★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Master the comptia security+ get certified get ahead sy0 401 study guide CompTIA Security+ Certification content and be ready for exam day success quickly with this Exambible comptia sy0 401 exams. We guarantee it!We make it a reality and give you real sy0 401 practice test questions in our CompTIA comptia sy0 401 braindumps.Latest 100% VALID CompTIA comptia security+ sy0 401 Exam Questions Dumps at below page. You can use our CompTIA comptia sy0 401 braindumps and pass your exam.

Q171. A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal? 

A. NIDS 

B. NAC 

C. DLP 

D. DMZ 

E. Port Security 

Answer:

Explanation: 


Q172. A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices? 

A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware. 

B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops. 

C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access. 

D. Laptops that are placed in a sleep mode allow full data access when powered back on. 

Answer:

Explanation: 


Q173. An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important? 

A. A full scan must be run on the network after the DAT file is installed. 

B. The signatures must have a hash value equal to what is displayed on the vendor site. 

C. The definition file must be updated within seven days. 

D. All users must be logged off of the network prior to the installation of the definition file. 

Answer:

Explanation: 

A hash value can be used to uniquely identify secret information. This requires that the hash function is collision resistant, which means that it is very hard to find data that generate the same hash value and thus it means that in hashing two different inputs will not yield the same output. Thus the hash value must be equal to that displayed on the vendor site. 


Q174. A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this? 

A. Transport Encryption 

B. Stream Encryption 

C. Digital Signature 

D. Steganography 

Answer:

Explanation: 


Q175. A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented? 

A. Guards 

B. CCTV 

C. Bollards 

D. Spike strip 

Answer:

Explanation: 

A guard can be intimidating and respond to a situation and in a case where you want to limit an individual’s access to a sensitive area a guard would be the most effective. 


Q176. Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? 

A. Restoration and recovery strategies 

B. Deterrent strategies 

C. Containment strategies 

D. Detection strategies 

Answer:

Explanation: 

Containment strategies is used to limit damages, contain a loss so that it may be controlled, much like quarantine, and loss incident isolation. 


Q177. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? 

A. Conditional rules under which certain systems may be accessed 

B. Matrix of job titles with required access privileges 

C. Clearance levels of all company personnel 

D. Normal hours of business operation 

Answer:

Explanation: 

Role-based access control is a model where access to resources is determines by job role rather than by user account. 

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. 

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role. 


Q178. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a: 

A. stateful firewall 

B. packet-filtering firewall 

C. NIPS 

D. NAT 

Answer:

Explanation: 

NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request. 


Q179. Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation? 

A. Implement WPA 

B. Disable SSID 

C. Adjust antenna placement 

D. Implement WEP 

Answer:

Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP. 


Q180. Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction? 

A. Virus 

B. Logic bomb 

C. Spyware 

D. Adware 

Answer:

Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity.