CompTIA Security+ Practice Test (SY0-701)

Implementing key escrow involves securely storing copies of cryptographic keys with a trusted third party or designated authority. This allows the organization to recover encrypted data if the original keys are lost or inaccessible. Key stretching strengthens weak keys against brute-force attacks but does not help in recovering lost keys. Digital certificates associate public keys with user identities but do not provide a means for key recovery. Certificate Revocation Lists (CRLs) are used to revoke untrusted certificates and do not aid in data recovery.

A firewall that filters traffic to block unauthorized access is a classic example of a preventive control. Preventive controls are designed to stop an incident from occurring. In this scenario, the firewall is proactively preventing a potential breach. Detective controls, such as an Intrusion Detection System (IDS), would identify an attack as it happens or after the fact. Corrective controls, like restoring from a backup after a ransomware attack, aim to limit the damage after an incident. Deterrent controls, such as warning banners, are meant to discourage attackers but do not actively block them.

A Non-Disclosure Agreement (NDA) is specifically designed to legally bind parties to keep shared sensitive information confidential. While other agreements like Service-Level Agreements (SLA), Master Service Agreements (MSA), and Memorandums of Understanding (MOU) address different aspects of vendor relationships, the NDA focuses on confidentiality.

Encryption is the process of converting plaintext into a coded format known as ciphertext, which can only be read by authorized parties who have the decryption key. This process uses an algorithm and a key to transform the readable data into an unreadable format, thereby protecting the data from unauthorized access or eavesdropping.

An air-gapped system is physically isolated from all other networks, including the Internet. Because no network interfaces remain connected, data cannot enter or leave electronically, providing maximum protection for highly sensitive assets. A host-based firewall, VLAN segmentation, or an IDS can restrict or monitor traffic, but all still depend on an active network connection and therefore cannot guarantee total isolation.

Organized crime groups often engage in the theft of data for the purpose of selling it on the black market, as it can be extremely profitable. Nation-state actors are typically more interested in espionage or sabotage; hacktivists are motivated by political or societal goals, and insiders might seek revenge or intellectual challenge, but are less likely to sell data on a scale consistent with organized crime.

The correct answer is Supply Chain. This scenario highlights the vulnerability that arises from dependence on a third-party service provider, which is a key component of the supply chain. An Insider Threat involves risks from within the organization, Zero-day refers to previously unknown vulnerabilities, and Misconfiguration pertains to incorrect setup of systems.

The most effective change to improve password security while considering user convenience is to increase the complexity of the passwords and implement multi-factor authentication. Frequent password changes can often lead to weaker passwords as users may choose easier to remember (and guess) passwords or make minor alterations to their existing ones. By increasing the complexity and using multi-factor authentication, a stronger security posture is achieved without unnecessary frequency in password changes that often leads to diminished security.

A system that has the ability to not only monitor network activities for malicious actions but also take proactive measures to interrupt or stop these activities serves as a protective mechanism against threats. This is the essential function of an Intrusion Prevention System, which is what separates it from similar systems that only detect and alert but do not take preventative actions.

The correct answer is 'Regulations'. Regulations are specific, enforceable requirements laid down by governmental authorities, and organizations must adhere to them to ensure compliance within various domains, including data protection and privacy. 'Guidelines' offer advice or suggestions but are not legally enforceable. 'Frameworks' provide a structured approach to addressing complex issues but also lack the force of law. 'Protocols' generally refer to technical agreements for data exchange and communications in IT systems. Finally, while 'Mandates' require action, the term is broad and may not necessarily pertain to legally enforceable directives like regulations do.

Zero Trust Architecture is designed to eliminate implicit trust and enforce strict verification for every user and device attempting to access network resources. It requires full authentication, authorization, and encryption for each access request, effectively meeting the manager's requirements. The Principle of Least Privilege limits access rights but doesn't address continuous authentication or the elimination of implicit trust for each request. Defense in Depth employs multiple layers of security but does not specifically focus on the trust model for access requests. Security through Obscurity is not a valid or effective security strategy, as it relies on secrecy rather than robust security measures.

A feature known as a 'selective wipe' or 'corporate wipe' is designed for the scenario presented. It allows an organization to remove only the data and configurations that pertain to the company, preserving the personal information of the user. This is critical for organizations that allow the use of personal devices for work, to manage the risk associated with data retention when employees leave. A 'full wipe' would erase all data from the device, which affects personal information and therefore is not suitable. 'Remote locking' secures a device against unauthorized use, but it doesn't address the removal of data. 'Encryption' secures data but does not offer a method for selective removal of company data upon employee departure.

An Unknown Environment Penetration Test is the best approach in this scenario because it simulates the actions of an actual attacker that has no prior knowledge of the network. This type of test can provide the most realistic assessment of security as it evaluates the organization's defenses from the perspective of an uninformed attacker, which is a common threat. A Known Environment Penetration Test is not the best choice because it assumes prior knowledge of the system's internals which may not be the case for real-world attackers. The Partially Known Environment Penetration Test provides a middle ground between known and unknown and is less realistic than the unknown approach for simulating a full external threat. Reconnaissance is a phase within penetration testing rather than a complete testing approach and does not alone provide a comprehensive assessment of system vulnerabilities.

The badges in question are at risk of Radio-Frequency Identification (RFID) cloning. The lack of a mutual authentication process in the badge system permits an attacker to easily capture the badge's signal and create a duplicate without being verified by the reader. This process leads to unauthorized individuals potentially gaining access to secured facilities. Mutual authentication is a security feature where a badge and its reader verify each other before any data is transmitted. Options such as 'Email compromise' and 'Social engineering tactics' are not directly related to the scenario described where radio-frequency signals could be exploited. 'Encryption breaking' is also incorrect as it doesn't directly pertain to the cloning of an RFID signal, which is an issue distinct from cryptographic weaknesses.

The correct answer is that organized crime groups are known for their high level of resources and sophisticated capabilities. These groups are typically well-funded and deploy a range of technical and human resources to carry out complex attacks, often with a primary motivation of financial gain. The other options are incorrect. Acting based on philosophical or political beliefs is characteristic of hacktivists. Focusing on service disruption without financial motives can also be a trait of hacktivists. Low technical capacity and limited financial backing are attributes of an unskilled attacker, not a sophisticated organized crime group.