CompTIA Security+ Practice Test (SY0-701)

Application whitelisting allows only pre-approved applications to run on a system, effectively preventing the execution of any software, including potentially unwanted programs, that is not explicitly authorized. This proactive security measure ensures a higher degree of control over the applications that can be executed, significantly reducing the attack surface. Other options, such as permission elevation prompts and resource allocation, do not prevent the execution of unauthorized applications; instead, they manage how applications run and what permissions they have.

The primary role of monitoring in relation to indicators within a security infrastructure is to identify unusual patterns or behavior that may signify a security incident. While it might also help in enforcing policy by triggering alerts when anomalies are detected, and can be instrumental in retrospective analysis after an incident, its essential function centers on the prompt detection of potentially malicious activity. Understanding the nuances of monitoring's main role is important in distinguishing it from ancillary benefits such as policy enforcement or post-incident analysis.

Jailbreaking or rooting bypasses the manufacturer's code-signing and sandbox controls, granting the user and any installed application root-level privileges. Without these protections, unvetted software can run unrestricted, dramatically enlarging the attack surface and making malware infection, data theft, and further privilege escalation far more likely. By contrast, the other statements are incorrect: jailbreaking removes app-store restrictions instead of enforcing them, does not automatically enable encryption, and typically prevents or delays future security updates from the vendor.

Incident response is the correct answer because it is an operational control that focuses on identifying, containing, and recovering from security incidents. Change management is incorrect because it deals with managing changes to systems and applications, not specifically security incidents. Access controls are preventive measures that limit access to resources, but do not directly address incident handling.

The most effective initial action is to establish formal security requirements and conduct regular assessments. This directly addresses the core issue of a lack of security oversight for the vendor. By contractually mandating security standards and verifying them through audits, the company can ensure the vendor's security posture meets its requirements, mitigating the risk of a supply chain attack. While isolating the software and encrypting traffic are valuable technical controls, they do not address the vendor's internal security weaknesses. Switching vendors is a drastic step that may not be immediately feasible and introduces new risks.

The Recovery Time Objective (RTO) specifies the target amount of time a service provider aims to restore a business process after a disruption and is therefore the primary focus when ensuring timely restoration of services as per the service-level agreement (SLA). Mean Time to Repair (MTTR) refers to the average time to repair a broken component, which, although important, is not specific to service-level targets for business processes. Annualized Loss Expectancy (ALE) is used in risk assessment and financial impact analysis, not in SLAs. Reconnaissance is related to information gathering, typical in security assessments like penetration testing, and is unrelated to SLAs.

Conducting an impact analysis ensures that any potential consequences of a planned change-such as a major network upgrade-are identified and mitigated ahead of time. By analyzing the impact, the organization can recognize security risks, adjust controls, and prepare countermeasures before deployment. While the other choices are valid components of change management, they do not specifically focus on assessing security implications.

A system image is a copy of the entire state of a system. That image can be used as a way to restore the system it came from to that exact state or it can be copied onto other similar system to bring them all to a uniform state.

Encryption is the process of converting plaintext into a coded format known as ciphertext, which can only be read by authorized parties who have the decryption key. This process uses an algorithm and a key to transform the readable data into an unreadable format, thereby protecting the data from unauthorized access or eavesdropping.

'Escalation' is the correct term for the process in which the urgency and importance of an incident are increased, often involving a higher level of management or additional resources. This ensures that the situation is handled appropriately as it unfolds. 'Elevation' commonly refers to raising user privileges, which is not directly related to the organization-wide approach to managing an incident. 'Intensification' can be misleading, but it's not commonly used in the nomenclature for incident management. 'Amplification' is a term that could indicate an increase in intensity or scope but isn't typically used in the context of incident response procedures.

The locks on sensitive areas should be configured to 'fail-closed', meaning they remain locked when power is lost. This ensures that secure areas remain protected even during a power outage. Configuring the locks to 'fail-open' would unlock the doors upon power failure, compromising security of sensitive areas. 'Fail-over' and 'Load balancing' are not relevant settings for door locks; 'Fail-over' relates to system redundancy, and 'Load balancing' distributes workloads across resources.

Using a public Wi-Fi network exposes the workstation to several security risks, including the potential for man-in-the-middle attacks, unencrypted traffic being intercepted, and unauthorized access to the device. In a coffee shop scenario, these public networks rarely employ strong security protocols. While outdated operating systems and unauthorized software installations can pose threats, the lack of secure network communication is the primary and most direct risk in this situation.

The primary security-related reason to regularly review and update security policies is to ensure they address the current threat landscape. Cyber threats, technologies, and business processes evolve constantly. Outdated policies may not provide sufficient guidance to protect against modern attack vectors, leaving the organization vulnerable. While regulatory compliance is a critical reason for policy updates, failing to protect against current threats poses a more direct and immediate risk to the organization's security posture.

Implementing a server cluster with load balancing is the most effective strategy for maintaining operations during hardware failures. Load balancing distributes traffic across multiple servers, so if one server fails, others can handle the load seamlessly, ensuring high availability. Using a single powerful server, even with redundant components, still presents a single point of failure. Regular updates and encryption are important for security and maintenance but do not directly address the need for continuous operation during failures.

Rootkits are designed to obtain unauthorized root or administrative access to a computer system while concealing their existence. The symptoms of slow performance, repeated crashes, and unauthorized software running with elevated privileges are indicative of rootkit behavior, as rootkits often attempt to hide their processes, files, and system data to evade detection while maintaining persistent access to the system.