CompTIA Security+ Practice Test (SY0-701)

An Intrusion Detection System (IDS) is the correct answer because it is specifically designed for the passive monitoring of network traffic and alerting when suspicious activities or known threats are detected. Unlike an Intrusion Prevention System (IPS), an IDS does not actively block potential threats; it instead focuses on the detection aspect and relies on others to respond to the threats it identifies. A Firewall controls incoming and outgoing network traffic based on an applied rule set and is not designed solely for the detection of threats. A Load balancer distributes network or application traffic across a number of servers to optimize resource use, maximize throughput, reduce response time, and avoid overload on any one server.

The primary goal of uniform configuration standards is to establish a consistent security posture and operational behavior among the company's numerous devices and systems. This not only reduces the potential for errors but also simplifies administration and strengthens the organization's defense against common threats. Consistency makes it easier to manage updates, apply security policies, and ensure compliance with both internal guidelines and external regulations.

Both the visible signs and the plainly mounted cameras are intended to influence human behavior by making would-be intruders think twice before acting. They raise the perceived risk of being identified and caught, thereby discouraging an attack. Because their primary purpose is psychological discouragement rather than physical prevention, detection, or post-incident recovery, they are classified as deterrent controls. Detective controls (such as audit logs) identify events that have already occurred, preventive controls (such as door locks) stop access outright, and corrective controls (such as restoring from backups) limit damage after an incident.

Classifying data involves assigning a level of sensitivity to data, which helps an organization to determine the appropriate level of security controls and manage risk effectively. This ensures that sensitive information is adequately protected from unauthorized access or leaks. Options such as 'To reduce the amount of data stored' and 'To increase the data's value' are incorrect because classification itself does not specifically aim to reduce storage requirements or directly increase the value of the data. Instead, classification serves to protect data’s integrity, availability, and confidentiality based on its sensitivity level.

Using automated deployment tools with security checks integrated into the deployment pipeline provides the most secure and efficient deployment strategy. It leverages scripting and automated processes to enforce security baselines, apply configurations, and ensure that all steps are consistently followed for each deployment. Automation reduces the risk of human error and ensures that security controls are integrated throughout the deployment process. Manual deployment increases risk as it's more prone to errors and inconsistencies. Scheduled deployment may not address the immediate security needs of the environment, and phased deployment focuses more on functionality and user adaptation rather than security.

Automated compliance-monitoring tools can continuously collect evidence, check configurations, and raise alerts more quickly than manual methods. However, they still require human review to interpret nuanced legal requirements, investigate false positives or negatives, and decide on appropriate remediation. NIST SP 800-137 notes that efficient monitoring cannot rely solely on manual or automated methods; both are necessary to achieve comprehensive coverage and sound risk decisions.

The correct answer is that the device becomes more susceptible to malware. Jailbreaking removes the operating system's built-in security features, such as sandboxing and code signing, which are designed to protect the device and its data. This allows unvetted applications from third-party sources to be installed, which can contain malware or exploit the elevated privileges gained through jailbreaking. While voiding the warranty is a likely consequence, it is a support issue, not the primary security risk. Jailbreaking can sometimes lead to system instability and crashes rather than a guaranteed performance enhancement. Furthermore, jailbreaking prevents the installation of official OS updates, which include critical security patches, making the device less secure over time.

Shadow IT refers to any IT resource-hardware, software, or service-adopted without the knowledge or approval of the organization's IT department. This includes cloud or SaaS platforms obtained directly from external service providers. Because these resources bypass normal vetting, they may introduce compliance gaps, data-handling risks, and visibility issues. The correct statement reflects this characteristic, whereas the distractors either limit shadow IT to hardware, describe it as always malicious, or claim it is automatically protected by enterprise security tools.

The correct answer is "Recommendations for remediation". While a list of vulnerabilities, CVEs, and CVSS scores is essential for identifying and prioritizing issues, a report is not fully actionable without clear recommendations for how to fix (remediate) or lessen the impact of (mitigate) the identified vulnerabilities. An executive summary is important for context, and scan dates and tools are useful for methodology, but remediation steps are what guide the response.

This statement is correct. In the cloud shared responsibility model, particularly for IaaS, the customer retains responsibility for securing their own data. This includes classifying the data, deciding what to encrypt, and managing the encryption configurations and keys. While the cloud provider is responsible for the security of the cloud (the physical infrastructure), the customer is responsible for security in the cloud, which encompasses their data, applications, and guest operating systems. The provider offers encryption tools, but the customer must choose to implement and manage them for their data.

A warm site is a type of disaster recovery site that has the necessary hardware and connectivity in place but doesn't have client data continuously updated. This means that, in the event of a disruption, a warm site may require some time to restore recent backups and configure systems to become fully operational. It offers a middle ground between the immediate availability of a hot site and the lack of infrastructure of a cold site.

Managerial controls are security controls that focus on the management of risk and the management of information system security. These controls are administrative in nature and include activities like creating security policies, conducting risk assessments, planning for business continuity, and performing security awareness training. The activities described in the scenario-risk assessment, policy creation, and defining roles-are all classic examples of managerial controls. Technical controls involve technology like firewalls, operational controls involve day-to-day procedures like reviewing logs, and physical controls involve tangible protections like fences and locks.

Threat Hunting involves actively looking for indicators of compromise or potential threats on networks and systems, often using both manual and automated tools. It goes beyond passive monitoring for known threats and aims to identify malicious activity that may not have been detected by existing security measures. Automated alerts are part of a reactive, not proactive strategy. Red team exercises are focused on simulating attacks to test the organization's defences, not on identifying ongoing unknown threats. Vulnerability assessments are used to identify known security issues to be patched, not to proactively hunt for active malicious presence.

Focusing on scaling up technology resources is crucial in capacity planning to handle increased demand. By ensuring sufficient computing power, storage, and network bandwidth, the company can maintain system performance and security during peak usage. The other options, while important for overall security, do not directly address the need to accommodate higher operational loads.

Corrective controls are designed to fix damages or restore resources and capabilities after a security incident has occurred. In this scenario, the control that restores system functionality and repairs damage is a corrective control.