CompTIA Security+ Practice Test (SY0-701)

The correct answer is resource reuse. This vulnerability occurs when a resource, such as a physical memory block, is not properly sanitized before being reallocated. In this scenario, remnants of the sensitive financial data could remain in memory (a concept known as data remanence) and become accessible to the next VM that uses that same memory space. VM escape is an attack where a process breaks out of a VM and interacts with the host OS, which is a different threat. Buffer overflow and race conditions are application-level vulnerabilities and are not the primary concern related to sanitizing shared hardware after deprovisioning a VM.

Traffic-flow metadata-such as timestamps, source and destination IP addresses, and port numbers-directly aligns network conversations with IDS alert times, making it the most effective data set for correlation. Logs of user account changes, device configuration files, and application error messages provide context but do not map cleanly to specific network sessions, so they are less helpful for time-based traffic correlation.

The correct answer is 'Brute force attack'. This type of activity suggests an attempt to guess the password by systematically trying numerous possible combinations. A brute force attack often generates many failed login attempts in a short time frame, which would be recorded by an IDS. An IDS is designed to detect this kind of anomalous behavior and raise alerts accordingly. 'Port scanning' involves probing a server for open ports and does not necessarily result in multiple failed login attempts and would not typically generate an IDS alert for this behavior. 'DDoS attack' and 'Phishing attempt' are also incorrect because although they are security threats, they generally do not result in repeated failed logins on a server.

The correct answer is 'Data in use'. Data in use refers to information that is actively being processed or manipulated by an application, which includes being loaded into system memory (RAM) or processed by the CPU. 'Data at rest' describes data that is stored on a physical medium like a hard drive or database and is not currently being accessed. 'Data in transit' refers to data that is moving across a network. 'Encrypted data' is not a data state itself but a security control that can be applied to data in any of the three states (at rest, in transit, or in use).

Governance committees (often called security or cybersecurity steering committees) exist to set the information-security strategy, approve or endorse policies, and provide ongoing oversight and guidance to ensure the program aligns with business objectives and risk appetite. They do not perform hands-on technical work such as configuring devices, staffing the SOC, or running vulnerability scans; those tasks belong to operational teams.

Reviewing security logs is a key part of security monitoring. It allows security professionals to track events that have occurred within the network. Monitoring these logs helps to identify any unauthorized actions, security incidents, or policy violations. Other options listed do not directly correspond to the activity of identifying unauthorized actions through monitoring.

The correct action is to perform a follow-up vulnerability scan. Rescanning is an essential step to verify that the applied patches have successfully remediated the identified vulnerabilities and to ensure that no new vulnerabilities were introduced in the process. Reviewing event logs, rebooting the server, and documenting the changes are all plausible activities, but they do not directly validate that the security flaw has been eliminated. Documentation is a procedural step, and rebooting is part of the patching process itself, not the validation phase.

The zero trust security model works on the basis of “never trust, always verify.” Devices and users on the network are always required to be authenticated even if they were previously.

The first and most effective action to address the issue is to modify the permissions on the files to ensure that only the development team has access. This alteration directly addresses the problem identified during the audit by enforcing proper access controls, thereby preventing unauthorized access to sensitive information. Disabling the shared network drive would remove access for the authorized development team and is not a precise method of access control. Performing a user account review may surface additional issues but will not rectify the immediate concern of unauthorized access to the proprietary source code. Monitoring the file access patterns is a reactive approach and would not prevent further unauthorized access.

The attackers are driven by their ideological differences with the corporation's environmental practices. This is a case of philosophical or political beliefs motivating cyber attacks. They are not seeking financial gain, engaging in blackmail, or attempting to steal data.

Tokenization is the appropriate method to secure sensitive data at rest, especially for financial transaction data which can contain credit card numbers or personal identification information. By replacing sensitive data with non-sensitive placeholders, tokenization allows the company to handle payment information without exposing actual sensitive data, thus maintaining compliance with industry regulations like PCI DSS. On the other hand, masking and obfuscation may hide data but still could leave it vulnerable to unauthorized access, and hashing, while useful for integrity checks, is not reversible and thus not suitable for data that needs to be retrieved in its original form.

