CompTIA Security+ Practice Test (SY0-701)

Integrity refers to the accuracy and reliability of data. When the IT administrator overwrote the configuration files, it led to incorrect data being presented, thus compromising data integrity. Confidentiality involves protecting information from unauthorized access, which is not the issue here. Availability ensures that systems and data are accessible when needed, but the systems are still operational. Authentication relates to verifying the identity of users or systems, which is not impacted in this scenario.

In a decentralized governance structure, decision-making authority is distributed among various departments or business units, allowing for policies and procedures tailored to their specific needs. This contrasts with a centralized model where decisions are made at the executive level and a single policy is enforced company-wide. While security functions can be outsourced, this is a separate concept from the internal decision-making structure of an organization's governance model.

The establishment of a responsibility matrix is crucial in a hybrid cloud approach because it clearly outlines the security responsibilities of the cloud service provider and the client. It ensures that both parties are aware of their specific obligations, which in turn minimizes gaps in security coverage. Understanding who is responsible for each aspect of security helps to prevent overlaps or omissions that can lead to vulnerabilities.

In regards to creating a common set of security policies and ensuring regulatory compliance, while these are important considerations, they come after defining the responsibility matrix, which lays the groundwork for security responsibilities and roles.

Static code analysis is most beneficial because it allows developers to find vulnerabilities and issues in code before the application is run or compiled. This 'shift-left' approach to security is proactive and can save time and resources by catching flaws early. While static code analysis tools can enforce coding standards and improve code quality, their primary security benefit is identifying vulnerabilities that could lead to exploits.

Version control systems are designed to manage changes to documents, computer programs, large websites, and other collections of information. By implementing a version control system, the administrator can track changes made to the security policy documents, establish who made each change, and revert to earlier versions of the documents if required. This provides an audit trail, fosters accountability, and ensures the integrity of documents over time. While permissions and backing up files are essential, these do not inherently provide the ability to manage and track changes to the documents as they evolve or maintain a history of revisions.

The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.

The correct answer is the Acceptable Use Policy (AUP). An AUP is a document that outlines what constitutes acceptable and unacceptable use of an organization's computing resources, including the network and internet access. It would specify rules regarding personal use of company bandwidth. The Incident Response Policy is for handling security incidents like breaches or malware infections. The Change Management Policy governs the process for making changes to IT systems. The Disaster Recovery Policy outlines procedures for restoring operations after a major disruption.

Preventive controls are designed to stop an incident before it can happen. Security awareness training is considered a preventive control because its primary purpose is to educate employees on how to recognize and avoid security threats, thereby preventing security incidents from occurring. While it also directs behavior, its main function in this context is prevention.

High availability refers to systems that are dependable enough to operate continuously without failing for a long period of time. It is often measured by the uptime in the context of an annual percentage. The incorrect options, while related to system performance and design, do not specifically relate to the concept of being operational and accessible when required.

The term 'Workforce multiplier' refers to methods and tools that extend the effectiveness and efficiency of a security team, enabling them to handle more work with fewer resources. This is crucial for modern security operations where the volume of threats and alerts can be overwhelming for small teams. By using automation, orchestration, and other advanced tools, even a limited staff can effectively manage and secure a large set of resources.

Endpoint protection software's role as a system hardening technique is to enhance the security of individual devices within a network by providing a combination of various security measures against threats such as malware, exploits, and unauthorized access attempts. It typically includes functionalities like antivirus, antimalware, and personal firewalls. The correct answer encapsulates these capabilities. The incorrect answers either misrepresent the scope of endpoint protection or attribute unrelated functions to it.

The principle of least privilege is a security concept where a user is given the minimum levels of access, or permissions, needed to perform his or her job functions. This principle limits the access rights for users to the bare minimum necessary to perform their work. This helps to reduce the attack surface and minimize the potential for misuse of high-level access rights. The other options are incorrect because 'Complete autonomy' refers to having total independent control which does not limit permissions, 'Access all areas' typically implies no restriction on access permissions, and 'Permission auditing' is a process of reviewing permissions, not assigning them.

