[Free] 2018(July) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 361-370

By | July 17, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 361 – (Topic 2)

Which of the following concepts is a term that directly relates to customer privacy considerations?

  1. Data handling policies

  2. Personally identifiable information

  3. Information classification

  4. Clean desk policies

Answer: B Explanation:

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. This has a direct relation to customer privacy considerations.

Question No: 362 – (Topic 2)

A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?

  1. Fencing

  2. Mantrap

  3. A guard

  4. Video surveillance

Answer: B Explanation:

Mantraps make use of electronic locks and are designed to allow you to limit the amount of individual allowed access to an area at any one time.

Question No: 363 – (Topic 2)

Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).

  1. Authentication

  2. Data leakage

  3. Compliance

  4. Malware

  5. Non-repudiation

  6. Network loading

Answer: B,C,D Explanation:

In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed.

Data leakage, compliance and Malware issues are all issues concerning data ownership and backup which are both impacted on by corporate IM.

Question No: 364 – (Topic 2)

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

  1. Information Security Awareness

  2. Social Media and BYOD

  3. Data Handling and Disposal

  4. Acceptable Use of IT Systems

Answer: A Explanation:

Education and training with regard to Information Security Awareness will reduce the risk of data leaks and as such forms an integral part of Security Awareness. By employing social engineering data can be leaked by employees and only when company users are made aware of the methods of social engineering via Information Security Awareness Training, you can reduce the risk of data leaks.

Question No: 365 – (Topic 2)

Which of the following fire suppression systems is MOST likely used in a datacenter?

  1. FM-200

  2. Dry-pipe

  3. Wet-pipe

  4. Vacuum

Answer: A Explanation:

FM200 is a gas and the principle of a gas system is that it displaces the oxygen in the room, thereby removing this essential component of a fi re. in a data center is is the preferred choice of fire suppressant.

Question No: 366 – (Topic 2)

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.

The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

  1. Social media policy

  2. Data retention policy

  3. CCTV policy

  4. Clean desk policy

Answer: D Explanation:

Clean Desk Policy Information on a desk-in terms of printouts, pads of note paper, sticky notes, and the like-can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

Question No: 367 – (Topic 2)

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

  1. Password reuse

  2. Phishing

  3. Social engineering

  4. Tailgating

Answer: D Explanation:

Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. This should be prevented in this case.

Question No: 368 – (Topic 2)

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

  1. Mandatory vacations

  2. Job rotation

  3. Least privilege

  4. Time of day restrictions

Answer: C Explanation:

A least privilege policy is to give users only the permissions that they need to do their work and no more. That is only allowing security administrators to be able to make changes to the firewall by practicing the least privilege principle.

Question No: 369 – (Topic 2)

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

  1. Privacy Policy

  2. Least Privilege

  3. Acceptable Use

  4. Mandatory Vacations

Answer: D Explanation:

When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.

Question No: 370 – (Topic 2)

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

  1. TCP/IP socket design review

  2. Executable code review

  3. OS Baseline comparison

  4. Software architecture review

Answer: C


Zero-Day Exploits begin exploiting holes in any software the very day it is discovered. It is very difficult to respond to a zero-day exploit. Often, the only thing that you as a security administrator can do is to turn off the service. Although this can be a costly undertaking in terms of productivity, it is the only way to keep the network safe. In this case you want to check if the executable file is malicious. Since a baseline represents a secure state is would be possible to check the nature of the executable file in an isolated environment against the OS baseline.

100% Dumps4cert Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Dumps4cert Pass Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.