Ultimate Guide: sy0 401 study guide pdf

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q391. Which of the following network architecture concepts is used to securely isolate at the boundary between networks? 

A. VLAN 

B. Subnetting 

C. DMZ 

D. NAT 

Answer: C 

Explanation: 

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall. 

Q392. Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems? 

A. Acceptable Use Policy 

B. Privacy Policy 

C. Security Policy 

D. Human Resource Policy 

Answer: A 

Explanation: 

Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. 

Q393. Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of. 

A. Scarcity 

B. Familiarity 

C. Intimidation 

D. Trust 

Answer: A 

Explanation: 

Scarcity, in the area of social psychology, works much like scarcity in the area of economics. Simply put, humans place a higher value on an object that is scarce, and a lower value on those that are abundant. The thought that we, as humans, want something we cannot have drives us to desire the object even more. This idea is deeply embedded in the intensely popular, “Black Friday” shopping extravaganza that U.S. consumers participate in every year on the day after Thanksgiving. More than getting a bargain on a hot gift idea, shoppers thrive on the competition itself, in obtaining the scarce product. 

In this question, people want the brand new latest version of a smartphone. The temptation of being one of the first to get the new phone will tempt people into clicking the link in the email. 

Q394. Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks? 

A. Protocol filter 

B. Load balancer 

C. NIDS 

D. Layer 7 firewall 

Answer: D 

Explanation: 

An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model. 

Q395. Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach? 

A. $1,500 

B. $3,750 

C. $15,000 

D. $75,000 

Answer: B 

Explanation: 

SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO 

is the annualized rate of occurrence. 

SLE = 250 x $300; ARO = 5% 

$75000 x 0.05 = $3750 

Q396. Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? 

A. WAF 

B. NIDS 

C. Routers 

D. Switches 

Answer: A 

Explanation: 

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified. 

As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer. 

Q397. Which of the following tests a number of security controls in the least invasive manner? 

A. Vulnerability scan 

B. Threat assessment 

C. Penetration test 

D. Ping sweep 

Answer: A 

Explanation: 

Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning. A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 

Q398. Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). 

A. Tethering 

B. Screen lock PIN 

C. Remote wipe 

D. Email password 

E. GPS tracking 

F. Device encryption 

Answer: C,F 

Explanation: 

C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. 

F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 

Q399. The security administrator installed a newly generated SSL certificate onto the company web server. Due to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised? 

A. The file containing the recovery agent’s keys. 

B. The file containing the public key. 

C. The file containing the private key. 

D. The file containing the server’s encrypted passwords. 

Answer: B 

Explanation: 

The public key can be made available to everyone. There is no need to reissue the certificate. 

Q400. Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed? 

A. Role-based 

B. Mandatory 

C. Discretionary 

D. Rule-based 

Answer: C 

Explanation: