CompTIA SY0-701 Practice Test - Questions Answers, Page 23

To perform server hardening before deployment, the administrator should disable default accounts and remove unnecessary services. These steps are crucial to reducing the attack surface and enhancing the security of the server.

Disable default accounts: Default accounts often come with default credentials that are well-known and can be exploited by attackers. Disabling these accounts helps prevent unauthorized access.

Remove unnecessary services: Unnecessary services can introduce vulnerabilities and be exploited by attackers. Removing them reduces the number of potential attack vectors.

Add the server to the asset inventory: Important for tracking and management but not directly related to hardening.

Document default passwords: Documentation is useful, but changing or disabling default passwords is the hardening step.

Send server logs to the SIEM: Useful for monitoring and analysis but not a direct hardening step.

Join the server to the corporate domain: Part of integration into the network but not specific to hardening.

To provide employees with computers that do not have access to the internet and prevent information leaks to an online forum, implementing an air gap would be the best solution. An air gap physically isolates the computer or network from any outside connections, including the internet, ensuring that data cannot be transferred to or from the system.

Air gap: A security measure that isolates a computer or network from the internet or other networks, preventing any form of electronic communication with external systems.

Jump server: A secure server used to access and manage devices in a different security zone, but it does not provide isolation from the internet.

Logical segmentation: Segregates networks using software or network configurations, but it does not guarantee complete isolation from the internet.

Virtualization: Creates virtual instances of systems, which can be isolated, but does not inherently prevent internet access without additional configurations.

Red teams are focused only on trying to compromise an organization using an attacker's tactics. They simulate real-world attacks to test the effectiveness of the organization's security defenses and identify vulnerabilities.

Red team: Acts as adversaries to simulate attacks and find security weaknesses.

White team: Oversees and ensures the rules of engagement are followed during the penetration test.

Purple team: Facilitates collaboration between the red team and the blue team to improve security.

Blue team: Defends against attacks and responds to security incidents.

HTTP headers can be used to mitigate risks associated with Cross-Site Scripting (XSS). Security-related HTTP headers such as Content Security Policy (CSP) and X-XSS-Protection can be configured to prevent the execution of malicious scripts in the context of a web page.

XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. HTTP headers like CSP help prevent XSS attacks by specifying which dynamic resources are allowed to load.

SQLi (SQL Injection): Typically mitigated by using parameterized queries and input validation, not HTTP headers.

DoS (Denial of Service): Mitigated by network and application-level defenses rather than HTTP headers.

SSL (Secure Sockets Layer): Refers to securing communications and is not directly mitigated by HTTP headers; rather, it's implemented using SSL/TLS protocols.

The marketing department setting up its own project management software without informing the appropriate departments is an example of Shadow IT. Shadow IT refers to the use of IT systems, devices, software, applications, and services without explicit approval from the IT department.

Shadow IT: Involves the use of unauthorized systems and applications within an organization, which can lead to security risks and compliance issues.

Insider threat: Refers to threats from individuals within the organization who may intentionally cause harm or misuse their access, but this scenario is more about unauthorized use rather than malicious intent.

Data exfiltration: Involves unauthorized transfer of data out of the organization, which is not the main issue in this scenario.

Service disruption: Refers to interruptions in service availability, which is not directly related to the marketing department's actions.

Deploying a load balancer in the company's cloud environment primarily fulfills the fundamental security requirement of availability. A load balancer distributes incoming network traffic across multiple servers, ensuring that no single server becomes overwhelmed and that the service remains available even if some servers fail.

Availability: Ensures that services and resources are accessible when needed, which is directly supported by load balancing.

Privacy: Protects personal and sensitive information from unauthorized access but is not directly related to load balancing.

Integrity: Ensures that data is accurate and has not been tampered with, but load balancing is not primarily focused on data integrity.

Confidentiality: Ensures that information is accessible only to authorized individuals, which is not the primary concern of load balancing.

The file left by the external vendor, containing detailed architecture information and code snippets, is best described as proprietary data. Proprietary data is information that is owned by a company and is essential to its competitive advantage. It includes sensitive business information such as trade secrets, intellectual property, and confidential data that should be protected from unauthorized access.

Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of data classification and protection.

Password spraying is a type of attack where an attacker tries a small number of commonly used passwords across a large number of accounts. The event logs showing failed login attempts for many user accounts from the same IP address are indicative of a password spraying attack, where the attacker is attempting to gain access by guessing common passwords.

Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management and common attack vectors like password spraying.

Salting is a technique used to enhance the security of hashed passwords by adding a unique, random value (salt) to each password before hashing it. This prevents attackers from easily decrypting passwords using rainbow tables, which are precomputed tables for reversing cryptographic hash functions. Since each password has a unique salt, the same password will produce different hash values, making rainbow table attacks ineffective.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.

CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Hashing Techniques.