CompTIA Security+ Practice Test (SY0-701)

The correct answer is risk tolerance. Risk tolerance is the degree of risk or uncertainty an organization is willing to accept in pursuit of its objectives. When a company's strategic goals shift, as in this scenario from a conservative posture to an aggressive growth strategy, its willingness to take on risk (its risk tolerance) must be re-evaluated. The new fintech platform represents a higher-risk, higher-reward initiative, which necessitates a change in the company's established risk tolerance. The Recovery Point Objective (RPO) and Annualized Rate of Occurrence (ARO) are metrics used within risk management, but they do not represent the organization's overall willingness to accept risk. An Acceptable Use Policy (AUP) defines rules for technology use and would likely be updated, but the primary, high-level concept that needs reassessment due to a major strategic change is the overall risk tolerance.

A 'Recurring' process refers to a routine or periodic activity that takes place at regular intervals. In the context of risk management, it pertains to the consistent reevaluation of potential risks to the organization, such as a scheduled quarterly scan. This ensures that new and evolving threats are identified and managed effectively. It contrasts with 'Ad Hoc', which is done as needed; 'One-Time', which is done once and not repeated; and 'Continuous', which implies an ongoing process without set intervals.

Reverting to a snapshot is the fastest way to restore a virtual machine to its state at a specific point in time, such as right before a patch or update. Snapshots capture the entire state of the VM, allowing for a near-instantaneous rollback. While restoring from a full or incremental backup would also work, these processes are significantly slower and more resource-intensive, making them less ideal for this scenario.

Enabling side loading bypasses the security screening performed by official app stores. Apps obtained from unofficial repositories may contain trojans, spyware, or other malware that can exfiltrate data or compromise the entire device. Although side loading does not automatically drain the battery, root the phone, or weaken Wi-Fi encryption, it does open a path for malicious software to be installed without the user's knowledge.

Jailbreaking or rooting bypasses the manufacturer's code-signing and sandbox controls, granting the user and any installed application root-level privileges. Without these protections, unvetted software can run unrestricted, dramatically enlarging the attack surface and making malware infection, data theft, and further privilege escalation far more likely. By contrast, the other statements are incorrect: jailbreaking removes app-store restrictions instead of enforcing them, does not automatically enable encryption, and typically prevents or delays future security updates from the vendor.

A Key Risk Indicator (KRI) is a forward-looking metric tied to a specific risk. Tracking KRIs inside, or in direct association with, the risk register allows risk owners to spot deteriorating trends and take action before the threat reaches an unacceptable level. Items such as service-level agreements, memoranda of understanding, or general performance metrics do not fulfill this early-warning function within the risk register.

Asymmetric encryption, also called public-key cryptography, relies on a mathematically related key pair: a public key that can be shared openly and a private key that is kept secret. Because only the corresponding private key can decrypt data encrypted with the public key, parties do not need to exchange a secret key in advance, thereby eliminating the key-distribution problem. Symmetric encryption requires a single shared key, which must be distributed securely; steganography hides-but does not encrypt-data; and hashing algorithms create fixed-length digests rather than enabling reversible encryption.

The correct document for outlining the specific tasks, deliverables, and timeline in a vendor agreement is the Statement of Work. This document plays a crucial role in setting clear expectations and project details before work commences, ensuring that both parties are aligned on what is to be delivered, when, and in what manner. An agreement for services, on the other hand, defines the level of service performance and quality assurances rather than detailing the project specifics. A confidentiality agreement focuses on the protection of proprietary and sensitive information shared during the engagement and does not detail project specifics. A partnership agreement outlines the general terms of the partnership and cooperation between two entities, which again does not focus on the provision of services for a particular project like a Statement of Work does.

Phishing involves sending deceptive messages, like instant messages, to trick individuals into revealing sensitive information such as login credentials. In this scenario, the attacker impersonates a senior executive to gain trust and elicit the employee's credentials, which is characteristic of a phishing attack. Vishing refers to phishing conducted via voice calls, Denial-of-Service attacks aim to disrupt service availability, and Man-in-the-Middle attacks involve intercepting communications between two parties without their knowledge.

Encryption is a process that encodes sensitive information so that only authorized parties can access it. When data is encrypted, it is converted into ciphertext, which appears random and meaningless. This makes it an effective mitigation technique against a variety of threats, such as data eavesdropping or theft. Hashing, being a one-way function, is designed for verifying the integrity of data and is not meant for encrypting or securing data itself. Tokenization substitutes sensitive data with non-sensitive equivalents, which does not entail converting data into a coded form. Hence, it is not the correct answer in the context of data encoding for protection.

