CompTIA Security+ (SY0-701) Exam 3 Revision Flashcards
A user notices an advertisement for a popular software at a significantly reduced price on a new website. After purchasing the software, they receive a download link that installs malware on their computer. This incident is an example of what kind of attack?
Typosquatting
Pretexting
Watering hole
Brand impersonation
This situation illustrates brand impersonation, where attackers create fake advertisements or websites that mimic legitimate products or services to deceive users. In this case, the attackers used the reputation of popular software to lure individuals into purchasing from a malicious website, leading to malware installation. Unlike a watering hole attack, which targets users through compromised websites they normally visit, pretexting, which involves creating a false scenario, or typosquatting, which focuses on domain name misspellings, brand impersonation directly exploits the trust in a well-known brand.
For hardening a company’s mobile devices, what is the most effective strategy?
Installing a third-party app store
Disabling Bluetooth and NFC.
Implementing a MDM solution.
Enforcing screen lock with biometrics
Implementing a Mobile Device Management (MDM) solution provides comprehensive control over mobile devices, allowing for the enforcement of security policies, application management, and remote wiping capabilities. While enforcing screen locks with biometrics and disabling Bluetooth and NFC can improve security, these measures are less comprehensive than an MDM solution. Installing a third-party app store could introduce security risks.
What is a significant security concern when using decentralized networks, such as blockchain, compared to centralized networks?
Decentralized networks inherently offer less data privacy.
Centralized networks are easier to update with new security measures.
The immutability of transactions can lead to irreversible data breaches.
They require more energy to operate efficiently.
A significant security concern when using decentralized networks, like blockchain, is the immutability of transactions. Once data has been recorded in a decentralized system, it cannot be altered or erased. This feature, while providing transparency and security against tampering, also means that if sensitive data is inadvertently or maliciously entered into the blockchain, it becomes permanently accessible, leading to potential privacy issues and irreversible data breaches.
What is the primary advantage of offsite backups compared to onsite backups in disaster recovery planning?
Lower costs
Immediate accessibility
Higher data transfer speeds
Protection from local disasters
Offsite backups offer protection from local disasters affecting the primary site, unlike onsite backups which are vulnerable to the same physical threats, making them a key component of comprehensive disaster recovery planning, despite potentially higher costs and lower data transfer speeds compared to local backups.
What is the role of a WO in managing ongoing vendor services?
To provide ongoing authorization for routine services and define specific tasks
To establish the overall strategic direction of the partnership
To serve as a formal record of completed work for billing purposes only
To act as a binding agreement for a single, one-off project
The role of a Work Order (WO) in managing ongoing vendor services is to provide ongoing authorization for routine services and define specific tasks, deliverables, timelines, and sometimes the payment for those services. WOs are crucial for managing and documenting the specifics of each task or project within the framework of a broader agreement, ensuring clarity and accountability on deliverables. Unlike serving merely as a billing record or a strategic document, WOs focus on the operational aspects of the vendor-client relationship.
An attacker exploits a vulnerability in a smartphone’s operating system that allows them to remotely install spyware without the user’s knowledge. This attack is an example of what kind of vulnerability?
Misconfiguration
Mobile device
Zero-day
Firmware
This situation likely involves a zero-day vulnerability within the smartphone’s operating system, which was previously unknown and therefore unpatched by the time of the attack. While it affects a mobile device, the term “mobile device” is too broad and does not specify the nature of the vulnerability; misconfiguration implies incorrect settings by the user; and firmware typically refers to lower-level software, not necessarily the entire operating system. Zero-day vulnerabilities represent a unique category where the exploit occurs before the vulnerability is known to the software developers or the public.
A company’s security audit reveals that several mobile devices used for business purposes have been jailbroken, allowing unauthorized software and potential security threats. This situation represents what kind of vulnerability?
Mobile device - Side loading
Mobile device - Jailbreaking
Hardware
Misconfiguration
This scenario highlights a jailbreaking vulnerability, where users remove software restrictions on mobile devices, potentially exposing them to security risks. This is different from side loading, which involves installing apps from unofficial sources without bypassing security restrictions, misconfiguration, which involves incorrect settings, or hardware vulnerabilities, which are physical defects or weaknesses.
An organization implements a system where employees’ access to information is determined by their job role within the company, restricting access to sensitive data to authorized personnel only. This is an example of which authorization model?
