CompTIA SY0-701 Practice Test - Questions Answers, Page 21

When implementing a product that offers protection against Distributed Denial of Service (DDoS) attacks, the security concept being followed is availability. DDoS protection ensures that systems and services remain accessible to legitimate users even under attack, maintaining the availability of network resources.

Availability: Ensures that systems and services are accessible when needed, which is directly addressed by DDoS protection.

Non-repudiation: Ensures that actions or transactions cannot be denied by the involved parties, typically achieved through logging and digital signatures.

Integrity: Ensures that data is accurate and has not been tampered with.

Confidentiality: Ensures that information is accessible only to authorized individuals.

Reviewing the source code of an application to identify misconfigurations and vulnerabilities is best described as static analysis. Static analysis involves examining the code without executing the program. It focuses on finding potential security issues, coding errors, and vulnerabilities by analyzing the code itself.

Static analysis: Analyzes the source code or compiled code for vulnerabilities without executing the program.

Dynamic analysis: Involves testing and evaluating the program while it is running to identify vulnerabilities.

Gap analysis: Identifies differences between the current state and desired state, often used for compliance or process improvement.

Impact analysis: Assesses the potential effects of changes in a system or process.

When a company is developing a critical system for the government and storing project information on a fileshare, the data will most likely be classified as Confidential and Restricted.

Confidential: Indicates that the data is sensitive and access is limited to authorized individuals. This classification is typically used for information that could cause harm if disclosed.

Restricted: Indicates that access to the data is highly controlled and limited to those with a specific need to know. This classification is often used for highly sensitive information that requires stringent protection measures.

Private: Generally refers to personal information that is not meant to be publicly accessible.

Public: Information that is intended for public access and does not require protection.

Operational: Relates to day-to-day operations, but not necessarily to data classification.

Urgent: Refers to the priority of action rather than data classification.

To detect an employee who is emailing a customer list to a personal account before leaving the company, a Data Loss Prevention (DLP) system would be used. DLP systems are designed to detect and prevent unauthorized transmission of sensitive data.

DLP (Data Loss Prevention): Monitors and controls data transfers to ensure sensitive information is not sent to unauthorized recipients.

FIM (File Integrity Monitoring): Monitors changes to files to detect unauthorized modifications.

IDS (Intrusion Detection System): Monitors network traffic for suspicious activity but does not specifically prevent data leakage.

EDR (Endpoint Detection and Response): Monitors and responds to threats on endpoints but is not specifically focused on data leakage.

The most likely access control causing the lack of access is role-based access control (RBAC). In RBAC, access to resources is determined by the roles assigned to users. Since the engineer's account was not moved to the new group's role, the engineer does not have the necessary permissions to access the new team's shared folders.

Role-based access control (RBAC): Assigns permissions based on the user's role within the organization. If the engineer's role does not include the new group's permissions, access will be denied.

Discretionary access control (DAC): Access is based on the discretion of the data owner, but it is not typically related to group membership changes.

Time of day: Restricts access based on the time but does not affect group memberships.

Least privilege: Ensures users have the minimum necessary permissions, but the issue here is about group membership, not the principle of least privilege.

To minimize the impact of the increasing number of various traffic types during attacks, a security engineer is most likely to configure behavioral-based rules on a Next-Generation Firewall (NGFW). Behavioral-based rules analyze the behavior of traffic patterns and can detect and block unusual or malicious activity that deviates from normal behavior.

Behavioral-based: Detects anomalies by comparing current traffic behavior to known good behavior, making it effective against various traffic types during attacks.

Signature-based: Relies on known patterns of known threats, which might not be as effective against new or varied attack types.

URL-based: Controls access to websites based on URL categories but is not specifically aimed at handling diverse traffic types during attacks.

Agent-based: Typically involves software agents on endpoints to monitor and enforce policies, not directly related to NGFW rules.

The vulnerability likely present in the application that is storing data using MD5 is a cryptographic vulnerability. MD5 is considered to be a weak hashing algorithm due to its susceptibility to collision attacks, where two different inputs produce the same hash output, compromising data integrity and security.

Cryptographic: Refers to vulnerabilities in cryptographic algorithms or implementations, such as the weaknesses in MD5.

Malicious update: Refers to the intentional injection of harmful updates, not related to the use of MD5.

Zero day: Refers to previously unknown vulnerabilities for which no patch is available, not specifically related to MD5.

Side loading: Involves installing software from unofficial sources, not directly related to the use of MD5.

For a company located in an area prone to hurricanes and needing to immediately continue operations, the best type of site is a hot site. A hot site is a fully operational offsite data center that is equipped with hardware, software, and network connectivity and is ready to take over operations with minimal downtime.

Hot site: Fully operational and can take over business operations almost immediately after a disaster.

Cold site: A basic site with infrastructure in place but without hardware or data, requiring significant time to become operational.

Tertiary site: Not a standard term in disaster recovery; it usually refers to an additional backup location but lacks the specifics of readiness.

Warm site: Equipped with hardware and connectivity but requires some time and effort to become fully operational, not as immediate as a hot site.

When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical. In this case, segmenting the legacy server into a private network serves as a compensating control to protect it from potential vulnerabilities that cannot be mitigated directly.

Compensating: Provides an alternative method to achieve the desired security outcome when the primary control is not possible.

Deterrent: Aims to discourage potential attackers but does not directly address segmentation.

Corrective: Used to correct or mitigate the impact of an incident after it has occurred.

Preventive: Aims to prevent security incidents but is not specific to the context of segmentation.