What to do with sy0 401 pdf

It is impossible to pass CompTIA comptia security+ sy0 401 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed CompTIA sy0 401 practice test practice questions. You will get a surprising result by our Renew CompTIA Security+ Certification practice guides.

2018 NEW RECOMMEND

Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html

Q151. A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. 

Which of the following describes this cause? 

A. Application hardening 

B. False positive 

C. Baseline code review 

D. False negative 

Answer:

Explanation: 

False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. 

Q152. Layer 7 devices used to prevent specific types of html tags are called: 

A. Firewalls 

B. Content filters 

C. Routers 

D. NIDS 

Answer:

Explanation: 

A content filter is a is a type of software designed to restrict or control the content a reader is authorised to access, particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model. 

Q153. Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company’s new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company’s network resources. Which of the following is the BEST service for Ann to implement? 

A. RADIUS 

B. LDAP 

C. SAML 

D. TACACS+ 

Answer:

Explanation: 

The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. 

Q154. Which of the following uses port 22 by default? (Select THREE). 

A. SSH 

B. SSL 

C. TLS 

D. SFTP 

E. SCP 

F. FTPS 

G. SMTP 

H. SNMP 

Answer: A,D,E 

Explanation: 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. 

Q155. Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts? 

A. Availability 

B. Integrity 

C. Accounting 

D. Confidentiality 

Answer:

Explanation: 

Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity. 

Q156. An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform? 

A. Vulnerability scan 

B. Risk assessment 

C. Virus scan 

D. Network sniffer 

Answer:

Explanation: 

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise. 

Q157. Which of the following should a security technician implement to identify untrusted certificates? 

A. CA 

B. PKI 

C. CRL 

D. Recovery agent 

Answer:

Explanation: 

Untrusted certificates and keys are revoked and put into the CRL. Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. 

Q158. A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage? 

A. Deduplication is not compatible with encryption 

B. The exports are being stored on smaller SAS drives 

C. Encrypted files are much larger than unencrypted files 

D. The SAN already uses encryption at rest 

Answer:

Explanation: 

Encryption adds overhead to the data which results in and increase in file size. This overhead is attached to each file and could include the encryption/decryption key, data recovery files and data decryption field in file header. As a result, requires increased storage space. 

Q159. Which of the following BEST represents the goal of a vulnerability assessment? 

A. To test how a system reacts to known threats 

B. To reduce the likelihood of exploitation 

C. To determine the system’s security posture 

D. To analyze risk mitigation strategies 

Answer:

Explanation: 

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 

Q160. Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario? 

A. Baseline Reporting 

B. Capability Maturity Model 

C. Code Review 

D. Quality Assurance and Testing 

Answer:

Explanation: