensitive data if the IoT devices are compromised. While full disk encryption is important for data at rest, it doesn't address the transmission or collection of data. Enabling a host-based firewall on IoT devices may not be feasible due to their limited computing resources and wouldn't protect against attacks exploiting the IoT network itself. Requiring multi-factor authentication (MFA) improves the security of user accounts, but it does not specifically address the issue of securing sensitive data collected by IoT devices from network-based threats.

The correct principle is that ICS environments require stringent security baselines tailored to their unique operational needs, regardless of network isolation. Even physically isolated or 'air-gapped' systems are vulnerable to threats from removable media (like USB drives), insider threats, and supply chain attacks. Therefore, assuming isolation negates the need for strong security is a dangerous misconception. While an ICS baseline may differ from a standard IT baseline in its priorities (e.g., emphasizing availability and safety over confidentiality) and implementation details (e.g., patch management schedules), it must be comprehensive and robust. Relying on the vendor for all security or applying a less stringent baseline are both inadequate security practices.

When a penetration test is black box testing no prior knowledge is given to the testers. They go into the test with a completely unknown environment.

Before making significant changes to an operational system, it is essential to perform an Impact Analysis. This step helps in understanding the potential consequences of the change on the organization's operations and security. It allows stakeholders to evaluate the risks and benefits associated with the deployment of the update. Without this analysis, the company could inadvertently introduce new vulnerabilities or negatively affect business operations. Although approval processes and maintenance windows are important, they come into play after understanding the impact. Updating diagrams and policies is part of documenting the change, which typically happens after the approval and planning stages.

Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.

Reviewing security logs is a key part of security monitoring. It allows security professionals to track events that have occurred within the network. Monitoring these logs helps to identify any unauthorized actions, security incidents, or policy violations. Other options listed do not directly correspond to the activity of identifying unauthorized actions through monitoring.

The Diffie-Hellman algorithm is specifically designed for secure key exchange over insecure channels without requiring prior shared secrets. It enables two parties to independently generate a shared secret key, which can then be used for symmetric encryption. Symmetric key distribution assumes that keys are already shared or delivered securely, which doesn't address the need to establish keys without prior arrangement. RSA digital signatures provide authentication and integrity but are not primarily used for key establishment. MD5 is a hashing algorithm used for data integrity verification, not for key exchange or encryption key establishment.