DAC
ABAC
RBAC
MAC
Role-Based Access Control (RBAC) is an authorization model where access rights are based on the roles of individual users within an organization. This approach simplifies management of user permissions since access can be controlled based on job roles, making it easier to enforce the principle of least privilege. RBAC is different from Mandatory Access Control (MAC), which is based on policy rules and classifications, Discretionary Access Control (DAC), where the data owner decides on access, and Attribute-Based Access Control (ABAC), which uses policies that evaluate attributes (user, resource, environment) to make decisions.
An organization decides to document all its security procedures, including response protocols for different types of security incidents. Which category of control does this documentation belong to?
Physical
Managerial
Operational
Technical
Documenting security procedures, including incident response protocols, falls under managerial controls. Managerial controls involve the policies, procedures, and guidelines that dictate how the organization manages and protects its information assets. This includes the documentation of security procedures to ensure a standardized and informed response to incidents. Unlike technical controls, which focus on technology-based security measures, or operational controls, which are the execution of these measures, managerial controls deal with the overarching management and strategic framework for security within the organization.
When implementing a new system, which change management procedure ensures minimal impact on current operations?
Comprehensive system testing before implementation
User training sessions after implementation
Immediate full-scale implementation
Feedback collection from a pilot group before full-scale implementation
Feedback collection from a pilot group before full-scale implementation ensures that any issues can be identified and addressed in a controlled environment, minimizing the impact on current operations when the system is fully implemented. While testing and user training are important, they do not offer the same real-world insights as a pilot, and immediate full-scale implementation carries significant risk.
When analyzing firewall logs to identify potential malicious activity, which of the following would be the MOST indicative of an attack?
High volumes of allowed inbound traffic during off-peak hours
Repeated failed login attempts from a single external IP address
Consistent traffic flow with known external partners
Occasional spikes in outbound traffic to various destinations
Repeated failed login attempts from a single external IP address suggest a brute force attack aiming to gain unauthorized access. High volumes of inbound traffic could be concerning but aren’t necessarily indicative of an attack without further context. Consistent traffic with known partners is expected in normal business operations. Occasional spikes in outbound traffic could be a concern for data exfiltration but would require more context to be deemed malicious.
A company has decided to evaluate its security posture to ensure it aligns with specific industry regulations. Which type of audit is most appropriate for this scenario?
Internal Audit Committee
External Regulatory Audit
Attestation
Internal Self-Assessment
External regulatory audits are the most appropriate choice for companies looking to ensure compliance with industry regulations. These audits are conducted by external entities and are specifically designed to assess whether a company’s practices align with legal and regulatory requirements. Internal self-assessments, attestations, and internal audit committees, while useful for other purposes, do not provide the same level of authoritative assessment against industry regulations that an external regulatory audit does.
For cybersecurity training, which method uses a controlled environment to replicate potential security breaches, allowing IT professionals to practice their response?
Failover
Tabletop exercises
Simulation
Journaling
Simulations use a controlled environment to replicate security breaches, enabling IT professionals to practice responses, which is more interactive and realistic than tabletop exercises that are discussion-based, journaling that involves keeping records of changes, and failover which is a redundancy mechanism.
An organization is assessing its compliance with the HIPAA. Which role is crucial for ensuring that health information is processed, stored, and transmitted in a manner that complies with HIPAA’s requirements?
Data Processor
HIPAA Compliance Officer
Data Custodian
IT Support Specialist
The HIPAA Compliance Officer plays a crucial role in ensuring that health information is processed, stored, and transmitted in compliance with HIPAA’s requirements. This role is specifically focused on understanding HIPAA regulations, implementing policies and procedures to meet those requirements, and ensuring that all parts of the organization comply. While data processors, data custodians, and IT support specialists all have roles in handling and protecting data, the HIPAA Compliance Officer is specifically tasked with oversight and compliance regarding HIPAA regulations.
A security analyst is assessing the network of a small business and notices an unusually high amount of traffic on port 23. What is the most likely reason for this observation?
The network is experiencing a DDoS attack
Telnet is being used, which is not secure.
The firewall is misconfigured.
An internal device is downloading updates
The use of Telnet, which operates on port 23, is likely the reason for the high traffic observed. Telnet transmits data in plain text, making it insecure for transmitting sensitive information. This method is less secure compared to encrypted alternatives like SSH, which reduces the risk of data interception and unauthorized access.
