[Updated] jk0-022 vs sy0-401

Practical of SY0-401 rapidshare materials and software for CompTIA certification for examinee, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2016 Jun SY0-401 Study Guide Questions:

Q21. Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following? 

A. Acceptable Use Policy 

B. Physical security controls 

C. Technical controls 

D. Security awareness training 

Answer: D 


Security awareness and training include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. A good security awareness training program for the entire organization should cover the following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures; Usage policies; Account and password-selection criteria as well as Social engineering prevention. 

Q22. A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this? 

A. External penetration test 

B. Internal vulnerability scan 

C. External vulnerability scan 

D. Internal penetration test 

Answer: C 


Q23. Identifying residual risk is MOST important to which of the following concepts? 

A. Risk deterrence 

B. Risk acceptance 

C. Risk mitigation 

D. Risk avoidance 

Answer: B 


Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance) 

SY0-401  exam guide

Up to the minute pass4sure security+ sy0-401:

Q24. An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA? 


B. Recovery agent 

C. Private key 


Answer: A 


In public key infrastructure (PKI) systems, a certificate signing request (also CSR or certification 

request) is a message sent from an applicant to a certificate authority in order to apply for a digital 

identity certificate. 

When you renew a certificate you send a CSR to the CA to get the certificate resigned. 

Q25. Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task? 

A. Fingerprinting and password crackers 

B. Fuzzing and a port scan 

C. Vulnerability scan and fuzzing 

D. Port scan and fingerprinting 

Answer: D 


Different services use different ports. When a service is enabled on a computer, a network port is opened for that service. For example, enabling the HTTP service on a web server will open port 80 on the server. By determining which ports are open on a remote server, we can determine which services are running on that server. A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. 

A port scan or portscan can be defined as a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. While not a nefarious process in and of itself, it is one used by hackers to probe target machine services with the aim of exploiting a known vulnerability of that service. However the majority of uses of a port scan are not attacks and are simple probes to determine services available on a remote machine. 

Fingerprinting is a means of ascertaining the operating system of a remote computer on a network. Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on network servers. Fingerprinting can be accomplished “passively” by sniffing network packets passing between hosts, or it can be accomplished “actively” by transmitting specially created packets to the target machine and analyzing the response 

Q26. An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence? 

A. Using a software file recovery disc 

B. Mounting the drive in read-only mode 

C. Imaging based on order of volatility 

D. Hashing the image after capture 

Answer: B 


Mounting the drive in read-only mode will prevent any executable commands from being executed. This is turn will have the least impact on potential evidence using the drive in question. 


High value security+ sy0-401 vce:

Q27. Several bins are located throughout a building for secure disposal of sensitive information. 

Which of the following does this prevent? 

A. Dumpster diving 

B. War driving 

C. Tailgating 

D. War chalking 

Answer: A 


The bins in this question will be secure bins designed to prevent someone accessing the ‘rubbish’ to learn sensitive information. Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. 

Q28. Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts? 

A. Two factor authentication 

B. Identification and authorization 

C. Single sign-on 

D. Single factor authentication 

Answer: A 


Two-factor authentication is when two different authentication factors are provided for 

authentication purposes. 

Speaking (Voice) – something they are. 

Passphrase – something they know. 

Q29. Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations? 

A. Vulnerabilities 

B. Risk 

C. Likelihood 

D. Threats 

Answer: A 


Q30. An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system? 

A. Data encryption 

B. Patching the system 

C. Digital signatures 

D. File hashing 

Answer: A 


About SY0-401 Information: SY0-401 Dumps