CompTIA Security+ Practice Test (SY0-701)

Password spraying is a type of brute-force attack where an attacker attempts to access a large number of accounts with a few commonly used passwords. Unlike a traditional brute-force attack that targets a single account with many passwords, spraying targets many accounts with few passwords to prevent triggering account lockout policies. A dictionary attack is different as it typically uses a large list of passwords against a single account. A rainbow table attack is used to crack password hashes that have already been stolen, not for online authentication attempts. 'Plaintext/Unencrypted' refers to the insecure state of a password, not an attack method.

Port 22 is designated for Secure Shell (SSH), a protocol that provides encrypted remote access. Using the standard port ensures compatibility and leverages established security measures. Ports like 23 (Telnet) are insecure, while ports 80 and 443 are typically used for web traffic.

Mitigation refers to the implementation of measures to reduce the impact of a threat or to reduce the likelihood of its occurrence. Establishing additional access controls to safeguard sensitive information makes it more difficult for unauthorized users to access this information, thus reducing the potential impact of a data breach. On the other hand, transferring the risk involves shifting the responsibility to another entity, such as through insurance. Avoiding the risk would mean completely eliminating the threat, which can be unrealistic for some risks, and accepting the risk would indicate no further actions to decrease its impact.

Isolating the workstation from the network is the BEST immediate action to thwart the ongoing threat, as it prevents the infected system from communicating with the command and control servers and stops further spread of the infection. Changing access controls might not be effective if the infection is propagating in other ways, and conducting a vulnerability scan or capturing network traffic does not immediately contain the threat.

The correct answer is 'Review and align the security policies with the local/regional legal requirements.' When entering a new region, an organization must ensure that its security policies comply with local laws to avoid legal consequences and protect the company's reputation. Conducting a thorough review of the new region's legal requirements and aligning the organization's security policies accordingly is the most prudent initial step.

A Trojan is the correct answer because it disguises itself as legitimate software to carry out unauthorized actions, such as data exfiltration. Viruses attach to files and spread, worms replicate over networks, and ransomware encrypts data for ransom, none of which specifically disguise as legitimate programs to execute covert actions.

Security awareness training educates personnel about corporate security policies, common threats, and safe practices. By making employees aware of their responsibilities and the consequences of non-compliance, organizations see higher adherence to security policies and procedures. Training does not eliminate the need for technical controls, guarantee perfect security, or shift responsibility to a single department; instead, it complements other controls by improving human behavior and reducing policy violations.

Scalability is the property of a system, network, or process that enables it to handle a growing amount of work or be enlarged to accommodate that growth without degrading performance or security. Adaptability and flexibility focus on a system's ability to change functionality, while durability concerns its resistance to failure; none of these directly address workload growth.

A guideline is considered a recommendation/best practice and is not considered mandatory to follow.

Information security policies are most essential for establishing a security governance framework that aligns with business objectives and risk management strategies. Policies are high-level documents that set the overall direction for security, implement controls across the organization in line with its risk appetite, and provide a formal framework for staff to understand their responsibilities. The other options are more specific elements that are typically defined and guided by policies. Password complexity standards are specific rules that enforce a broader access control policy. Annualized Rate of Occurrence (ARO) and Recovery Point Objective (RPO) are specific metrics used within risk analysis and business impact analysis, respectively, which are processes governed by high-level security policies.

Implementing a password manager application allows users to securely store and manage complex and unique passwords for all their accounts. This encourages the use of strong, unique passwords without the burden of memorization. Enforcing strict password policies may lead to password reuse or users writing down passwords. Single sign-on (SSO) reduces the number of passwords but does not promote unique passwords for each service. Implementing biometric authentication enhances security but doesn't address the management of multiple complex passwords.

