CompTIA Security+ Practice Test (SY0-701)

A Virtual Machine (VM) escape is a security vulnerability that allows an attacker to break out from a virtual machine and interact with the host operating system. This type of vulnerability is particularly concerning because it undermines the isolation properties that are fundamental to secure virtualization.

A Unified Threat Management (UTM) appliance is the correct answer because it is an all-in-one security solution that consolidates multiple security functions into a single device. This typically includes a firewall, intrusion prevention system (IPS), antivirus/anti-malware, content filtering, and VPN capabilities. A Next-Generation Firewall (NGFW) has many overlapping features but is generally considered a more enterprise-grade product focused on deep packet inspection and application control. A Web Application Firewall (WAF) is specifically designed to protect web applications from Layer 7 attacks, not to be an all-in-one network security device. A proxy server primarily forwards user requests to the internet and can provide content filtering and caching, but it does not encompass the broad range of security features found in a UTM.

A solution that creates an encrypted tunnel to the corporate network is essential for secure remote access. The most appropriate technology for establishing such secure connections is a solution that encapsulates and encrypts data as it travels over possibly insecure networks, like the internet, requiring proper authentication from the connecting users to access internal network resources. Implementing remote access servers without additional encryption would not ensure data confidentiality and integrity. Configuring encrypted gateways focuses solely on securing gateways but does not address endpoint-to-network secure connectivity. Secure network perimeters enhance the overall network security but do not inherently provide secure remote access capabilities.

A digital signature provides assurance that a file has not been altered since it was signed (integrity) and that it originated from the holder of the private key (authenticity). However, it does not guarantee the code is free from malware. As seen in major supply chain attacks, if an attacker compromises a vendor's internal build process, they can inject malicious code into the software before it is signed. The software, now containing malware, is then legitimately signed by the vendor, making it appear trustworthy. Another primary attack vector is the theft of a vendor's code-signing private key, which allows an attacker to sign their own malicious files. Therefore, relying solely on a digital signature is insufficient.

A Virtual Private Network (VPN) is best suited for securely connecting remote branches to the corporate network because it creates a virtual and encrypted tunnel between two endpoints over a less secure network, typically the internet. VPNs ensure that data transmitted between these locations remains private and protected from eavesdropping or interception. MPLS provides reliable connections but is not specifically designed to secure data in transit. While VLANs can segment network traffic within a local network, they do not extend to remote locations. Wi-Fi calling is not related to connecting branches and focuses on voice over IP services. SSL is a protocol for securing individual connections between web clients and servers, not network branches. Leased lines provide direct connections but are expensive and do not inherently encrypt data.

Changes, even urgent ones, should be documented and approved based on company policy. This is typically called something like a "Change Request" or CR, or a "Request For Change" or RFC. This is the first step in deploying updates, configuration changes, etc.

The correct answer is Compliance with national laws and regulations, as it directly relates to the obligations an organization has to adhere to the legal framework set forth by the government of the country in which it operates. Non-compliance can result in legal actions, fines, or sanctions against the organization. Local business norms are relevant to cultural practices but do not hold regulatory authority. Regional trends may influence business strategy but lack the legal impact of national laws. Global standards are best practices that might be adopted internationally, yet they do not replace national legal requirements.

Non-repudiation links an action to an individual using a unique identifier. For example, it provides assurance that an email was actually sent by the sender or it connects a user to a change they made on the network so they can't deny they made the change.

Vishing (also called voice phishing) is conducting phishing attacks using telephony. This often involves using VoIP features such as caller ID spoofing to avoid detection.

Conducting a thorough analysis of the security logs, especially around the time of the breach, will likely reveal the sequence of events that led to the breach, including the initial point of entry and methods used by the attacker. This detailed trail is indispensable for pinpointing the original vulnerability or misconfiguration that the attacker exploited. Simply running a vulnerability scan might identify potential vulnerabilities but would not confirm which were actually exploited. Organizational policy review and user education, while important, are less likely to directly lead to the discovery of the specific exploited vulnerability.

