CompTIA Security+ Practice Test (SY0-701)

The best strategy is to assign access rights according to the functions necessary for each job role within the new platform. The analytics division should receive a viewing and reporting role to access and analyze data without the risk of altering it, enhancing data integrity. Conversely, the account management division should be given a more comprehensive role that encompasses the creation, viewing, updating, and deletion of client records, aligned with their day-to-day account maintenance and client interaction tasks. This access control mechanism follows the principle of 'least privilege,' granting users only the permissions necessary to perform their jobs, which is a fundamental aspect of secure role assignments. Using 'RBAC' without explaining its meaning or acronym form could lead to confusion for those unfamiliar with the term, highlighting the necessity for clarity in both teaching and testing environments.

An Intrusion Detection System monitors network or host activity and generates alerts when suspicious behavior is detected. Because it identifies potential incidents rather than blocking or remediating them, it is categorized as a detective control. Preventive controls (e.g., firewalls) attempt to stop incidents, corrective controls focus on recovery, and deterrent controls primarily discourage attackers.

Implementing server clustering with shared storage and replication meets the institution's needs. Clustering provides high availability and automatic failover, ensuring that if one server fails, another takes over seamlessly. Shared storage and replication keep data consistent across servers, which is crucial for data integrity.

Load balancing improves performance by distributing traffic but doesn't guarantee data consistency or automatic failover with synchronized data.

Deploying virtualization can create a single point of failure and doesn't offer the necessary failover or data replication features.

Network segmentation enhances security by isolating systems but doesn't address the requirements for high availability and data consistency.

Conducting third-party security audits is the most effective way to assess vendors' adherence to security standards. These audits often include an in-depth analysis of the vendors' security policies, practices, and controls. This can provide an objective and comprehensive overview of the vendors' security posture and compliance with relevant standards. Reviewing the vendors' privacy policies is important but may not offer a complete picture of their security practices. Examining product data sheets only provides information about the products and not the vendors' security standards. Comparing SLAs can showcase the guaranteed performance and availability, but it does not directly address security compliance.

Journaling in the context of file systems is used to record changes not yet committed to the file system, which can protect against corruption and ensure the file system can be reliably restored to a good state in the event of a crash. This feature is specifically designed to track changes in a sequential log, providing a mechanism for recovery that does not depend on the file system's regular write processes, which might be incomplete at the time of a crash.

Scalability is the property of a system, network, or process that enables it to handle a growing amount of work or be enlarged to accommodate that growth without degrading performance or security. Adaptability and flexibility focus on a system's ability to change functionality, while durability concerns its resistance to failure; none of these directly address workload growth.

This scenario describes a phishing attack, but tries to trick you by mentioning a high level executive was targeted which would make it whaling. However because half the internal email addresses were also sent this email it is a more generic phishing attack. Whaling would apply only if high level executives were targeted, not a large chunk of the organization.

The badges in question are at risk of Radio-Frequency Identification (RFID) cloning. The lack of a mutual authentication process in the badge system permits an attacker to easily capture the badge's signal and create a duplicate without being verified by the reader. This process leads to unauthorized individuals potentially gaining access to secured facilities. Mutual authentication is a security feature where a badge and its reader verify each other before any data is transmitted. Options such as 'Email compromise' and 'Social engineering tactics' are not directly related to the scenario described where radio-frequency signals could be exploited. 'Encryption breaking' is also incorrect as it doesn't directly pertain to the cloning of an RFID signal, which is an issue distinct from cryptographic weaknesses.

Educating users on how to identify and report phishing emails is the most effective method because it directly addresses the human factor, which is often exploited in such attacks. While implementing email filtering and deploying anti-malware software can help reduce the number of malicious emails and detect malware, they cannot prevent all threats. Enforcing strict password policies does not prevent users from clicking on malicious links in emails.

Group Policy is designed to centrally manage and enforce security settings across multiple Windows workstations, ensuring consistency and ease of administration. Local security policies, manual configuration, and individual firewall settings do not provide centralized management and consistency.

The term 'Likelihood' refers to the probability that a given threat could potentially exploit a specific vulnerability within an organization's security framework. Understanding and determining the likelihood is crucial in risk management as it helps prioritize risks and informs decision making regarding the implementation of controls.

Hot sites are fully equipped data centers that can take over functionality from the primary site immediately or within a minimal time frame after a disaster. This allows for continuity of operations and a swift return to normal activities, which is crucial for maintaining mission-critical processes during an unplanned interruption. Cold sites, while less expensive, require more time to set up and are not ideal for immediate failover. Warm sites offer a middle ground but still involve a delay in resumption compared to hot sites. While backups are important, they are typically used to restore data and do not by themselves ensure operational continuity.

This type of penetration test is known as a black-box test. In this approach, the testers are given little to no prior information about the target system. For example, they are not provided with details like the web server type or access to the source code. Instead, the testers must perform reconnaissance to gather information and probe for vulnerabilities, simulating an attack from an external threat actor with no inside knowledge.

Implementing key escrow involves securely storing copies of cryptographic keys with a trusted third party or designated authority. This allows the organization to recover encrypted data if the original keys are lost or inaccessible. Key stretching strengthens weak keys against brute-force attacks but does not help in recovering lost keys. Digital certificates associate public keys with user identities but do not provide a means for key recovery. Certificate Revocation Lists (CRLs) are used to revoke untrusted certificates and do not aid in data recovery.

The correct answer is 'Network segmentation'. This practice would isolate the legacy system from the rest of the network, reducing the potential impact of a vulnerability being exploited. While other options like intrusion detection systems and replacement could also be considered, they do not immediately address the risk of the legacy system being compromised. Network segmentation is a straightforward mitigation step that can be applied without requiring the removal of critical, yet non-patchable, equipment.

The crossover error rate (CER) is the point at which the false acceptance rate (FAR) and the false rejection rate (FRR) are equal. The lower the CER the more accurate the biometric system is.

A Hardware Security Module (HSM) is a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, and provides strong authentication. HSMs are specifically designed for the secure generation, storage, and management of cryptographic keys, offering a higher level of security compared to software-based key management solutions. They are widely used in applications requiring high-level security, such as banking, government, and healthcare.

There are times when certain data is required to be kept for a certain period of time due to legal, regulatory or policy reasons. There are also requirements pertaining to when data isn’t supposed to be kept. This is all referred to as data retention.

The Owner of a system or data is primarily responsible for determining the classification of the data and the controls necessary to protect it. They make decisions on how the data should be handled, dictate access controls, and are often decision-makers on acceptable risk levels for their data. While they may delegate certain tasks to others like Custodians or Processors, the Owner retains the ultimate responsibility for the data's security.

Enabling WPA3 on a wireless network provides robust security by using modern encryption methods and management of authentication protocols. This prevents unauthorized users from accessing the network without the correct credentials, thereby securing the wireless communication. WEP is an outdated and insecure encryption method that is easily breached by attackers. Hiding the SSID does not provide security, as the network can still be detected by attackers with the right tools. MAC filtering is not a robust security measure because MAC addresses can be easily spoofed.