CompTIA Security+ New

Why is enforcing baselines critical when automating system security?

It ensures systems maintain a standard secure configuration, reducing vulnerabilities and aiding automation efficiency.

How can scripting improve onboarding processes in terms of system access?

It automates account creation, default passwords, and role-based access rights for new employees.

What is the primary purpose of baselines in security operations?

To standardize system configurations and maintain security consistency, not to eliminate monitoring.

What is a practical benefit of maintaining a known secure state across all systems?

It allows automated tasks to run reliably and reduces the chance of configuration drift-related incidents.

How does enforcing baselines impact incident response automation?

It helps automation tools work efficiently, but human intervention is still needed for decision-making.

What is the term for formally confirming that compliance reports are accurate and complete?

Attestation

Which concept defines the maximum risk a company is willing to take before acting?

Risk threshold

How is an organization's predetermined acceptable risk exposure described?

Risk tolerance

What does "national legal implications" refer to in data security?

Country-level laws regulating how personal data is collected, stored, and processed

Which SDLC principle ensures security is considered throughout software development?

Security integration across all SDLC phases, from design to maintenance

What is a major security concern for SCADA systems in industrial settings?

Limited ability to apply security updates regularly

Which network device type actively evaluates traffic and enforces policies on packets?

Inline device

At which OSI layer does a firewall filter traffic based on port numbers and IP addresses?

Layer 4 (Transport Layer)

What characteristic of a cloud architecture allows quick recovery from failures?

Resilience

What type of system manages and monitors industrial operations and sensor data, requiring special security attention?

SCADA system

Which cryptographic process allows two parties to securely establish a shared secret?

Key exchange

Which type of security control involves management-level evaluation of risks?

Managerial control (e.g., risk assessments)

What mathematical property underlies RSA public key cryptography?

Trapdoor function

Which key should a client use to encrypt a message so only the intended recipient can decrypt it?

Public key

Which TCP port is default for Microsoft SQL Server and should be secured against unauthorized queries?

Port 1433 (1)

If left open, which port could allow unauthorized database access?

Port 1433