CompTIA SY0-701 Practice Test - Questions Answers, Page 19

The CCTV system and signs about the possibility of being filmed serve as both deterrent and detective controls.

Deterrent controls: Aim to discourage potential attackers from attempting unauthorized actions. Posting signs about CCTV serves as a deterrent by warning individuals that their actions are being monitored.

Detective controls: Identify and record unauthorized or suspicious activity. The CCTV system itself functions as a detective control by capturing and recording footage that can be reviewed later.

Preventive controls: Aim to prevent security incidents but are not directly addressed by the CCTV and signs in this context.

Corrective controls: Aim to correct or mitigate the impact of a security incident.

Directive controls: Provide guidelines or instructions but are not directly addressed by the CCTV and signs.

Compensating controls: Provide alternative measures to compensate for the absence or failure of primary controls.

To restrict activity from employees after hours, the systems administrator should implement time-of-day restrictions. This method allows access to network resources to be limited to specific times, ensuring that employees can only access systems during approved working hours. This is an effective part of a defense-in-depth strategy to mitigate risks associated with unauthorized access during off-hours, which could be a time when security monitoring might be less stringent.

Time-of-day restrictions: These control access based on the time of day, preventing users from logging in or accessing certain systems outside of designated hours.

Role-based restrictions: Control access based on a user's role within the organization.

Attribute-based restrictions: Use various attributes (such as location, department, or project) to determine access rights.

Mandatory restrictions: Typically refer to non-discretionary access controls, such as those based on government or organizational policy.

For an organization that wants to protect its intellectual property, adding insider threat detection to the security awareness training program would be most beneficial. Insider threats can be particularly dangerous because they come from trusted individuals within the organization who have legitimate access to sensitive information.

Insider threat detection: Focuses on identifying and mitigating threats from within the organization, including employees, contractors, or business partners who might misuse their access.

Simulated threats: Often used for testing security measures and training, but not specifically focused on protecting intellectual property.

Phishing awareness: Important for overall security but more focused on preventing external attacks rather than internal threats.

Business continuity planning: Ensures the organization can continue operations during and after a disruption but does not directly address protecting intellectual property from insider threats.

To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators:

Requirements:

Most secure algorithms should be selected.

All traffic should be encrypted over the VPN.

A secret password will be used to authenticate the two VPN concentrators.

VPN Concentrator 1 Configuration:

Phase 1:

Peer IP address: 5.5.5.10 (The IP address of VPN Concentrator 2)

Auth method: PSK (Pre-Shared Key)

Negotiation mode: MAIN

Encryption algorithm: AES256

Hash algorithm: SHA256

DH key group: 14

Phase 2:

Mode: Tunnel

Protocol: ESP (Encapsulating Security Payload)

Encryption algorithm: AES256

Hash algorithm: SHA256

Local network/mask: 192.168.1.0/24

Remote network/mask: 192.168.2.0/24

VPN Concentrator 2 Configuration:

Phase 1:

Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1)

Auth method: PSK (Pre-Shared Key)

Negotiation mode: MAIN

Encryption algorithm: AES256

Hash algorithm: SHA256

DH key group: 14

Phase 2:

Mode: Tunnel

Protocol: ESP (Encapsulating Security Payload)

Encryption algorithm: AES256

Hash algorithm: SHA256

Local network/mask: 192.168.2.0/24

Remote network/mask: 192.168.1.0/24

Summary:

Peer IP Address: Set to the IP address of the remote VPN concentrator.

Auth Method: PSK for using a pre-shared key.

Negotiation Mode: MAIN for the initial setup.

Encryption Algorithm: AES256, which is a strong and secure algorithm.

Hash Algorithm: SHA256, which provides strong hashing.

DH Key Group: 14 for strong Diffie-Hellman key exchange.

Phase 2 Protocol: ESP for encryption and integrity.

Local and Remote Networks: Properly configure the local and remote network addresses to match each branch office subnet.

By configuring these settings on both VPN concentrators, the site-to-site VPN will meet the requirements for strong security algorithms, encryption of all traffic, and authentication using a pre-shared key.

The installation of a RADIUS server (Remote Authentication Dial-In User Service) is primarily associated with the security concept of AAA, which stands for Authentication, Authorization, and Accounting. RADIUS servers are used to manage user credentials and permissions centrally, ensuring that only authenticated and authorized users can access network resources, and tracking user activity for accounting purposes.

Authentication: Verifies the identity of a user or device. When a user tries to access a network, the RADIUS server checks their credentials (username and password) against a database.

Authorization: Determines what an authenticated user is allowed to do. After authentication, the RADIUS server grants permissions based on predefined policies.

Accounting: Tracks the consumption of network resources by users. This involves logging session details such as the duration of connections and the amount of data transferred.

To verify the integrity of downloaded files, a software developer should post hashes on the website. A hash is a fixed-length string or number generated from input data, such as a file. When users download the application files, they can generate their own hash from the downloaded files and compare it with the hash provided by the developer. If the hashes match, it confirms that the files have not been altered or corrupted during the download process.

Hashes: Ensure data integrity by allowing users to verify that the downloaded files are identical to the original ones. Common hashing algorithms include MD5, SHA-1, and SHA-256.

Certificates and Algorithms: Are more related to ensuring authenticity and securing communications rather than verifying file integrity.

Salting: Is a technique used in hashing passwords to add an additional layer of security, not for verifying file integrity.

Given the scenario where an Intrusion Detection System (IDS) has detected a high rate of SQL injection attacks and the perimeter firewall is at capacity, the best action would be to set the appliance to Intrusion Prevention System (IPS) mode and place it in front of the company firewall. This approach has several benefits:

Intrusion Prevention System (IPS): Unlike IDS, which only detects and alerts on malicious activity, IPS can actively block and prevent those activities. Placing an IPS in front of the firewall means it can filter out malicious traffic before it reaches the firewall, reducing the load on the firewall and enhancing overall security.

Reducing Traffic Load: By blocking SQL injection attacks and other malicious traffic before it reaches the firewall, the IPS helps maintain the firewall's performance and prevents it from becoming a bottleneck.

Enhanced Security: The IPS provides an additional layer of defense, identifying and mitigating threats in real-time.

Option B (Convert the firewall to a WAF and use IPSec tunnels) would not address the primary issue of reducing traffic to the firewall effectively. Option C (Set the firewall to fail open) would compromise security. Option D (Deep packet inspection) could be resource-intensive and might not alleviate the firewall capacity issue effectively.

Mean time to repair (MTTR) describes the time needed to resolve a hardware issue with a server. MTTR is a key metric in risk management and maintenance that measures the average time required to repair a failed component or system and restore it to operational status.

Recovery point objective (RPO): Defines the maximum acceptable amount of data loss measured in time. It is the point in time to which data must be restored after a disaster.

Mean time between failures (MTBF): Measures the average time between failures of a system or component, indicating reliability.

Recovery time objective (RTO): Defines the maximum acceptable length of time to restore a system after a disaster or disruption.

Mean time to repair (MTTR): Measures the average time required to repair a failed component or system.

The organization should implement a retention policy to ensure that financial data records are kept for three years and customer data for five years. A retention policy specifies how long different types of data should be maintained and when they should be deleted.

Retention: Ensures that data is kept for a specific period to comply with legal, regulatory, or business requirements.

Destruction: Involves securely deleting data that is no longer needed, which is part of the retention lifecycle but not the primary focus here.

Inventory: Involves keeping track of data assets, not specifically about how long to retain data.

Certification: Ensures that processes and systems meet certain standards, not directly related to data retention periods.