|PDF Version||Software Version|
100% Guarantee on Products High Success Rate, supported by our 99.3% pass rate history and money back guarantee should you fail your exam.
Updated regularly Get hold of Updated Exam Materials Every time. Free updates without any extra charges to the actual exam.
SY0-401 PDF Questions & Answers Available in a universal Adobe PDF format. Portable and printable anywhere anytime.
Quality and Value Exact Exam Questions with Correct Answers, verified by Experts with years of Experience in IT Field.
Customizable Testing Engine Simulates a real world exam environment to prepare you for SY0-401 Success.
Unlimited Practice SY0-401 Exam Re-takes Practice Until you get it right. With options to Highlight missed questions, you can analyse your mistakes and prepare for Ultimate SY0-401 Success.
Special Promotion More than 30% Discount for Royal Pack.
SY0-401 ( CompTIA Security+ Certification ) assessment would be the any craze amid Them pros. The volume of prospects pursuing that certification can be massive together with employers have a tendency to retain qualified pros. Begin money making the particular SY0-401 assessment right now might indicate substantial benefits in the future. Right after following while in the SY0-401 assessment youre going to be eligible as a CompTIA.
Q521. The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
A. Signature Based IDS
B. Heuristic IDS
C. Behavior Based IDS
D. Anomaly Based IDS
A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats.
Q522. An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes
Q523. Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
C. Disable SSID broadcast
D. Power down unused WAPs
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
Q524. Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?
A. Implement voice encryption, pop-up blockers, and host-based firewalls.
B. Implement firewalls, network access control, and strong passwords.
C. Implement screen locks, device encryption, and remote wipe capabilities.
D. Implement application patch management, antivirus, and locking cabinets.
Explanation: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
Q525. A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?
A. Create conduct policies prohibiting sharing credentials.
B. Enforce a policy shortening the credential expiration timeframe.
C. Implement biometric readers on laptops and restricted areas.
D. Install security cameras in areas containing sensitive systems.
Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials.
Q526. Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?
B. Physical Destruction
C. Lock up hard drives in a secure safe
The physical description of hard drives is the only secure means of disposing hard drives. This can include incineration, an acid bath, and crushing.
Q527. Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).
A. Scanning printing of documents.
B. Scanning of outbound IM (Instance Messaging).
C. Scanning copying of documents to USB.
D. Scanning of SharePoint document library.
E. Scanning of shared drives.
F. Scanning of HTTP user traffic.
DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy.
Q528. Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?
A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan
A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. Capturing and analyzing the
packets sent between applications on systems that are not communicating properly could help
determine the cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).
Q529. The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid?
A. Bank’s CRL
B. Bank’s private key
C. Bank’s key escrow
D. Bank’s recovery agent
The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.
Q530. During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?
A. Account recovery
B. Account disablement
C. Account lockouts
D. Account expiration
Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.