[Free] 2018(July) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 221-230

By | July 17, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 221 – (Topic 2)

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

  1. The request needs to be sent to the incident management team.

  2. The request needs to be approved through the incident management process.

  3. The request needs to be approved through the change management process.

  4. The request needs to be sent to the change management team.

Answer: C Explanation:

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. Thus the actual switch configuration should first be subject to the change management approval.

Question No: 222 – (Topic 2)

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

  1. Installing anti-malware

  2. Implementing an IDS

  3. Taking a baseline configuration

  4. Disabling unnecessary services

Answer: D Explanation:

Preventive controls are to stop something from happening. These can include locked doors that keep intruders out, user training on potential harm (to keep them vigilant and alert), or even biometric devices and guards that deny access until authentication has occurred. By disabling all unnecessary services you would be reducing the attack surface because then there is less opportunity for risk incidents to happen. There are many risks with having many services enabled since a service can provide an attack vector that someone could exploit against your system. It is thus best practice to enable only those services that are absolutely required.

Question No: 223 – (Topic 2)

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

  1. Symmetric cryptography.

  2. Private key cryptography.

  3. Salting.

  4. Rainbow tables.

Answer: C Explanation:

Salting can be used to strengthen the hashing when the passwords were encrypted. Though hashing is a one-way algorithm it does not mean that it cannot be hacked. One method to hack a hash is though rainbow tables and salt is the counter measure to rainbow tables. With salt a password that you typed in and that has been encrypted with a hash will yield a letter combination other than what you actually types in when it is rainbow table attacked.

Question No: 224 – (Topic 2)

Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?

  1. Warm site

  2. Load balancing

  3. Clustering

  4. RAID

Answer: C Explanation:

Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy.

Server clustering is used to provide failover capabilities / redundancy in addition to scalability as demand increases.

Question No: 225 – (Topic 2)

A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?

  1. High availability

  2. Load balancing

  3. Backout contingency plan

  4. Clustering

Answer: A Explanation:

High availability (HA) refers to the measures used to keep services and systems operational during an outage. In short, the goal is to provide all services to all users, where they need them and when they need them. With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).

Question No: 226 – (Topic 2)

An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

  1. A full scan must be run on the network after the DAT file is installed.

  2. The signatures must have a hash value equal to what is displayed on the vendor site.

  3. The definition file must be updated within seven days.

  4. All users must be logged off of the network prior to the installation of the definition file.

Answer: B Explanation:

A hash value can be used to uniquely identify secret information. This requires that the hash function is collision resistant, which means that it is very hard to find data that generate the same hash value and thus it means that in hashing two different inputs will not yield the same output. Thus the hash value must be equal to that displayed on the vendor


Question No: 227 – (Topic 2)

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

  1. User rights reviews

  2. Least privilege and job rotation

  3. Change management

  4. Change Control

Answer: A Explanation:

A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their ‘new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.

Question No: 228 – (Topic 2)

What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?

  1. Enticement

  2. Entrapment

  3. Deceit

  4. Sting

Answer: A Explanation:

Enticement is the process of luring someone into your plan or trap.

Question No: 229 – (Topic 2)

An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?

  1. (Threats X vulnerability X asset value) x controls gap

  2. (Threats X vulnerability X profit) x asset value

  3. Threats X vulnerability X control gap

  4. Threats X vulnerability X asset value

Answer: D Explanation:

Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk.

Question No: 230 – (Topic 2)

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

  1. User Awareness

  2. Acceptable Use Policy

  3. Personal Identifiable Information

  4. Information Sharing

Answer: C Explanation:

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training.

100% Dumps4cert Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Dumps4cert Pass Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.