Implementing multi-factor authentication (MFA) provides a powerful defense against unauthorized access, as it requires users to provide two or more verification factors to gain access to resources, thus protecting against compromised credentials. Email encryption is a security measure that protects the contents of emails but does not secure access to collaboration tools and resources. While limiting connection times could potentially reduce the window of opportunity for an attack, it would not be practical for collaboration needs and does not strengthen authentication methods. The frequency of changing passwords, without the additional step of verifying the user's identity, may be less effective against sophisticated attacks.

Load balancing effectively uses parallel processing by distributing incoming traffic across multiple servers, which not only manages the traffic surge during peak times but also provides redundancy in case one server fails. 'Database normalization' is a process used to optimize database design but does not directly apply to parallel processing for traffic management. 'Rate limiting' is used to control the traffic rate a single user or service can make to a web service but does not employ parallel processing to distribute workload. 'Single sign-on' (SSO) simplifies user authentication by using one set of login credentials for multiple services but is not related to the concept of parallel processing for handling increased load or capacity planning.

While all listed documents play pivotal roles in a comprehensive security governance framework, Information Security Policies are crucial to defining the overall security strategy, essential for compliance with various regional, national, and global laws, and setting forth the rules and guidelines specific to the protection of the company's information assets. Updating the Information Security Policies will provide a foundation for the company's global security posture, ensuring that all other documents and practices align with these high-level policies and meet the regulatory requirements of each region in which the company operates.

Organizations need to account for the complete legal landscape that applies to their operations and data, including all relevant local, national, and international laws and regulations. Global requirements such as the EU GDPR have extraterritorial reach and can impose significant penalties-up to €20 million or 4 % of worldwide annual turnover-for non-compliance. Focusing only on local or national statutes, or exclusively on international treaties, would leave important obligations unmet and expose the organization to fines, sanctions, and reputational damage.

The correct answer is Spear Phishing because it involves targeted attempts to deceive individuals into providing sensitive information. Vishing refers to voice-based phishing, Smishing involves SMS-based attacks, and Whaling targets high-profile executives specifically.

A VPN that implements IPSec provides a high level of security by establishing an encrypted tunnel between the VPN client and the VPN server, which protects the privacy and integrity of data transmitted over public networks. IPSec operates at the network layer, allowing it to secure all traffic that passes through the tunnel, making it the best option for this scenario.

An incident response plan is a living document that must adapt to evolving threats and to lessons learned during drills and audits. Even when the environment appears static, undetected weaknesses or procedural gaps can persist. Regular reviews-through tabletop exercises, simulations, and document updates-surface these weaknesses so they can be corrected before a real incident occurs. Standards such as NIST SP 800-61 recommend at least annual reviews or reviews after any significant change or exercise. Therefore, uncovering hidden weaknesses is the strongest justification. The other options are either secondary considerations, false economies, or contradict best practice.

Wired Equivalent Privacy (WEP) was a commonly used security protocol for encrypted wireless networks. It has been deprecated and is outdated with known vulnerabilities. WEP should not be used, instead a newer and more robust option like WPA2 should be implemented.

Adding fingerprint scanning as an additional factor is the MOST secure option among the choices given. It provides a high level of accuracy and is less subject to duplication or impersonation compared to other methods such as voice recognition. While facial recognition is secure, it can sometimes be influenced by changes in appearance or spoofed with high-quality images. Voice recognition, while convenient, can be less secure due to background noise, voice imitation, and recording attacks. Installing key fob devices is not a form of biometric authentication, as it is something you have, not something you are.

Reviewing and adjusting the access control list (ACL) is the most appropriate step when users are denied access to network resources, assuming there is no outage or malfunction of the actual resource or network. An ACL may have been incorrectly configured or updated, causing access issues. Examining and rectifying the ACL can restore proper access to authorized users. Patching, while important for security, would not directly address the immediate issue of access if the server and network are confirmed to be operational. Likewise, monitoring does not resolve current access issues, although it may help identify them. Finally, decommissioning the server would be counterintuitive if there's a need for its services.