When a product reaches end-of-support, the vendor no longer supplies security patches. Any newly discovered vulnerability therefore remains permanently unpatched, leaving the system open to exploitation. This lack of patching-not power consumption, lost features, or self-protective shutdowns-is the primary security risk. Compensating controls such as network isolation can help, but they do not eliminate the root issue.

Supply chain attacks usually start by breaching a trusted third-party vendor or service provider and inserting malicious code or components into software or updates that are then distributed to downstream customers. Because the update appears to originate from a legitimate, trusted source, traditional perimeter and host defenses inside the customer's environment often fail to detect the compromise. Attacks that target only an organization's internally developed code, physical theft of hardware, or direct DDoS assaults do not fit the definition of a supply chain attack.

Log tampering is a deliberate act to manipulate or erase logs to hide unauthorized activities or to disrupt the integrity of the logging process. While logs can be lost due to technical issues such as configuration errors or system overload, sporadic and selective disappearance is more indicative of a deliberate effort to alter logs, which signifies that log tampering is the most likely explanation. Scheduled maintenance wouldn't selectively affect log entries, and time synchronization issues would cause discrepancies in timestamps rather than missing entries. Log rotation without archiving could lead to loss of older records, but would not usually result in sporadic missing entries.

Intrusion Detection Systems (IDS) are designed to monitor network and system activities for malicious activity or policy violations. A well-configured IDS can detect numerous types of malicious network traffic and computer usage that often go unnoticed by a firewall, which makes it an excellent choice for identifying unauthorized accesses or anomalies. Anti-virus software, while useful for detecting and removing malware, does not generally monitor network traffic for anomalies. Firewalls are preventive controls that block unauthorized access based on predefined rules but do not perform post-passage anomaly detection. Security training is essential for personnel but does not continuously monitor network traffic.

When entering new international markets, a firm must prioritize understanding and adhering to the data protection laws specific to those regions. The GDPR in the European Union has stringent requirements for personal data handling, and a similar emphasis on data privacy exists in many Asian jurisdictions. Ensuring compliance with these laws is foundational because non-compliance can lead to severe penalties. While all other options provided are valid considerations for a security program, they do not directly address the legal and regulatory differences introduced by international expansion.

The first step in a responsible-disclosure workflow is to acknowledge that you have received the researcher's report and let them know the matter is being investigated. Prompt acknowledgement opens a communication channel, shows good faith, and helps prevent premature public disclosure. Ignoring the report can drive the researcher to disclose the flaw, publicly thanking them before verification may draw unnecessary attention, and offering a reward before confirming the issue (or without a bounty program in place) is premature.

SQL injection is a well-known attack vector that allows an attacker to manipulate a database query. This type of vulnerability falls under the category of 'Injection Flaws,' which is recognized as a common vulnerability type within the web application security space. Understanding the categorization helps in prioritizing remediation efforts, as injection flaws are often deemed high-risk due to their potential for facilitating unauthorized data access or manipulation.

The Trusted Platform Module (TPM) is a tamper-resistant integrated circuit mounted on a computer motherboard. It can generate, store, and manage asymmetric keys, keep disk-encryption keys out of main memory, and attest to boot integrity. Because secrets never leave this protected hardware boundary, a TPM greatly reduces the chance that malware or a physical attacker can extract passwords, private keys, or other authentication material.

Implementing regular and automatic comparisons of the current state of files against a trusted baseline is essential. It ensures any modifications are detected promptly, thereby providing timely alerts about potential unauthorized changes or malicious activity. Allowing manual integrity checks only during scheduled maintenance introduces unnecessary risk as unauthorized changes could remain undetected between maintenance windows. Relying on user reports is inefficient and insecure, as users may not notice subtle changes or may not report them in a timely manner. Setting up alerts for file size changes only does not provide comprehensive monitoring as many types of malicious modifications do not alter file size.

False is correct. A well-governed security program follows a continuous improvement model. Regular monitoring and scheduled reviews help the organization adjust policies, controls, and processes to new threats, technologies, business objectives, and regulatory requirements. Limiting revisions to post-breach situations is reactive and can expose the organization to avoidable risk.