Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 811-820

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 811 – (Topic 4)

Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

  1. Patch management

  2. Application fuzzing

  3. ID badge

  4. Application configuration baseline

Answer: B Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 812 – (Topic 4)

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?

  1. Transitive trust

  2. Public key trust

  3. Certificate authority trust

  4. Domain level trust

Answer: A Explanation:

In transitive trusts, trust between a first party and a third party flows through a second party that is trusted by both the first party and the third party.

Question No: 813 – (Topic 4)

During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing.

Which of the following is MOST likely to protect the SCADA systems from misuse?

  1. Update anti-virus definitions on SCADA systems

  2. Audit accounts on the SCADA systems

  3. Install a firewall on the SCADA network

  4. Deploy NIPS at the edge of the SCADA network

Answer: D Explanation:

A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial processes.

A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and responding to network-based attacks originating from outside the organization.

Question No: 814 – (Topic 4)

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates.

Which of the following processes could MOST effectively mitigate these risks?

  1. Application hardening

  2. Application change management

  3. Application patch management

  4. Application firewall review

Answer: C Explanation:

The question states that operating system updates are applied but not other software updates. The ‘other software’ in this case would be applications. Software updates includes functionality updates and more importantly security updates. The process of applying software updates or ‘patches’ to applications is known as ‘application patch management’. Application patch management is an effective way of mitigating security risks associated with software applications.

Question No: 815 – (Topic 4)

Which of the following can be used to mitigate risk if a mobile device is lost?

  1. Cable lock

  2. Transport encryption

  3. Voice encryption

  4. Strong passwords

Answer: D Explanation:

Passwords are the most likely mechanism that can be used to mitigate risk when a mobile device is lost. A strong password would be more difficult to crack.

Question No: 816 – (Topic 4)

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

  1. Application patch management

  2. Cross-site scripting prevention

  3. Creating a security baseline

  4. System hardening

Answer: D Explanation:

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

Question No: 817 – (Topic 4)

A way to assure data at-rest is secure even in the event of loss or theft is to use:

  1. Full device encryption.

  2. Special permissions on the file system.

  3. Trusted Platform Module integration.

  4. Access Control Lists.

Answer: A Explanation:

Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Question No: 818 – (Topic 4)

The act of magnetically erasing all of the data on a disk is known as:

  1. Wiping

  2. Dissolution

  3. Scrubbing

  4. Degaussing

Answer: D Explanation:

Degaussing is a form a data wiping that entails the use of magnets to alter the magnetic structure of the storage medium.

Question No: 819 – (Topic 4)

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

  1. Input validation

  2. Network intrusion detection system

  3. Anomaly-based HIDS

  4. Peer review

Answer: A Explanation:

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input

submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Question No: 820 – (Topic 4)

Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

  1. Database encryption

  2. USB encryption

  3. Whole disk encryption

  4. TPM

Answer: D Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE