Ucertify offers free demo for sy0 401 pdf exam. “CompTIA Security+ Certification”, also known as comptia security+ get certified get ahead sy0 401 study guide exam, is a CompTIA Certification. This set of posts, Passing the CompTIA comptia security+ sy0 401 exam, will help you answer those questions. The sy0 401 vce Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA comptia security+ study guide sy0 401 exams and revised by experts!
2017 NEW RECOMMEND
Free VCE & PDF File for CompTIA SY0-401 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q611. A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?
Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TPâs strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication. L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.
Q612. An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?
A. (Threats X vulnerability X asset value) x controls gap
B. (Threats X vulnerability X profit) x asset value
C. Threats X vulnerability X control gap
D. Threats X vulnerability X asset value
Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk.
Q613. An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?
A. Data encryption
B. Patching the system
C. Digital signatures
D. File hashing
Q614. Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?
C. Load balancing
Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy (but also add costs).
Q615. A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall?
A. PERMIT TCP FROM ANY 443 TO 188.8.131.52 443
B. PERMIT TCP FROM ANY ANY TO 184.108.40.206 ANY
C. PERMIT TCP FROM 220.127.116.11 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 18.104.22.168 443
Q616. An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?
A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention
A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.
Q617. Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?
A. Patch management
B. Application fuzzing
C. ID badge
D. Application configuration baseline
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Q618. Which of the following technologies uses multiple devices to share work?
B. Load balancing
D. VPN concentrator
Load balancing is a way of providing high availability by splitting the workload across multiple computers.
Q619. Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).
ALE (Annual Loss Expectancy) is equal to the SLE (Single Loss Expectancy) times the annualized rate of occurrence. SLE (Single Loss Expectancy) is equal to asset value (AV) times exposure factor (EF).
Q620. Which of the following devices will help prevent a laptop from being removed from a certain location?
A. Device encryption
B. Cable locks
C. GPS tracking
D. Remote data wipes
Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.