Certified of comptia security+ study guide sy0 401 actual exam materials and software for CompTIA certification for IT examinee, Real Success Guaranteed with Updated sy0 401 practice exam pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!
P.S. Certified SY0-401 software are available on Google Drive, GET MORE: https://drive.google.com/open?id=1mIqwTVora9VA21sCf6K3hvnTPQZdXe_t
New CompTIA SY0-401 Exam Dumps Collection (Question 4 - Question 13)
Question No: 4
A network administrator has identified port 21 being open and the lack of an IDS as a potential risk to the company. Due to budget constraints, FTP is the only option that the company can is to transfer data and network equipment cannot be purchased. Which of the following is this known as?
A. Risk transference
B. Risk deterrence
C. Risk acceptance
D. Risk avoidance
Answer: C
Question No: 5
A university has a building that holds the power generators for the entire campus. A risk assessment was completed for the university and the generator building was labeled as a high risk. Fencing and lighting was installed to reduce risk. Which of the following security goals would this meet?
A. Load balancing
B. Non-repudiation
C. Disaster recovery
D. Physical security
Answer: D
Question No: 6
During a code review a software developer discovers a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risk. Executive management has decided that the code will not be rewritten. This is an example of:
A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk acceptance
Answer: D
Question No: 7
A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?
A. Replace FTP with SFTP and replace HTTP with TLS
B. Replace FTP with FTPS and replaces HTTP with TFTP
C. Replace FTP with SFTP and replace HTTP with Telnet
D. Replace FTP with FTPS and replaces HTTP with IPSec
Answer: B
Question No: 8
A security technician would like to use ciphers that generate ephemeral keys for secure communication. Which of the following algorithms support ephemeral modes? (Select TWO)
A. Diffie-Hellman
B. RC4
C. RIPEMO
D. NTLMv2
E. PAP
F. RSA
Answer: A,F
Question No: 9
A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and supports authenticated encryption. Which of the following would meet these objectives?
A. CFB
B. GCM
C. ECB
D. CBC
Answer: C
Question No: 10
A security analyst has a sample of malicious software and needs to know what the sample does. The analyst runs the sample in a carefully-controlled and monitored virtual machine to observe the softwareu2021s behavior. The approach of malware analysis can BEST be described as:
A. Static testing
B. Security control testing
C. White box testing
D. Sandboxing
Answer: D
Question No: 11
Which of the following can be used to control specific commands that can be executed on a network infrastructure device?
A. LDAP
B. Kerberos
C. SAML
D. TACACS+
Answer: D
Question No: 12
An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft?
A. Enable screensaver locks when the phones are not in use to prevent unauthorized access
B. Configure the smart phones so that the stored data can be destroyed from a centralized location
C. Configure the smart phones so that all data is saved to removable media and kept separate from the device
D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered
Answer: A
Question No: 13
Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?
A. Registration
B. CA
C. CRL
D. Recovery agent
Answer: C
Explanation:
Certificates or keys for the terminated employee should be put in the CRL.
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.
By checking the CRL you can check if a particular certificate has been revoked.
100% Replace CompTIA SY0-401 Questions & Answers shared by Certifytools, Get HERE: https://www.certifytools.com/SY0-401-exam.html (New 1789 Q&As)