[Free] 2018(July) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 311-320

By | July 17, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 311 – (Topic 2)

A company#39;s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

  1. Risk

  2. Asset

  3. Threat

  4. Vulnerability

Answer: C Explanation:

Threat is basically anything that can take advantage of any vulnerability that may be found. When the CIO realizes that the company cannot continue to operate after a disaster, the disaster is then the threat to the company.

Question No: 312 – (Topic 2)

The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?

  1. Unannounced audit response

  2. Incident response process

  3. Business continuity planning

  4. Unified threat management

  5. Disaster recovery process

Answer: B Explanation:

The Incident response policy outlines the processes that should be followed when an incident occurs. Thus when a CSO is contacted by a first responder and then assign a handler for the incident it is clearly the incident response process that is put in practice.

Question No: 313 – (Topic 2)

Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?

  1. Record time offset

  2. Clean desk policy

  3. Cloud computing

  4. Routine log review

Answer: B Explanation:

Clean Desk Policy Information on a desk-in terms of printouts, pads of note paper, sticky

notes, and the like-can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This will mitigate the risk of data loss when applied.

Question No: 314 – (Topic 2)

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

  1. Hardware load balancing

  2. RAID

  3. A cold site

  4. A host standby

Answer: B Explanation:

Fault tolerance is the ability of a system to sustain operations in the event of a component failure. Fault-tolerant systems can continue operation even though a critical component, such as a disk drive, has failed. This capability involves overengineering systems by adding redundant components and subsystems. RAID can achieve fault tolerance using software which can be done using the existing hardware and software.

Question No: 315 – (Topic 2)

An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies?

  1. IDS

  2. Firewalls

  3. DLP

  4. IPS

Answer: C Explanation:

A Data Loss Prevention technology is aimed at detecting and preventing unauthorized access to, use of, or transmission of sensitive information such as credit card details.

Question No: 316 – (Topic 2)

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

  1. Mandatory access

  2. Rule-based access control

  3. Least privilege

  4. Job rotation

Answer: C Explanation:

A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.

Question No: 317 – (Topic 2)

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

  1. Date of birth.

  2. First and last name.

  3. Phone number.

  4. Employer name.

Answer: A Explanation:

Personally identifiable information (PII) is a catchall for any data that can be used to

uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.

Question No: 318 – (Topic 2)

Which of the following statements is MOST likely to be included in the security awareness training about P2P?

  1. P2P is always used to download copyrighted material.

  2. P2P can be used to improve computer system response.

  3. P2P may prevent viruses from entering the network.

  4. P2P may cause excessive network bandwidth.

Answer: D Explanation:

P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network.

Question No: 319 – (Topic 2)

Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

  1. Train employees on correct data disposal techniques and enforce policies.

  2. Only allow employees to enter or leave through one door at specified times of the day.

  3. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.

  4. Train employees on risks associated with social engineering attacks and enforce policies.

Answer: D Explanation:

Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. Many social engineering intruders needing physical access to a site

will use this method of gaining entry. Educate users to beware of this and other social engineering ploys and prevent them from happening.

Question No: 320 – (Topic 2)

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

  1. NIDS

  2. CCTV

  3. Firewall

  4. NIPS

Answer: B Explanation:

CCTV are an excellent way to deter unwanted activity and it records the occurrence of the event, in case it does happen. Cameras can be placed to watch points of entry, to monitor activities around valuable assets as well as provide additional protection in areas such as parking areas and walkways.

100% Dumps4cert Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Dumps4cert Pass Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.