Under the shared-responsibility model, duties move up the stack as you transition from IaaS to SaaS:

• IaaS: The customer controls and secures the guest OS and anything above it, including the application code.
• PaaS: The provider secures the underlying OS and runtime, but the customer still secures any applications they develop and deploy on the platform.
• SaaS: The provider operates and patches the application itself, while the customer focuses on data protection, identity, and configuration. Therefore, the most accurate statement is that responsibility varies by service model: the customer handles the application layer in IaaS and usually in PaaS, whereas the provider handles it in SaaS.

The network administrator's preference is indicative of the Discretionary Access Control (DAC) model, where resource owners have the freedom to provide or restrict access to other users at their discretion. While Role-Based Access Control (RBAC) autonomously assigns permissions based on the user's role and does not cater to individual resource owner preferences, it is not the best fit for the scenario described. Similarly, Rule-Based Access Control typically works alongside other mechanisms, applying rules (like time-of-day restrictions) that do not relate to individual owner discretion. The Mandatory Access Control (MAC) model enforces access decisions made by a central authority based on security labels, not by individual resource owners, and is thus also not suitable for this situation.

The correct measure when repurposing storage devices that previously contained sensitive data is to conduct a secure erasure process that adheres to industry standards (e.g., NIST SP 800-88), ensuring that the data recovery is not possible without extraordinary measures. Degaussing is also a method to sanitize data, but it's suitable for magnetic drives only and might not be practicable for solid-state drives (SSDs). Reformatting the drive is not secure enough, as most standard formatting procedures leave data recoverable. Running a standard antivirus scan, although important for detecting and removing malware, does not address the need to prevent data recovery from the storage device.

A network intrusion prevention system (NIPS) is the only one of the choices that you can place to monitor your entire network for intrusions while at the same time attempting to prevent the intrusion. HIPS and HIDS are only for a single host, while NIDS will only detect an intrusion.

Effective third-party risk management does not end with the onboarding due-diligence review. Organizations should establish continuous monitoring and schedule periodic reassessments so that new threats, regulatory changes, or changes in the vendor's security posture are detected and addressed in a timely manner. Simply relying on the initial review, contractual service-level agreements, or the vendor's own internal audits without independent follow-up can leave significant gaps in risk coverage.

The correct option is multifactor authentication (MFA). MFA enhances security by requiring two or more different authentication factors to verify a user's identity. In this scenario, the password is 'something you know', and the hardware token is 'something you have'. Combining these two factors from different categories fulfills the requirement for MFA. Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single set of credentials to access multiple applications. Biometric authentication uses unique physical characteristics like fingerprints or facial scans ('something you are'). Authorization is the process of granting or denying access to resources after a user has been successfully authenticated.

The IT staff member in this scenario is fulfilling the role of a Data Custodian. Data Custodians are responsible for the technical management and operations of data assets, ensuring that data is properly backed up, secured, and maintained. They implement the policies and controls specified by Data Owners but do not set or decide on those policies themselves.

A Data Owner is typically a senior individual who has authority over and accountability for a specific set of data, making decisions about data classification, access permissions, and policy decisions.

A Data Controller is an entity or individual that determines the purposes and means of processing personal data, often in the context of privacy laws, which is not directly relevant to the described duties.

A Data Processor is an entity that processes data on behalf of a Data Controller, but again, this role is more about processing activities rather than managing and maintaining data assets.

When preparing a report that will be submitted to both internal stakeholders and an independent regulatory body, it is crucial to include evidence of alignment with regulatory compliance standards, as well as internal policies and procedures. This ensures that the report demonstrates adherence to external legal and compliance mandates, while also confirming that internal governance is in line with organizational objectives and practices. Incorrect answers may be plausible, but they do not fully satisfy the dual requirement of adherence to internal policies and external regulations.

Access controls restrict entry to resources-whether a room, system, or dataset-to authorized subjects only. Because the breach involved unvetted staff walking into a sensitive area, the root cause is weak or missing door or identity-verification mechanisms. Strengthening access controls (for example, badge readers, biometric locks, or enforced approval lists) would ensure that only individuals with proper clearance may enter. Firewalls and intrusion detection systems protect logical network traffic, and security awareness training targets user behavior; none of those directly block physical entry to the data center.