The correct answer is to subscribe to and analyze threat intelligence feeds. Threat intelligence feeds provide up-to-date information on emerging threats, new attack vectors, malware, and adversary tactics, techniques, and procedures (TTPs). This allows security professionals to proactively adjust defenses against new threats. While the other options are valid security practices, they are not the most effective for identifying emerging threats. Regular vulnerability scanning is crucial for finding known vulnerabilities in the current environment but is reactive to what is already known. Enforcing stronger password policies is a fundamental security control but does not provide insight into new attack methods. Annual penetration testing validates existing defenses against known attack types but is a point-in-time assessment and less effective for continuous monitoring of new, evolving threats.

Full disk encryption (FDE) is the correct choice as it provides comprehensive encryption of all data on the storage medium, ensuring that without the appropriate decryption key, no data can be read, regardless of the system state or whether the storage device is transferred to another machine. Encrypting individual files, while useful, does not offer the same level of protection if an attacker gains access to the underlying file system. Encrypting data using a VPN only secures data in transit, not at rest. SSL/TLS also protects data in transit and does not apply to data at rest.

The use of a passphrase with complexity requirements helps in balancing security with usability. Passphrases are generally longer than traditional passwords and can incorporate complexity through the use of mixed-case letters, numbers, and symbols, making them more resistant to brute force attacks. The phrase structure also aids in memorability, potentially reducing the likelihood of password sharing and reuse. While requiring biometrics adds a level of security, it is not specifically a password policy change. Frequent password changes can lead to users selecting less secure passwords due to fatigue. Disabling account lockout negates a vital security control against brute force attacks.

Although several measures could improve the organization's overall security posture, the activity in the logs indicates a likely brute-force or credential-stuffing attack against user accounts. Establishing appropriate account lockout thresholds restricts the number of consecutive failed authentication attempts, effectively limiting an attacker's ability to guess valid credentials. Routine tasks such as updating firewall firmware and applying operating-system patches improve resilience against known vulnerabilities but do not directly curtail the observed login attempts. Additional user security-awareness training is valuable but likewise does nothing to stop automated, external password-guessing activity. Therefore, configuring and enforcing account lockout thresholds is the most immediate and relevant mitigation.

A possession factor is an authentication method based on something the user physically possesses. A hardware authentication token is a small physical device that can generate a secure login code or house digital certificates and is carried by the user to provide a possession factor for authentication. Eye color is a trait, not something possessed. A password is something the user knows, and a mobile app authorization request, while delivered to a device the user possesses, by itself is not considered a possession factor until accepted and is not inherently a physical item.

Sanitizing resources when deallocating virtual machines addresses resource reuse vulnerabilities. This process ensures that any residual data in memory and storage is securely erased before resources are reassigned to other virtual machines, preventing unauthorized access to sensitive information.

Disabling hyper-threading on physical CPUs can help mitigate certain side-channel attacks but does not address data leakage due to resource reuse.

Isolating virtual machines in separate VLANs protects against network-based threats like sniffing but does not prevent data exposure through shared physical resources.

Installing antivirus software on the host enhances malware detection but does not prevent data leakage caused by improper resource sanitization in virtualization.

Data sovereignty refers to the legal requirements imposed on data based on the country or region where it is stored or processed. Ensuring that all customer data is stored and processed within the same country where the customers reside is essential to comply with data sovereignty laws, which may vary significantly from one jurisdiction to another.

Network Address Translation (NAT) allows many devices to share an IP when accessing another network. Most commonly it is used to allow internal devices to share public IP addresses when accessing the internet. Benefits of NAT include minimizing the number of public IP addresses required (they cost money and for IPv4 there is a limited number available) as well as masking the origin of the request which provides security benefits. Generally NAT is used on a router or firewall.

Applying patches quickly closes known software vulnerabilities and therefore blocks many exploits used by commodity malware. It does not guarantee immunity from new or zero-day threats, nor does it stop malware delivered through phishing, malicious macros, or other techniques that do not rely on an unpatched vulnerability. A layered defense that includes security awareness, EDR, email filtering, and least-privilege controls is still required.