Surprising security+ sy0-401 study guide pdf

The actual examinees that read the Actualtests CompTIA SY0-401 dumps are success associated with extremely certified professors, residing an excellent existence. Actualtests may be devoted to help make your future secure and start the CompTIA SY0-401 CompTIA Security+ Certification examination formulations by the latest updated Actualtests checks SY0-401 test engine. The goals will come correct by start the SY0-401 vce for CompTIA Security+ Certification examination through Actualtests CompTIA research guides only. You wont in a position to stand out your talent inside the initial endeavor associated with SY0-401 test if you are using a other path compared to CompTIA. CompTIA CompTIA SY0-401 pdf file will give you brilliance thus making you adequate confident in your entire existence.

2016 Jun pass4sure security+ sy0-401:

Q11. Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue? 

A. Enabling time of day restrictions 

B. Disabling unnecessary services 

C. Disabling unnecessary accounts 

D. Rogue machine detection 

Answer: C 

Explanation: 


Q12. The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types? 

A. Two-factor authentication 

B. Single sign-on 

C. Multifactor authentication 

D. Single factor authentication 

Answer: D 

Explanation: 

Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know. 


Q13. Which of the following concepts is used by digital signatures to ensure integrity of the data? 

A. Non-repudiation 

B. Hashing 

C. Transport encryption 

D. Key escrow 

Answer: B 

Explanation: 

Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. 


Q14. Which of the following application attacks is used to gain access to SEH? 

A. Cookie stealing 

B. Buffer overflow 

C. Directory traversal 

D. XML injection 

Answer: B 

Explanation: 

Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q15. Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete? 

A. Succession planning 

B. Disaster recovery 

C. Separation of duty 

D. Removing single loss expectancy 

Answer: A 

Explanation: 

Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions. 


SY0-401  exam

Up to the immediate present security+ sy0-401 vce:

Q16. Identifying a list of all approved software on a system is a step in which of the following practices? 

A. Passively testing security controls 

B. Application hardening 

C. Host software baselining 

D. Client-side targeting 

Answer: C 

Explanation: 

Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained. 


Q17. Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise? 

A. Vulnerability scanning 

B. Port scanning 

C. Penetration testing 

D. Black box 

Answer: A 

Explanation: 

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 


Q18. During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. 

Which of the following is MOST likely to protect the SCADA systems from misuse? 

A. Update anti-virus definitions on SCADA systems 

B. Audit accounts on the SCADA systems 

C. Install a firewall on the SCADA network 

D. Deploy NIPS at the edge of the SCADA network 

Answer: D 

Explanation: 

A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial processes. A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and responding to network-based attacks originating from outside the organization. 


Q19. A certificate authority takes which of the following actions in PKI? 

A. Signs and verifies all infrastructure messages 

B. Issues and signs all private keys 

C. Publishes key escrow lists to CRLs 

D. Issues and signs all root certificates 

Answer: D 

Explanation: 

A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is part of a public key infrastructure (PKI) scheme. The most common commercial variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA). Note: In cryptography and computer security, a root certificate is an unsigned public key certificate (also called self-signed certificate) that identifies the Root Certificate Authority (CA). 


Q20. The act of magnetically erasing all of the data on a disk is known as: 

A. Wiping 

B. Dissolution 

C. Scrubbing 

D. Degaussing 

Answer: D 

Explanation: 

Degaussing is a form a data wiping that entails the use of magnets to alter the magnetic structure of the storage medium. 



see more SY0-401 dumps