The organization is choosing risk acceptance-it consciously retains the risk and any associated impact rather than investing in mitigation or shifting liability.

• Risk acceptance: The organization acknowledges the risk and its potential impact but takes no additional action beyond monitoring or budgeting for a loss.
• Risk transference: Liability is shifted to a third party (for example, via insurance or outsourcing).
• Risk mitigation: Controls are implemented to reduce either the likelihood or impact of the risk.
• Risk avoidance: The risky activity is eliminated altogether to remove the exposure.

Because the scenario states that management will simply absorb any consequences, it clearly aligns with risk acceptance.

The primary function of a hashing algorithm is to take an input (or 'message') and return a fixed-size string of bytes. The output, known as the hash, is typically a digest that represents the original data in a unique way. If the input changes by even a small amount, the hash will change significantly, known as the avalanche effect. The key aspect of a hash function is that it is a one-way function – data can be turned into a hash, but the hash cannot be turned back into the original data, ensuring data integrity. Hashes are broadly used to verify data integrity because they can reveal if data has been altered. This is crucial in many applications, such as verifying the integrity of downloaded files or the storage of passwords.

The documentation should be updated whenever changes are made to the security infrastructure. This includes major upgrades such as the implementation of a new firewall. Updating the documentation ensures that accurate information is available for the operation and maintenance of the security controls, as well as for audit purposes. Failing to update documentation can lead to confusion, improper configuration, and weaknesses in security. The incorrect options, while they may be important in other contexts, do not directly address the primary need for keeping an accurate historical record of system configurations and policy changes that affect security operations.

A wildcard certificate allows an organization to secure a domain and all of its subdomains with a single certificate. This is achieved by using an asterisk (*) in the domain name portion of the certificate, representing all possible subdomains. Self-signed certificates are generated by the owner and are not trusted by default by browsers and operating systems. Extended Validation (EV) certificates provide higher levels of trust through a rigorous authentication process but do not inherently support multiple subdomains. Root certificates are used to sign other certificates in a certificate hierarchy but are not used to secure specific domains or subdomains.

Enabling WPA3 on wireless access points ensures that the wireless communication is encrypted, providing confidentiality and integrity for the data transmitted over the air. WPA3 is currently the strongest form of wireless security generally available, which protects against unauthorized access and eavesdropping.

A Memorandum of Agreement (MOA) is the correct choice. An MOA is a formal document that outlines the terms and responsibilities for a cooperative project between two or more parties. While it can be legally binding, it is often used for collaborations where no money is exchanged, fitting the non-financial nature of the scenario. It is typically more detailed about responsibilities than a Memorandum of Understanding (MOU), which outlines broader goals and is generally not legally binding. A contract is incorrect because it is a legally enforceable agreement that requires an exchange of consideration (e.g., money), which the scenario explicitly excludes. An 'internally generated action plan' is an internal document, not an agreement between separate entities. 'Collaborative terms outline' is not a standard, recognized type of formal agreement.

The correct term for this consequence is 'technical debt.' It arises when development teams take action to expedite product releases or feature implementations at the expense of code maintainability and overall quality. While this may yield short-term benefits, it creates a metaphorical 'debt' that will have to be 'paid off' later with additional work to fix the rush-induced issues, potentially leading to security vulnerabilities. Alternative terms offered in the answers are related concepts within IT but do not specifically refer to the costs and future rework implied by rushed solutions.

Access controls restrict entry to resources-whether a room, system, or dataset-to authorized subjects only. Because the breach involved unvetted staff walking into a sensitive area, the root cause is weak or missing door or identity-verification mechanisms. Strengthening access controls (for example, badge readers, biometric locks, or enforced approval lists) would ensure that only individuals with proper clearance may enter. Firewalls and intrusion detection systems protect logical network traffic, and security awareness training targets user behavior; none of those directly block physical entry to the data center.