CompTIA SY0-601 Practice Test - Questions Answers, Page 58

A service level agreement (SLA) defines response time, escalation points, and performance metrics.

An SLA is a contract between a service provider and a customer that specifies the level and quality of service that will be delivered. An SLA typically includes metrics such as availability, reliability, throughput, latency, security, etc., as well as penalties or remedies for failing to meet them. An SLA also defines how issues will be reported and resolved, how often reviews will be conducted, and how changes will be communicated.

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation best describes a risk reduction technique.

Risk reduction is a strategy that aims to lower the likelihood or impact of a risk by implementing controls or mitigations. For example, if a technical control is not feasible or cost-effective, a company can reduce the risk by educating users on how to avoid or handle the threat, such as using strong passwords, avoiding phishing emails, or reporting incidents.

The security engineer is an example of a data custodian. A data custodian is a person who is responsible for implementing and maintaining the security controls for the data, such as encryption, backup, access control, etc. A data custodian acts on behalf of the data owner, who is the person who has the authority and accountability for the data. A data controller is a person who determines the purposes and means of processing the data, such as a company or an organization. A data processor is a person who processes the data on behalf of the data controller, such as a service provider or a vendor1.

The attacker is most likely attempting a watering-hole attack. A watering-hole attack is a type of attack that targets a specific group of users by compromising a website that they frequently visit. The attacker then installs malware on the website that infects the visitors' devices or redirects them to malicious sites. The attacker hopes to gain access to the users' credentials, data, or networks by exploiting their trust in the legitimate website2.

A cloud access security broker (CASB) is a security solution that enforces access policies for cloud resources and applications, providing visibility, data control and analytics. A CASB can meet the requirements of the company by offering the following benefits:

Visibility into how teams are using cloud-based services, such as shadow IT assessment and management, granular cloud usage control, and risk visibility.

Ability to identify when data related to payment cards is being sent to the cloud, such as data loss prevention (DLP) capabilities that can protect sensitive information and prevent unauthorized sharing.

Data availability regardless of the end user's geographic location, such as inter-Region peering encryption on the AWS global private network or other cloud platforms.

Single pane-of-glass view into traffic and trends, such as central policy engine, continuous monitoring, and threat prevention. Reference: What Is a Cloud Access Security Broker (CASB)? | Microsoft; Top 10 Cloud Access Security Broker (CASB) Solutions for 2023; Definition of Cloud Access Security Brokers (CASBs) - Gartner

A transit gateway is a network transit hub that can be used to interconnect virtual private clouds (VPCs) and on-premises networks. A transit gateway can consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall by offering the following features:

Attachments that can connect one or more VPCs, a Connect SD-WAN/third-party network appliance, an AWS Direct Connect gateway, a peering connection with another transit gateway, or a VPN connection to a transit gateway.

Transit gateway route table that can include dynamic and static routes that decide the next hop based on the destination IP address of the packet.

Associations and route propagation that can link each attachment with a route table and dynamically propagate routes to or from a transit gateway route table. Reference: What is a transit gateway? -Amazon VPC; Network Gateway – AWS Transit Gateway – Amazon Web Services; Configure VPN gateway transit for virtual network peering; AWS — Difference between VPC Peering and Transit Gateway

An insider threat is a threat to an organization that comes from negligent or malicious insiders, such as employees, former employees, contractors, third-party vendors, or business partners, who have inside information about cybersecurity practices, sensitive data, and computer systems. The action described in the question is an example of a malicious insider threat, where an employee intentionally misused their authorized access to harm the organization by stealing customer records and diverting funds to their personal bank account. Reference: What Is an Insider Threat? Definition, Types, and Prevention - Fortinet; What are insider threats? | IBM; What Is an Insider Threat?

Definition, Examples, and Mitigations; Insider Threat Mitigation | Cybersecurity and Infrastructure …

- CISA

Residual risk is the risk that remains after applying risk mitigation measures, such as controls, policies, or procedures. It reflects the level of uncertainty and potential impact that cannot be completely eliminated by risk management efforts. Residual risk is calculated by subtracting the risk reduction from the inherent risk, or by multiplying the inherent risk by the risk control effectiveness.

Residual risk should be compared to the acceptable level of risk to determine if further action is needed or if the risk can be accepted by the management. Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 10: Summarizing Risk Management Concepts, page 456; Residual risk - Wikipedia; Residual risk definition and why it's important - Advisera

Impossible travel time is an anomaly detection that indicates a possible compromise of a user account. It occurs when the same user connects from two different countries and the time between those connections is shorter than the time it would take to travel from the first location to the second by conventional means. This suggests that a different user is using the same credentials or that a proxy or VPN is being used to mask the true location. The log activity shows that the user connected from two different IP addresses in different countries (US and Brazil) within a span of 37 minutes, which is impossible to achieve by normal travel. Reference: Detecting and Remediating Impossible Travel - Microsoft Community Hub; Anomaly detection policies - Microsoft Defender for Cloud Apps; Understanding Microsoft 365 Impossible Travel Rules | Blumira