Getting Smart with: sy0 401 pdf

Exam Code: sy0 401 dump (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass comptia security+ study guide sy0 401 Exam.

2017 NEW RECOMMEND

Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/SY0-401-dumps.html

Q121. A company hired Joe, an accountant. The IT administrator will need to create a new account for 

Joe. The company uses groups for ease of management and administration of user accounts. 

Joe will need network access to all directories, folders and files within the accounting department. 

Which of the following configurations will meet the requirements? 

A. Create a user account and assign the user account to the accounting group. 

B. Create an account with role-based access control for accounting. 

C. Create a user account with password reset and notify Joe of the account creation. 

D. Create two accounts: a user account and an account with full network administration rights. 

Answer:

Explanation: 

Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role-based access control for accounting for Joe. 

Q122. Employee badges are encoded with a private encryption key and specific personal information. 

The encoding is then used to provide access to the network. Which of the following describes this access control type? 

A. Smartcard 

B. Token 

C. Discretionary access control 

D. Mandatory access control 

Answer:

Explanation: 

Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that can include data regarding the authorized bearer. This data can then be used for identification and/or authentication purposes. 

Q123. A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room? 

A. Man-in-the-middle 

B. Tailgating 

C. Impersonation 

D. Spoofing 

Answer:

Explanation: 

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. 

In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker. The server room locking system and any logging systems will ‘think’ that the coworker has entered the server room. 

Q124. Who should be contacted FIRST in the event of a security breach? 

A. Forensics analysis team 

B. Internal auditors 

C. Incident response team 

D. Software vendors 

Answer:

Explanation: 

A security breach is an incident and requires a response. The incident response team would be better equipped to deal with any incident insofar as all their procedures are concerned. Their procedures in addressing incidents are: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. 

Q125. Without validating user input, an application becomes vulnerable to all of the following EXCEPT: 

A. Buffer overflow. 

B. Command injection. 

C. Spear phishing. 

D. SQL injection. 

Answer:

Explanation: 

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. 

Q126. Which of the following provides the strongest authentication security on a wireless network? 

A. MAC filter 

B. WPA2 

C. WEP 

D. Disable SSID broadcast 

Answer:

Explanation: 

The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP. 

Q127. Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment? 

A. NoSQL databases are not vulnerable to XSRF attacks from the application server. 

B. NoSQL databases are not vulnerable to SQL injection attacks. 

C. NoSQL databases encrypt sensitive information by default. 

D. NoSQL databases perform faster than SQL databases on the same hardware. 

Answer:

Explanation: 

Q128. Which of the following is a management control? 

A. Logon banners 

B. Written security policy 

C. SYN attack prevention 

D. Access Control List (ACL) 

Answer:

Explanation: 

Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category. 

Q129. An administrator notices that former temporary employees’ accounts are still active on a domain. 

Which of the following can be implemented to increase security and prevent this from happening? 

A. Implement a password expiration policy. 

B. Implement an account expiration date for permanent employees. 

C. Implement time of day restrictions for all temporary employees. 

D. Run a last logon script to look for inactive accounts. 

Answer:

Explanation: 

You can run a script to return a list of all accounts that haven’t been used for a number of days, for example 30 days. If an account hasn’t been logged into for 30 days, it’s a safe bet that the user the account belonged to is no longer with the company. You can then disable all the accounts that the script returns. A disabled account cannot be used to log in to a system. This is a good security measure. As soon as an employee leaves the company, the employees account should always be disabled. 

Q130. Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords? 

A. Hybrid 

B. Birthday attack 

C. Dictionary 

D. Rainbow tables 

Answer:

Explanation: 

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.