Remote journaling continuously sends log updates to a remote system, ensuring near-real-time backup and an RPO (Recovery Point Objective) under one hour.
Key concepts:
RPO under one hour means minimal data loss.
Remote journaling provides rapid recovery by keeping near-live backups.
Other options:
A (Full disk encryption) protects against unauthorized access but does not aid recovery.
C (Immutable storage) prevents modification but does not ensure real-time backups.
D (RAID 10) improves redundancy but does not help against ransomware.

This scenario describes an attack where the attacker mimics the CEO's voice to deceive the CFO, likely using AI-generated audio. According to the CompTIA SecurityX CAS-005 study guide (Domain 1: Security Strategy and Risk Management, 1.2), a deepfake attack involves using artificial intelligence to create realistic but fake audio, video, or other media to impersonate someone. In this case, the voice similarity suggests a deepfake audio attack, which is a targeted social engineering tactic.
Option A:Smishing involves SMS-based phishing, not voicecalls.
Option C:Automated exploit generation refers to creating software exploits, not impersonation.
Option D:Spear phishing targets specific individuals but typically via email, not voice-based impersonation.
Option B:Deepfake is the most accurate, as it describes AI-driven impersonation of the CEO's voice.
Reference:
CompTIA SecurityX CAS-005 Official Study Guide, Domain 1: Security Strategy and Risk Management, Section 1.2: "Identify advanced social engineering attacks, including deepfakes." CAS-005 Exam Objectives, 1.2: "Analyze the impact of AI-based attacks on security."

Creating a separate network for users who need access to the application is the best action to secure an internal application that is critical to the production area and cannot be updated.
Why Separate Network?
Network Segmentation: Isolates the critical application from the rest of the network, reducing the risk of compromise and limiting the potential impact of any security incidents.
Controlled Access: Ensures that only authorized users have access to the application, enhancing security and reducing the attack surface.
Minimized Risk: Segmentation helps in protecting the application from vulnerabilities that could be exploited from other parts of the network.
Other options, while beneficial, do not provide the same level of security for a critical application:
A . Disallow wireless access: Useful but does not provide comprehensive protection.
B . Deploy intrusion detection capabilities using a network tap: Enhances monitoring but does not provide the same level of isolation and control.
C . Create an acceptable use policy: Important for governance but does not provide technical security controls.
Reference:
CompTIA SecurityX Study Guide
NIST Special Publication 800-125, "Guide to Security for Full Virtualization Technologies"
"Network Segmentation Best Practices," Cisco Documentation

The table shows detailed information about products, includinglocation, chassis manufacturer, OS, application developer, and vendor. This type of information is typically assessed in a supply chain assessment to evaluate the security and reliability of components and services from different suppliers.
Why Supply Chain Assessment?
Component Evaluation: Assessing the origin and security of each component used in the products, including hardware, software, and third-party services.
Risk Management: Identifying potential risks associated with the supply chain, such as vulnerabilities in third-party components or insecure development practices.
Other types of assessments do not align with the detailed supplier and component information provided:
A . System: Focuses on individual system security, not the broader supply chain.
C . Quantitative: Focuses on numerical risk assessments, not supplier information.
D . Organizational: Focuses on internal organizational practices, not external suppliers.
Reference:
CompTIA SecurityX Study Guide
NIST Special Publication 800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations"
"Supply Chain Security Best Practices," Gartner Research

The security engineer should modify the following to fix the email migration issues:
Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record ensures direct pointing to the correct IP.
TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting & Conformance) to include the correct IP address and the email service provider domain.
DMARC: Ensuring the DMARC record is correctly set up helps in preventing email spoofing and phishing, aligning with email security best practices.
Reference:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
RFC 7489: Domain-based Message Authentication, Reporting & Conformance (DMARC) NIST Special Publication 800-45: Guidelines on Electronic Mail Security