CompTIA Security+ Practice Test (SY0-701)

Custodians, also known as stewards, are responsible for the day-to-day maintenance and implementation of the security controls over assets based on the policies and guidelines set forth by the organization. While an owner may define the policy for data protection, it is the custodian's role to enforce and implement these policies through technical means, such as configuring and applying encryption to sensitive data. The data owner is typically a senior-level executive who defines what level of protection is required for the data but does not directly manage the security mechanisms. The controller is responsible for making decisions about the processing of the data, and auditors are responsible for reviewing the adherence to policies and regulations, not implementing security measures.

Reviewing security logs is a key part of security monitoring. It allows security professionals to track events that have occurred within the network. Monitoring these logs helps to identify any unauthorized actions, security incidents, or policy violations. Other options listed do not directly correspond to the activity of identifying unauthorized actions through monitoring.

An expansionary risk appetite indicates a willingness to accept higher levels of risk in pursuit of significant rewards or growth opportunities. This aligns with the organization's strategy to pursue aggressive growth. A conservative risk appetite involves minimizing risk and focusing on stability, which does not fit the scenario. A neutral risk appetite represents a moderate approach to risk, neither seeking high risk nor avoiding it entirely. Risk avoidance is a strategy where all risks are eliminated, which contradicts the organization's acceptance of higher risks.

Patching is the process of applying vendor-supplied updates that remediate known vulnerabilities. By regularly deploying patches-often through automated or centrally managed update mechanisms-you close security holes that attackers could exploit. Encrypting data, installing endpoint protection, or disabling unused ports improve security in other ways but do not guarantee that operating system and application vulnerabilities are removed.

This statement is correct. In the cloud shared responsibility model, particularly for IaaS, the customer retains responsibility for securing their own data. This includes classifying the data, deciding what to encrypt, and managing the encryption configurations and keys. While the cloud provider is responsible for the security of the cloud (the physical infrastructure), the customer is responsible for security in the cloud, which encompasses their data, applications, and guest operating systems. The provider offers encryption tools, but the customer must choose to implement and manage them for their data.

Any organization that operates, processes data, or otherwise conducts business within a country is subject to that nation's information-security and privacy laws, even if the company is foreign-owned or headquartered elsewhere. This concept-often referred to as data sovereignty-means compliance is mandatory in each jurisdiction where operations occur; failure can lead to fines, sanctions, or loss of the right to do business. The other options are incorrect because host-nation laws are not optional, cannot be ignored in favor of home-country rules, and apply to activities such as cloud or remote processing, not only to data stored physically on local servers.

The incident response team must exist before any incident occurs. Establishing the team, defining its roles, and putting supporting processes and tools in place are all part of the Preparation phase of the incident response lifecycle. Subsequent phases focus on detecting, containing, and recovering from actual incidents.

Data retention timeframes are pivotal to compliance since they dictate the specific duration for which data must be stored according to various legal and regulatory frameworks. Organizations are often required to retain certain records for a defined period to comply with laws and industry regulations. Retaining data for either too short or too long a period can lead to non-compliance and associated penalties. Having too broad or too narrow scopes in retention policies can be non-compliant or inefficient, respectively, but the actual retention period is the key factor that relates directly to legal and regulatory requirements.

This scenario suggests a case of privilege escalation, a situation where user accounts have been granted more access rights than intended, allowing them to execute commands beyond their original permissions. Here, the service accounts, which should have standard privileges, were found to be part of a privileged group, granting them higher access rights typical of system administrators. This specific detail of 'group membership change' distinguishes the issue as privilege escalation rather than other scenarios like default password changes, account lockouts, or compromised encryption keys which relate to different types of security issues.

After completing a gap analysis, best practice is to develop a structured remediation plan that prioritizes and assigns actions to close the identified gaps. Implementing individual technologies, rewriting policies, or launching broad training programs before establishing such a plan can waste resources and may not fully resolve the deficiencies discovered.

The correct answer is resource reuse. This vulnerability occurs when a resource, such as a physical memory block, is not properly sanitized before being reallocated. In this scenario, remnants of the sensitive financial data could remain in memory (a concept known as data remanence) and become accessible to the next VM that uses that same memory space. VM escape is an attack where a process breaks out of a VM and interacts with the host OS, which is a different threat. Buffer overflow and race conditions are application-level vulnerabilities and are not the primary concern related to sanitizing shared hardware after deprovisioning a VM.

The very first exposure created by a hybrid cloud rollout is the network path that connects the two environments. If that link is not protected with strong encryption and mutual authentication, any data that crosses it can be intercepted, altered, or replayed. Other concerns-such as aligning identity and access controls, tracking costs, or measuring latency-remain important but can be addressed only after the confidentiality and integrity of in-transit data are assured.

An Uninterruptible Power Supply (UPS) is the correct solution because it provides immediate, temporary battery power the moment main power fails. This short-term power bridge is specifically designed to give systems enough time to perform a graceful shutdown or to keep them running until a longer-term power source, like a generator, can activate. A generator is designed for long-term outages but has a startup delay, making a UPS necessary to cover the initial gap. A redundant power supply protects against the failure of a single power supply unit within a device, not an external power outage. A surge protector only protects against voltage spikes and offers no backup power during an outage.

MTBF stands for Mean Time Between Failures. It is a reliability metric that predicts the average time between system breakdowns or failures. A higher MTBF indicates a more reliable system that is likely to operate longer without issues, which is pivotal for business continuity and planning. It is calculated based on historical data and includes only operational periods between failures, not the time required for repair or maintenance.

The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.