♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q651. Which of the following would a security administrator implement in order to identify change from the standard configuration on a server? 

A. Penetration test 

B. Code review 

C. Baseline review 

D. Design review 

Answer:

Explanation: 

The standard configuration on a server is known as the baseline. 

The IT baseline protection approach is a methodology to identify and implement computer security 

measures in an organization. The aim is the achievement of an adequate and appropriate level of 

security for IT systems. This is known as a baseline. 

A baseline report compares the current status of network systems in terms of security updates, 

performance or other metrics to a predefined set of standards (the baseline). 


Q652. Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image? 

A. Transport encryption 

B. Steganography 

C. Hashing 

D. Digital signature 

Answer:

Explanation: 

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message. 


Q653. If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing? 

A. Transitive trust 

B. Public key trust 

C. Certificate authority trust 

D. Domain level trust 

Answer:

Explanation: 

In transitive trusts, trust between a first party and a third party flows through a second party that is trusted by both the first party and the third party. 


Q654. Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration? 

A. Hard drive encryption 

B. Infrastructure as a service 

C. Software based encryption 

D. Data loss prevention 

Answer:

Explanation: 

Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It should be implemented using a hardware-based solution for greater speed. 


Q655. A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? 

A. Penetration test 

B. Vulnerability scan 

C. Load testing 

D. Port scanner 

Answer:

Explanation: 

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 


Q656. A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? 

A. 20 

B. 21 

C. 22 

D. 23 

Answer:

Explanation: 

When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default. 


Q657. A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability? 

A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes 

B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes 

C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes 

D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes 

Answer:

Explanation: 

We have an update to apply to fix the vulnerability. The update should be tested first in a lab environment, not on the production server to ensure it doesn’t cause any other problems with the server. After testing the update, we should backup the server to enable us to roll back any changes in the event of any unforeseen problems with the update. The question states that the server will require a reboot. This will result in downtime so you should schedule the downtime before installing the patch. After installing the update, you should monitor the server to ensure it is functioning correctly. 


Q658. A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO). 

A. Deny incoming connections to the outside router interface. 

B. Change the default HTTP port 

C. Implement EAP-TLS to establish mutual authentication 

D. Disable the physical switch ports 

E. Create a server VLAN 

F. Create an ACL to access the server 

Answer: E,F 

Explanation: 

We can protect the servers from the user devices by separating them into separate VLANs (virtual local area networks). 

The network device in the question is a router/switch. We can use the router to allow access from devices in one VLAN to the servers in the other VLAN. We can configure an ACL (Access Control List) on the router to determine who is able to access the server. 

In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN. This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. The network described in this question is a DMZ, not a VLAN. 


Q659. How must user accounts for exiting employees be handled? 

A. Disabled, regardless of the circumstances 

B. Disabled if the employee has been terminated 

C. Deleted, regardless of the circumstances 

D. Deleted if the employee has been terminated 

Answer:

Explanation: 

You should always disable an employee’s account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account. 


Q660. Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann: read/write 

Sales Group: read 

IT Group: no access 

If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe? 

A. Add Joe to the Sales group. 

B. Have the system administrator give Joe full access to the file. 

C. Give Joe the appropriate access to the file directly. 

D. Remove Joe from the IT group and add him to the Sales group. 

Answer:

Explanation: