Proper study guides for Latest CompTIA CompTIA Security+ Certification certified begins with CompTIA comptia security+ sy0 401 preparation products which designed to deliver the Simulation sy0 401 practice test questions by making you pass the comptia sy0 401 test at your first time. Try the free sy0 401 vce demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q561. A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are:
(1)
reduce the number of public IP addresses in use by the web servers
(2)
drive all the web traffic through a central point of control
(3)
mitigate automated attacks that are based on IP address scanning
Which of the following would meet all three goals?
A. Firewall
B. Load balancer
C. URL filter
D. Reverse proxy
Answer: D
Explanation:
Q562. Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT?
A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.
B. Tell the application development manager to code the application to adhere to the company’s password policy.
C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.
D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.
Answer: B
Explanation:
Since the application is violating the security policy it should be coded differently to comply with the password policy.
Q563. When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?
A. Network based
B. IDS
C. Signature based
D. Host based
Answer: C
Explanation:
A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.
Q564. Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning
Answer: D
Explanation:
Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
Q565. Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?
A. Hardware integrity
B. Data confidentiality
C. Availability of servers
D. Integrity of data
Answer: B
Explanation:
Data that is not kept separate or segregated will impact on that data’s confidentiality maybe being compromised. Be aware of the fact that your data is only as safe as the data with which it is integrated. For example, assume that your client database is hosted on a server that another company is also using to test an application that they are creating. If their application obtains root-level access at some point (such as to change passwords) and crashes at that point, then the user running the application could be left with root permissions and conceivably be to access data on the server for which they are not authorized, such as your client database. Data segregation is crucial; keep your data on secure servers.
Q566. A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?
A. Malicious insider threat
B. Zero-day
C. Client-side attack
D. Malicious add-on
Answer: B
Explanation:
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. In this question, there are no patches are available to mitigate the vulnerability. This is therefore a zero-day vulnerability.
Q567. Which of the following statements is MOST likely to be included in the security awareness training about P2P?
A. P2P is always used to download copyrighted material.
B. P2P can be used to improve computer system response.
C. P2P may prevent viruses from entering the network.
D. P2P may cause excessive network bandwidth.
Answer: D
Explanation:
P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network.
Q568. Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:
A. Redundant systems.
B. Separation of duties.
C. Layered security.
D. Application control.
Answer: C
Explanation:
Layered security is the practice of combining multiple mitigating security controls to protect resources and data.
Q569. Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?
A. Steganography
B. Hashing
C. Encryption
D. Digital Signatures
Answer: D
Explanation:
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.
Q570. An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?
A. Use encryption for the credential fields and hash the credit card field
B. Encrypt the username and hash the password
C. Hash the credential fields and use encryption for the credit card field
D. Hash both the credential fields and the credit card field
Answer: C
Explanation:
Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables. One main characteristic of hashing is that the algorithm must have few or no collisions – in hashing two different inputs does not give the same output. Thus the credential fields should be hashed because anyone customer will have a unique credit card number/identity and since they will use their credit cards for many different transactions, the credit card field should be encrypted only, not hashed.
