Realistic of sy0 401 practice exam test question materials and Q&A for CompTIA certification for candidates, Real Success Guaranteed with Updated sy0 401 braindump pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q531. Which of the following is the BEST approach to perform risk mitigation of user access control rights? 

A. Conduct surveys and rank the results. 

B. Perform routine user permission reviews. 

C. Implement periodic vulnerability scanning. 

D. Disable user accounts that have not been used within the last two weeks. 

Answer:

Explanation: 

Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions. 


Q532. Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network? 

A. NIPS 

B. HIDS 

C. HIPS 

D. NIDS 

Answer:

Explanation: 

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it 


Q533. Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability? 

A. Email Encryption 

B. Steganography 

C. Non Repudiation 

D. Access Control 

Answer:

Explanation: 

Nonrepudiation prevents one party from denying actions they carried out. 


Q534. Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following? 

A. Sender's private key 

B. Recipient's public key 

C. Sender's public key 

D. Recipient's private key 

Answer:

Explanation: 


Q535. The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO) 

A. Asset tracking 

B. Screen-locks 

C. GEO-Tracking 

D. Device encryption 

Answer: A,D 

Explanation: 

A: Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user. 

D: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 


Q536. Which of the following concepts is a term that directly relates to customer privacy considerations? 

A. Data handling policies 

B. Personally identifiable information 

C. Information classification 

D. Clean desk policies 

Answer:

Explanation: 

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. This has a direct relation to customer privacy considerations. 


Q537. Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? 

A. Internal account audits 

B. Account disablement 

C. Time of day restriction 

D. Password complexity 

Answer:

Explanation: 

Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed. 


Q538. Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network? 

A. DLP 

B. CRL 

C. TPM 

D. HSM 

Answer:

Explanation: 

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. 


Q539. Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this? 

A. Disable default SSID broadcasting. 

B. Use WPA instead of WEP encryption. 

C. Lower the access point’s power settings. 

D. Implement MAC filtering on the access point. 

Answer:

Explanation: 

If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so. 


Q540. Privilege creep among long-term employees can be mitigated by which of the following procedures? 

A. User permission reviews 

B. Mandatory vacations 

C. Separation of duties 

D. Job function rotation 

Answer:

Explanation: 

Privilege creep is the steady build-up of access rights beyond what a user requires to perform his/her task. Privilege creep can be decreased by conducting sporadic access rights reviews, which will confirm each user's need to access specific roles and rights in an effort to find and rescind excess privileges.