★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html
Q271. The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?
A. Application hardening
B. Application firewall review
C. Application change management
D. Application patch management
Answer: C
Explanation:
Change management is the structured approach that is followed to secure a company’s assets.
Promoting code to application on a SMZ web server would be change management.
Q272. Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?
A. Proxies
B. Load balancers
C. Protocol analyzer
D. VPN concentrator
Answer: A
Explanation:
Q273. A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?
A. Implement a virtual firewall
B. Install HIPS on each VM
C. Virtual switches with VLANs
D. Develop a patch management guide
Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.
Q274. While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
A. 20
B. 21
C. 22
D. 68
E. 69
Answer: A,B
Explanation:
Q275. A company that has a mandatory vacation policy has implemented which of the following controls?
A. Risk control
B. Privacy control
C. Technical control
D. Physical control
Answer: A
Explanation:
Risk mitigation is done anytime you take steps to reduce risks. Thus mandatory vacation implementation is done as a risk control measure because it is a step that is taken as risk mitigation.
Q276. End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:
A. Date of birth.
B. First and last name.
C. Phone number.
D. Employer name.
Answer: A
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.
Q277. A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?
A. Leverage role-based access controls.
B. Perform user group clean-up.
C. Verify smart card access controls.
D. Verify SHA-256 for password hashes.
Answer: B
Explanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings.
Q278. Which of the following helps to apply the proper security controls to information?
A. Data classification
B. Deduplication
C. Clean desk policy
D. Encryption
Answer: A
Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. These categories make applying the appropriate policies and security controls practical.
Q279. RADIUS provides which of the following?
A. Authentication, Authorization, Availability
B. Authentication, Authorization, Auditing
C. Authentication, Accounting, Auditing
D. Authentication, Authorization, Accounting
Answer: D
Explanation:
The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. It is for this reason that A, B, and C: are incorrect.
References: http://en.wikipedia.org/wiki/RADIUS
Q280. Which of the following can be used to mitigate risk if a mobile device is lost?
A. Cable lock
B. Transport encryption
C. Voice encryption
D. Strong passwords
Answer: D
Explanation:
Passwords are the most likely mechanism that can be used to mitigate risk when a mobile device is lost. A strong password would be more difficult to crack.