CompTIA Security+ Practice Test (SY0-701)

Regular updates provide the latest malware signatures, intrusion indicators, spam patterns, and other threat intelligence to all integrated detection engines (antivirus, IDS/IPS, anti-spam, etc.). Without these updates, the UTM's ability to recognize and block new or rapidly evolving attacks degrades over time, leaving the organization exposed. Updating device drivers, eliminating single points of failure, or enabling traffic-balancing features are important administrative tasks but are not the primary reason that keeping the threat database current is critical.

A Web Application Firewall (WAF) is designed to protect web applications from application-layer attacks such as SQL injection and cross-site scripting (XSS). It operates at Layer 7 (the Application layer) of the OSI model, where it can inspect the content of HTTP and HTTPS traffic. Traditional network firewalls operate at Layer 3 (Network) and Layer 4 (Transport), filtering traffic based on IP addresses and ports, and cannot inspect the application-specific data needed to stop these attacks. Layer 2 is the Data Link layer, which handles node-to-node data transfer using MAC addresses.

The General Data Protection Regulation (GDPR) is a comprehensive data privacy framework that imposes strict rules on data protection and privacy for individuals within the European Union. As it is one of the strictest privacy and security laws in the world, adopting GDPR-compliant policies will likely ensure compliance with a wide range of international data protection standards. The regulation requires businesses to protect the personal data and privacy of EU citizens. Additionally, because the GDPR has extraterritorial applicability, meaning it applies to organizations outside the EU that process data of EU residents, adhering to its standards can help a multinational corporation align with global data protection regulations. The other options are either national and not globally focused (like the Federal Information Security Management Act), industry-specific (such as acts related to shipping port security), or limited in scope with regards to data protection (for example, the United Nations Convention on Contracts for the International Sale of Goods).

With asymmetric encryption, the sender uses the recipient's public key to encrypt the data. Only the holder of the mathematically related private key can decrypt that ciphertext, so confidentiality is preserved even if the encrypted traffic is intercepted. In contrast, symmetric encryption relies on a single shared secret key (Answer 1), digital signatures created with a sender's private key provide integrity and authentication-not confidentiality (Answer 3), and striping data across drives (Answer 4) is a storage redundancy technique unrelated to encryption.

The correct answer is 'Hacktivist' because the primary motivation of the attacks is to promote political beliefs regarding animal rights, rather than for financial gain or data exfiltration. Hacktivists often publicize their actions to draw attention to a cause or to effect change, which aligns with the attackers' behavior in this scenario. Other threat actors like 'Nation-state' or 'Organized crime' entities would be improbable due to the lack of espionage or financial motives. 'Insider threat' does not fit the pattern, as there is no indication that the attackers are internal members of the organization. 'Shadow IT' relates to unauthorized IT systems within an organization, not external threats. Lastly, 'Unskilled attacker' suggests a lack of capability or sophistication, which does not necessarily apply in this context.

Security zones are utilized to segregate different parts of the network, often by their role or requirements for security, to apply appropriate controls and limit the spread of security breaches. By controlling communication between zones, the risk of a compromised system affecting the entire network is reduced. Each answer choice is related to network management or security, but only one specifically addresses the central concept of isolating network segments to enhance security.

Scalability is the ability of a system to handle a growing amount of work by adding resources. It ensures that as demand increases, the system can scale up or out to maintain performance levels. Resilience refers to a system's ability to recover from failures, availability is about the system being accessible when needed, and redundancy involves duplicating components to prevent failure but does not directly address increasing demand.

The metric in question is the Recovery Time Objective, which sets the maximum amount of time that a process can be down after a disruption before significantly impacting the organization. It is essential for creating effective disaster recovery strategies. While redundancy is a strategy that may help achieve a lower RTO by having backup systems, it is not a metric. Availability represents the proportion of time a system is operational, and Service Level Agreements establish the expected performance and availability standards between providers and clients, but neither directly defines the maximum tolerable downtime after a disruption.

Snapshots provide a point-in-time copy of the virtual machine's disk file, which can be used to restore a system back to a particular state with minimal downtime. This makes them highly suitable for environments where data needs to be restored quickly and efficiently, such as in a healthcare company handling sensitive patient records. Traditional backups involve copying files to another location and often result in longer recovery times. Differential and incremental backups, while useful for saving storage space and reducing backup time, do not provide the immediate state recovery that snapshots offer.

Birthday attacks exploit the birthday paradox, a mathematical principle that makes it easier than expected to find two inputs that produce the same hash output (a collision) in a hash function. This compromises data integrity by allowing an attacker to substitute input data without changing the hash. Dictionary attacks focus on guessing passwords using common words, rainbow table attacks use precomputed tables to reverse-engineer hashed passwords, and brute force attacks attempt every possible combination of input without leveraging collision probabilities.

A proxy server is a network device that accesses servers on the behalf of a client requesting access to the resource. Proxy servers are typically used as intermediaries between clients and web servers. One of the advantages of this is that the server being accessed will not be able to see the IP address of the client.

The correct answer is 'Execution in a virtualized sandbox environment.' This provides an isolated space for running and analyzing the behavior of the application without risking the integrity of the main operating system or other applications. It limits the app's interaction with real system resources, containing any potential harm. 'Using a dedicated test user account' is useful for access control but does not inherently contain the application's actions. 'Network segmentation' isolates network traffic but doesn’t address the local execution of an application on a device. 'Deployment to a staging server' provides a realistic test environment that mimics production but does not provide the level of isolation a sandbox does for analyzing the behavior of individual apps.

The correct answer is 'Incremental backups every 2 hours with daily full backups'. This approach efficiently balances the need to maintain recent data save points to minimize loss in the event of a system failure while utilizing resources effectively. Incremental backups save changes since the last full or incremental backup, reducing the volume of data that needs to be copied and the time required for each subsequent backup. Daily full backups ensure that there is always a recent complete copy of data to restore from, while the frequent incremental backups capture the ongoing changes.

Implementing multi-factor authentication (MFA) provides a powerful defense against unauthorized access, as it requires users to provide two or more verification factors to gain access to resources, thus protecting against compromised credentials. Email encryption is a security measure that protects the contents of emails but does not secure access to collaboration tools and resources. While limiting connection times could potentially reduce the window of opportunity for an attack, it would not be practical for collaboration needs and does not strengthen authentication methods. The frequency of changing passwords, without the additional step of verifying the user's identity, may be less effective against sophisticated attacks.

A security token generates a pseudo-random code or has a built-in mechanism that changes the code it provides at regular intervals, which users must input for authentication. This matches the 'something you have' factor category, as it's a physical object the user must possess to gain access. SMS messages, though they can technically fall under 'something you have' since they are sent to a device you own, are not the best choice due to security concerns such as interception or SIM swapping. Passwords are 'something you know' and biometrics are 'something you are,' hence are not classified under 'something you have' for authentication factors.