CompTIA Security+ Practice Test of the Day 260324

A security operations manager at a healthcare organization is working to reduce the time it takes to grant new employees access to the systems they need to perform their jobs. Currently, the onboarding process requires a help desk ticket to be manually reviewed, an IT administrator to create accounts in Active Directory, a second administrator to assign the appropriate group memberships, and a third team to provision access to the EHR platform — a process that takes an average of three business days per new hire. The manager wants to implement a solution that automatically creates user accounts, assigns role-based group memberships, and provisions application access as soon as HR marks an employee as active in the HRIS. Which automation use case is the manager describing?

A cloud security architect at a financial services company is concerned that developers frequently deploy cloud resources with overly permissive configurations — such as publicly accessible storage buckets, unrestricted inbound security group rules, and unencrypted storage volumes. The security team has attempted to address the problem through training and policy documentation, but developers continue to deploy misconfigured resources under deadline pressure. The architect proposes implementing automated policy checks that detect and block non-compliant configurations before they are deployed to the production cloud environment, without requiring any manual security team intervention. In the context of automation and scripting for secure operations, what is this type of preventive enforcement mechanism commonly called?

A DevSecOps engineer at a software company is redesigning the code delivery pipeline to incorporate security checks directly into the development workflow. Developers commit code to the repository dozens of times per day, and the team wants to ensure that each commit is automatically scanned for known vulnerabilities, insecure coding patterns, and third-party dependency risks before the code reaches the production environment. The engineer configures static code analysis, dependency scanning, and security unit tests to execute automatically on every push to the repository — failing the build and alerting the developer if any checks fail. Which automation use case is the DevSecOps engineer implementing?

The security team at a mid-sized enterprise recently discovered that several Windows servers were running with local firewall rules disabled, outdated antivirus signatures, and non-standard registry configurations — all deviating from the organization's approved security baseline. The servers had drifted from the baseline over time due to undocumented manual changes made by various administrators across different teams. The CISO wants to implement an automation solution that continuously compares server configurations against the approved baseline and automatically remediates any deviations without requiring a manual ticket or change request. Which benefit of automation and orchestration is the CISO primarily seeking to achieve?

An analyst in a SOC at a large retail company notices that the average time between a high-severity alert firing in the SIEM and when an analyst begins active investigation is approximately 45 minutes, due to manual triage steps and ticket assignment processes. During a recent simulated adversary exercise, the red team demonstrated that an attacker moving laterally through the environment had enough time to reach critical payment processing systems before any containment action was initiated. The security manager proposes implementing automated orchestration that triggers containment workflows — such as isolating an endpoint, blocking a source IP, or disabling a compromised account — immediately upon detection of a qualifying high-severity alert. Which benefit of automation and orchestration does this proposal most directly address?

A security architect at a telecommunications company is evaluating a proposal to centralize all incident response workflows, patch deployment processes, and access control enforcement through a single automation platform. The platform would serve as the hub for every automated security action across the enterprise. A senior engineer raises a concern: if the platform itself experiences an outage due to a software bug, hardware failure, or scheduled maintenance, the organization would simultaneously lose the ability to respond to security incidents, deploy critical patches, and enforce access policies until the platform is restored. The senior engineer recommends designing redundancy into the automation architecture to address this risk. Which consideration about automation and orchestration is the senior engineer describing?

A security operations team at an insurance company has spent three years building a library of custom automation scripts that handle vulnerability scanning workflows, log aggregation pipelines, and alert triage routing. The scripts were developed rapidly to meet operational needs and were never formally documented, peer reviewed, or standardized. Several of the engineers who originally wrote the scripts have since left the organization. When the company recently migrated to a new SIEM platform, the team discovered that extensive rewriting was required across dozens of interdependent scripts — consuming far more time and resources than the original automation had saved. Management is now questioning whether the automation program is generating a net cost rather than a net benefit. Which consideration about automation and orchestration does this scenario illustrate?

The CISO of a regional bank is presenting a business case to the board for expanding the organization's security automation program. The bank's security team consists of only eight analysts who are responsible for monitoring over 5,000 endpoints, correlating thousands of daily log events, managing access controls for more than 2,000 users, and responding to incidents around the clock. The CISO explains that by automating routine tasks such as alert triage, access provisioning, log normalization, and threat indicator lookups, the team of eight will be capable of handling a volume of work that would otherwise require a security team three times its current size. Which benefit of automation and orchestration is the CISO describing?

A security administrator at a large law firm is responsible for ensuring that terminated employees lose access to firm systems immediately upon separation. The current offboarding process requires HR to send a manual email notification to IT, which then must disable Active Directory accounts, revoke VPN certificates, remove the user from email distribution lists, and deprovision access to the document management system — a process that routinely takes up to 24 hours to complete. The firm recently experienced an incident in which a departing employee accessed confidential client matter files during the gap between their termination and the completion of manual deprovisioning. Which automation use case would MOST directly address this security risk?

A security engineer at a manufacturing company has been tasked with integrating the organization's next-generation firewall, EDR platform, identity governance tool, vulnerability scanner, and ticketing system into a unified automation framework. As the project progresses, the team discovers that each system uses a different API authentication mechanism, data schema, and webhook format. Every time one vendor releases an update, the integration breaks and requires custom remediation work. The team lead warns that the organization now needs personnel who understand not just each individual tool but the intricate web of dependencies connecting them — and that adding more tools will make the situation exponentially harder to manage. Which consideration about automation and orchestration is the team lead highlighting?