CompTIA Security+ Practice Test (SY0-701)

When a product reaches end-of-support, the vendor no longer supplies security patches. Any newly discovered vulnerability therefore remains permanently unpatched, leaving the system open to exploitation. This lack of patching-not power consumption, lost features, or self-protective shutdowns-is the primary security risk. Compensating controls such as network isolation can help, but they do not eliminate the root issue.

A brute force attack involves trying random passwords on user accounts in an attempt to gain access. If accounts are set up to auto lock after a certain number of failed login attempts this can be a sign of an attacker's attempt to brute force accounts.

Managerial controls are designed to establish security policies, procedures, and guidelines within an organization. They help in the strategic alignment of security practices with business operations and in ensuring that organizational security objectives are met. They are essential for the governance of security within the company.

Technical controls, on the other hand, involve the use of technology to enforce security measures, such as firewalls and encryption. Operational controls are more about implementing and maintaining day-to-day security tasks. Physical controls include tangible measures like locks, biometrics, and surveillance systems.

A Non-Disclosure Agreement (NDA) is specifically designed to legally bind parties to keep shared sensitive information confidential. While other agreements like Service-Level Agreements (SLA), Master Service Agreements (MSA), and Memorandums of Understanding (MOU) address different aspects of vendor relationships, the NDA focuses on confidentiality.

A Hardware Security Module (HSM) is a dedicated hardware device designed to securely generate, store, and manage cryptographic keys and perform cryptographic operations. By offloading these tasks from servers, HSMs improve both security and performance in enterprise environments.

A TPM is a hardware chip embedded on a computer's motherboard, primarily used to store cryptographic keys and ensure platform integrity, but it's not designed to offload cryptographic processing from servers.

A Secure Enclave is a secure area within a processor for executing sensitive code, commonly found in mobile devices; it does not function as a separate hardware device for server cryptographic operations.

A Key Management System typically refers to software solutions for managing cryptographic keys' lifecycle but does not provide hardware-based processing capabilities.

Policies that outline employee responsibilities and expected behaviors are examples of directive controls. Directive controls are designed to guide or instruct individuals or systems to ensure compliance with security requirements. They establish guidelines and expectations to influence behavior. Detective controls are intended to identify and detect unwanted events or incidents after they occur. Corrective controls focus on minimizing the impact of a security incident after it has occurred. Preventive controls aim to stop unwanted events from happening in the first place.

Implementing a system that proactively monitors and reports changes to critical files in real-time aligns with the organization’s need for immediate alerts when important files have been modified. While both an intrusion detection system and an antivirus aim to protect against unauthorized activities, they are not specifically tailored for the continuous monitoring of file integrity. Event log auditing, though valuable, is more reactive and does not typically focus on detecting changes at the file level. Therefore, the selected system satisfies the necessity for rapid identification of any unauthorized file alterations.

Revenge is a common motivation for attacks carried out by former employees seeking to harm their previous employer for perceived wrongs.

Full-disk encryption is the correct choice because it encrypts the entire hard drive, including the operating system, applications, and all files. This ensures that if the laptop is lost or stolen, the data on it remains protected and inaccessible without the proper credentials or decryption key. Partition encryption would only protect specific partitions, which might leave other sensitive data exposed. File encryption is more granular and would not provide the broad protection needed for this scenario. Database encryption is intended for protecting data within databases and does not address the potential risk of entire drives being accessed through theft or loss.

An Intrusion Detection System (IDS) is adept at continuously monitoring network traffic for abnormal behavior and is specifically designed to alert the security team about potential threats without modifying, discarding, or preventing the flow of traffic, which aligns with the requirement in the given scenario. On the other hand, an Intrusion Prevention System (IPS) not only detects but also takes action to prevent the identified threats, which could interfere with data flow. A Jump Server is a hardened and monitored device that acts as a bridging point for administrators to connect to other servers but does not perform real-time threat monitoring. A Unified Threat Management (UTM) device combines several security functions into one, yet its threat detection capabilities are broader and not solely focused on network traffic monitoring.

An agent-based monitoring tool would be appropriate for this task because it can be installed on each endpoint to monitor its health and security status in real-time. These agents regularly communicate with a central management console to report on the status of the endpoint and alert security personnel if an anomaly is detected. Other answers involve manual processes, provide incomplete solutions, or are less efficient for real-time monitoring in a large enterprise environment.

A Downgrade attack is characterized by an attacker forcing a system to use a less secure protocol or state, thereby creating opportunities to exploit known vulnerabilities of the older systems or protocols. This makes the attack successful as the older versions generally lack the security features and protections found in newer versions. The incorrect options do not define an attack where the system is forced to use less secure protocols.

A microwave sensor is used to detect motion by emitting microwave pulses and then measuring the reflection of moving objects, making it an effective motion detector. Infrared sensors detect heat signatures, ultrasonic sensors utilize sound waves, and pressure sensors respond to physical force or weight.

The correct answer is a zero-day vulnerability. This term refers to a vulnerability that is actively being exploited by attackers before the software vendor is aware of it or has had an opportunity to release a patch. The name 'zero-day' signifies that the developers have had zero days to address the flaw. A buffer overflow is a specific type of memory vulnerability, which could be the underlying mechanism, but the key element in the scenario is that the flaw was unknown to the vendor. A race condition involves issues with the timing of operations. An SQL injection is a web application attack targeting databases, not a flaw within browser software itself.

The main advantage of automation and orchestration is the ability to enforce security baselines across the organization in an efficient manner. Automation allows for the rapid deployment of consistent configurations, policies, and security controls, ensuring all systems and devices adhere to the organization's security standards. This process is not only efficient but also reduces human error that may occur with manual configuration. It is thus a significant benefit for any medium-sized institution like the one described.