CompTIA SY0-401 ExamCompTIA Security+ Certification

Total Question: 1781 Last Updated: November 01,2017
  • Updated SY0-401 Dumps
  • Based on Real SY0-401 Exams Scenarios
  • Free SY0-401 pdf Demo Available
  • Check out our SY0-401 Dumps in a new PDF format
  • Instant SY0-401 download
  • Guarantee SY0-401 success in first attempt

Price: $65.95 $29.99

Buy Now Free Trial

Secrets to sy0 401 study guide pdf

Your success in CompTIA sy0 401 practice exam is our sole target and we develop all our security+ sy0 401 braindumps in a way that facilitates the attainment of this target. Not only is our comptia security+ get certified get ahead sy0 401 study guide study material the best you can find, it is also the most detailed and the most updated. comptia security+ get certified get ahead sy0 401 study guide Practice Exams for CompTIA Security+ sy0 401 pdf are written to the highest standards of technical accuracy.

Q121. Key elements of a business impact analysis should include which of the following tasks? 

A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes. 

B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates. 

C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management. 

D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential. 



The key components of a Business impact analysis (BIA) include: Identifying Critical Functions Prioritizing Critical Business Functions Calculating a Timeframe for Critical Systems Loss Estimating the Tangible and Intangible Impact on the Organization 

Q122. Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective? 



C. Kerberos 

D. Diameter 



Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by including new commands and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP). 

Q123. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? 

A. Conditional rules under which certain systems may be accessed 

B. Matrix of job titles with required access privileges 

C. Clearance levels of all company personnel 

D. Normal hours of business operation 



Role-based access control is a model where access to resources is determines by job role rather than by user account. 

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. 

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role. 

Q124. XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. 

The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement? 

A. Social media policy 

B. Data retention policy 

C. CCTV policy 

D. Clean desk policy 



Clean Desk Policy Information on a desk—in terms of printouts, pads of note paper, sticky notes, and the like—can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. 

Q125. A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often? 

A. Create an incremental backup of an unpatched PC 

B. Create an image of a patched PC and replicate it to servers 

C. Create a full disk image to restore after each installation 

D. Create a virtualized sandbox and utilize snapshots 



Q126. Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Sara using? 

A. Confidentiality 

B. Compliance 

C. Integrity 

D. Availability 



Integrity means the message can’t be altered without detection. 

Q127. Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly? 

A. Baseline reporting 

B. Input validation 

C. Determine attack surface 

D. Design reviews 



When implementing systems and software, an important step is the design of the systems and 

software. The systems and software should be designed to ensure that the system works as 

intended and is secure. 

The design review assessment examines the ports and protocols used, the rules, segmentation, 

and access control in the system or application. A design review is basically a check to ensure that 

the design of the system meets the security requirements. 

Q128. Which of the following network devices is used to analyze traffic between various network interfaces? 

A. Proxies 

B. Firewalls 

C. Content inspection 

D. Sniffers 



A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. 

Q129. When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers. 

Which of the following is the MOST likely reason for the unusual results? 

A. The user is attempting to highjack the web server session using an open-source browser. 

B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks. 

C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website. 

D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website. 



The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table. 

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 

Q130. Which of the following would provide the STRONGEST encryption? 

A. Random one-time pad 

B. DES with a 56-bit key 

C. AES with a 256-bit key 

D. RSA with a 1024-bit key 



One-time pads are the only truly completely secure cryptographic implementations. 

They are so secure for two reasons. First, they use a key that is as long as a plaintext message. 

That means there is no pattern in the key application for an attacker to use. Also, one-time pad 

keys are used only once and then discarded. So even if you could break a one-time pad cipher, 

that same key would never be used again, so knowledge of the key would be useless. 

Related SY0-401 Articles

best-it-exam-    | for-our-work-    | hottst-on-sale-    | it-sale-    | tast-dumps-us-    | test-king-number-    | pass-do-it-    | just-do-it-    | pass-with-us-    | passresults-everything-    | passtutor-our-dumps-    | realtests-us-exam-    | latest-update-source-for-    | cbtnuggets-sale-exam    | experts-revised-exam    | certguide-sale-exam    | test4actual-sale-exam    | get-well-prepared-    | certkiller-sale-exam    | buy-discount-dumps    | how-to-get-prepared-for-the    | in-an-easy-way    | brain-dumps-sale    | with-pass-exam-guarantee    | accurate-study-material    | at-first-try    | 100%-successful-rate    | get-certification-easily    | material-provider-exam    | real-exam-practice    | with-pass-score-guarantee    | certification-material-provider    | for-certification-professionals    | get-your-certification-successfully    | 100%-Pass-Rate    | in-pdf-file    | practice-exam-for    | it-study-guides    | study-material-sku    | study-guide-pdf    | prep-guide-demo    | certification-material-id    | actual-tests-demo    | brain-demos-test    | best-pdf-download    | our-certification-material    | best-practice-test    | leading-provider-on    | this-course-is-about    | the-most-reliable    | high-pass-rate-of    | money-back-guarantee    | high-pass-rate-demo    | recenty-updated-key    | only-for-students-free-download    | courseware-plus-kit-for    | accurate-answers-of    | the-most-reliable-id    | provide-training-for    | welcome-to-buy    | material-for-success-pass    | provide-free-support    | best-book-for-pass    | accuracy-of-the-answers    | pass-guarantee-id    |    |    |