CompTIA Security+ Practice Test (SY0-701)

The testing method described is parallel processing, where backup systems run concurrently with primary systems using real data. This allows for performance validation of backups without impacting live operations. Simulation testing involves virtual scenarios that may not use actual data. Tabletop exercises are discussion-based reviews of plans without system interaction. Failover testing switches operations to backup systems, which can interrupt the production environment.

A security token generates a pseudo-random code or has a built-in mechanism that changes the code it provides at regular intervals, which users must input for authentication. This matches the 'something you have' factor category, as it's a physical object the user must possess to gain access. SMS messages, though they can technically fall under 'something you have' since they are sent to a device you own, are not the best choice due to security concerns such as interception or SIM swapping. Passwords are 'something you know' and biometrics are 'something you are,' hence are not classified under 'something you have' for authentication factors.

The correct answer is 'True'. Nation-state actors, due to their resources and motivations, commonly target critical infrastructure of other countries to cause service disruptions, which can be a part of cyber warfare or espionage activities. The incorrect option 'False' is designed to challenge the test taker's understanding of the capabilities and typical targets of nation-state actors.

The statement is false because all changes, including minor configuration adjustments, should be documented and reviewed through the change management process. Proper documentation and review help to track changes and analyze the impacts in case of issues, maintaining accountability and enabling quick rollback if necessary. It ensures that even seemingly insignificant changes do not lead to larger problems due to unforeseen interactions with other system components.

Time-of-day restrictions are a type of access control mechanism that limit user access to systems based on predefined time periods. This is to prevent users from accessing the system during times when they should not, such as non-business hours or during maintenance windows. This is not related to the attributes of the user (attribute-based) or their role within the organization (role-based), and it does not necessarily reflect the least privilege principle on its own. Instead, it specifies when the access is permitted, regardless of other attributes or roles.

Reviewing security logs is a key part of security monitoring. It allows security professionals to track events that have occurred within the network. Monitoring these logs helps to identify any unauthorized actions, security incidents, or policy violations. Other options listed do not directly correspond to the activity of identifying unauthorized actions through monitoring.

The correct answer is true. A screened subnet, typically known as an area outside the internal network but inside the external firewall, is designed to host services that need to be accessible from both internal users and the public internet. By isolating this network segment, organizations create an additional security layer. Traffic between the internal network and the external networks, such as the internet, must go through this subnet, which is controlled by firewalls to ensure proper security measures are in place and direct connectivity is restricted.

Single Sign-On (SSO) is the appropriate authentication method because it enables users to authenticate once and gain access to multiple applications without re-entering credentials. This streamlines the login process and enhances user experience while maintaining security. Multifactor Authentication (MFA) increases security by requiring multiple authentication factors but does not allow access to multiple systems without additional logins. Federated Identity Management allows sharing of identity information across different organizations or domains, which may not be applicable here. Biometric Authentication uses unique physical traits for identity verification but doesn't provide access to multiple systems with a single authentication.

A backout plan is crucial when implementing new changes, as it provides a pre-defined procedure for reverting a system back to its original state before the change in the event of a failure. This ensures minimum downtime and preserves system integrity. A maintenance window is a planned time period for changes that might affect system availability, but it doesn't in itself ensure a system can be reverted to a functional state after an unexpected issue. Ownership defines who is in charge, and stakeholder analysis identifies individuals or groups that may be affected by the change, but neither directly guarantee contingency measures for reverting implementations.

Regular compliance audits are the best approach to ensure that an organization is meeting international data protection regulations. Audits provide an objective examination and provide insights into compliance status while identifying areas for improvement.

Isolating the server by placing it in a quarantine network is the most effective immediate action to prevent the propagation of any potentially malicious activity associated with the detected behavior. This preserves the ability to conduct a forensic investigation, while patching might remove important evidence and does not stop ongoing exploitation. Reviewing security logs is an important subsequent step to gather more information about the incident but does not halt current attack vectors. Intensifying surveillance does not directly mitigate an ongoing issue and could delay critical response time.

The statement correctly differentiates load balancing and clustering. Load balancing distributes traffic to optimize resource use and performance, while clustering provides redundancy to ensure high availability.

The initial focus in the event of a security breach should be to limit the damage and prevent further compromise. This is achieved by containing the threat, thereby stopping the incident from affecting additional resources. While documenting the events and notifying appropriate parties are also important, these actions occur after the immediate threat has been controlled to prevent exacerbation of the situation. Analyzing logs is part of the subsequent investigation and not the immediate concern when a breach is in progress.

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept, what happens to the data at the end of the retention period (archive or destroy) and other factors concerning the retention of the data.

The pattern described suggests a reconnaissance action, possibly an attacker performing a directory traversal to uncover hidden files, directories, or exploit potential vulnerabilities. Normal browsing behavior usually involves fewer requests and focuses on typical, user-facing paths. Client-side scripting refers to scripts running in a user's browser, generally not visible on server logs. A misconfigured scheduled task might repeatedly access the same path, not different uncommon ones.